source: postlfs/security/mitkrb.xml@ f91ceaa

10.0 10.1 11.0 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since f91ceaa was f91ceaa, checked in by Randy McMurchy <randy@…>, 15 years ago

Updated to MIT Kerberos V5-1.6; also overhauled the instructions to fit the updated version and included enhancements to the instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6383 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 29.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.6/krb5-&mitkrb-version;-signed.tar">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "a365e39ff7d39639556c2797a0e1c3f4">
10 <!ENTITY mitkrb-size "12.0 MB">
11 <!ENTITY mitkrb-buildsize "124 MB">
12 <!ENTITY mitkrb-time "1.4 SBU">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para><application>MIT Kerberos V5</application> is a free implementation
33 of Kerberos 5. Kerberos is a network authentication protocol. It
34 centralizes the authentication database and uses kerberized
35 applications to work with servers or services that support Kerberos
36 allowing single logins and encrypted communication over internal
37 networks or the Internet.</para>
38
39 <bridgehead renderas="sect3">Package Information</bridgehead>
40 <itemizedlist spacing="compact">
41 <listitem>
42 <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
43 </listitem>
44 <listitem>
45 <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
46 </listitem>
47 <listitem>
48 <para>Download MD5 sum: &mitkrb-md5sum;</para>
49 </listitem>
50 <listitem>
51 <para>Download size: &mitkrb-size;</para>
52 </listitem>
53 <listitem>
54 <para>Estimated disk space required: &mitkrb-buildsize;</para>
55 </listitem>
56 <listitem>
57 <para>Estimated build time: &mitkrb-time;</para>
58 </listitem>
59 </itemizedlist>
60
61 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
62
63 <bridgehead renderas="sect4">Optional</bridgehead>
64 <para role="optional"><xref linkend="linux-pam"/>
65 (for <command>xdm</command> based logins),
66 <xref linkend="openldap"/>, and
67 <xref linkend="dejagnu"/> (required to run the test suite)</para>
68
69 <note>
70 <para>Some sort of time synchronization facility on your system (like
71 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if
72 there is a time difference between a kerberized client and the
73 KDC server.</para>
74 </note>
75
76 <para condition="html" role="usernotes">User Notes:
77 <ulink url="&blfs-wiki;/mitkrb"/></para>
78
79 </sect2>
80
81 <sect2 role="installation">
82 <title>Installation of MIT Kerberos V5</title>
83
84 <para><application>MIT Kerberos V5</application> is distributed in a
85 TAR file containing a compressed TAR package and a detached PGP
86 <filename class="extension">ASC</filename> file. You'll need to unpack
87 the distribution tar file, then unpack the compressed tar file before
88 starting the build.</para>
89
90 <para>After unpacking the distribution tarball and if you have
91 <xref linkend="gnupg"/> installed, you can
92 authenticate the package with the following command:</para>
93
94<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
95
96 <para>Build <application>MIT Kerberos V5</application> by running the
97 following commands:</para>
98
99<screen><userinput>cd src &amp;&amp;
100./configure CPPFLAGS="-I/usr/include/et -I/usr/include/ss" \
101 --prefix=/usr \
102 --sysconfdir=/etc/krb5 \
103 --localstatedir=/var/lib \
104 --with-system-et \
105 --with-system-ss \
106 --enable-dns-for-realm \
107 --mandir=/usr/share/man &amp;&amp;
108make</userinput></screen>
109
110 <para>The regression test suite is designed to be run after the
111 installation has been completed.</para>
112
113 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115<screen role="root"><userinput>make install &amp;&amp;
116
117mv -v /usr/bin/ksu /bin &amp;&amp;
118chmod -v 755 /bin/ksu &amp;&amp;
119mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
120mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
121mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
122
123ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
124ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
125ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so&amp;&amp;
126
127install -m644 -v ../doc/*.info* /usr/share/info &amp;&amp;
128for INFOFILE in 425 5-admin 5-install 5-user; do
129 install-info --info-dir=/usr/share/info \
130 /usr/share/info/krb$INFOFILE.info
131 rm ../doc/krb$INFOFILE.info*
132done &amp;&amp;
133
134install -m755 -v -d /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
135cp -Rv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
136
137 <warning>
138 <para><command>login.krb5</command> does not support
139 <application>Shadow</application> passwords. As a result, when the
140 Kerberos server is unavailable, the default fall through to
141 <filename>/etc/password</filename> will not work because
142 the passwords have been moved to <filename>/etc/shadow</filename> during
143 the LFS build process. Entering the following
144 commands without moving the passwords back to
145 <filename>/etc/password</filename> could prevent any logins.</para>
146 </warning>
147
148 <para>After considering (and understanding) the above warning, the
149 following commands can be entered as the
150 <systemitem class="username">root</systemitem> user to replace the
151 existing <command>login</command> program with the Kerberized
152 version (after preserving the original) and move the support libraries
153 to a location available when the
154 <filename class='directory'>/usr</filename> filesystem is
155 not mounted:</para>
156
157<screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &amp;&amp;
158install -m755 -v /usr/sbin/login.krb5 /bin/login &amp;&amp;
159
160mv -v /usr/lib/libdes425.so.3* /lib &amp;&amp;
161mv -v /usr/lib/libkrb4.so.2* /lib &amp;&amp;
162
163ln -v -sf ../../lib/libdes425.so.3.0 /usr/lib/libdes425.so &amp;&amp;
164ln -v -sf ../../lib/libkrb4.so.2.0 /usr/lib/libkrb4.so &amp;&amp;
165
166ldconfig</userinput></screen>
167
168 <!--
169 <para>If <application>CrackLib</application> is installed, or if any
170 word list has been put in
171 <filename class='directory'>/usr/share/dict</filename>, the following
172 should be entered as the <systemitem class="username">root</systemitem>
173 user:</para>
174
175<screen role="root"><userinput>ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict</userinput></screen>
176 -->
177
178 <para>To test the installation, you must have
179 <xref linkend="dejagnu"/> installed and issue: <command>make
180 check</command>. The RPC layer tests will require a portmap daemon
181 (see <xref linkend="portmap"/>) running and configured to listen on the
182 regular network interface (not localhost). See the <quote>Testing the
183 Build</quote> section of the <filename>krb5-install.html</filename> file
184 in the <filename class='directory'>../doc</filename> directory for complete
185 information on running the regression tests.</para>
186
187 </sect2>
188
189 <sect2 role="commands">
190 <title>Command Explanations</title>
191
192 <para><parameter>--enable-dns-for-realm</parameter>: This parameter allows
193 realms to be resolved using the DNS server.</para>
194
195 <para><parameter>--with-system-et</parameter>: This parameter causes the
196 build to use the system-installed versions of the error-table support
197 software.</para>
198
199 <para><parameter>--with-system-ss</parameter>: This parameter causes the
200 build to use the system-installed versions of the subsystem command-line
201 interface software.</para>
202
203 <para><parameter>--localstatedir=/var/lib</parameter>: This parameter is
204 used so that the Kerberos variable run-time data is located in
205 <filename class='directory'>/var/lib</filename> instead of
206 <filename class='directory'>/usr/var</filename>.</para>
207
208 <!-- <para><parameter>- -enable-static</parameter>: This switch builds static
209 libraries in addition to the shared libraries.</para> -->
210
211 <para><command>mv -v /usr/bin/ksu /bin</command>: Moves the
212 <command>ksu</command> program to the
213 <filename class="directory">/bin</filename> directory so that it is
214 available when the <filename class="directory">/usr</filename>
215 filesystem is not mounted.</para>
216
217 <para><command>mv -v ... /lib &amp;&amp; ln -v -sf ...</command>:
218 These libraries are moved to <filename class="directory">/lib</filename> so
219 they are available when the <filename class="directory">/usr</filename>
220 filesystem is not mounted.</para>
221
222 </sect2>
223
224 <sect2 role="configuration">
225 <title>Configuring MIT Kerberos V5</title>
226
227 <sect3 id="krb5-config">
228 <title>Config Files</title>
229
230 <para><filename>/etc/krb5/krb5.conf</filename> and
231 <filename>/var/lib/krb5kdc/kdc.conf</filename></para>
232
233 <indexterm zone="mitkrb krb5-config">
234 <primary sortas="e-etc-krb5-krb5.conf">/etc/krb5/krb5.conf</primary>
235 </indexterm>
236
237 <indexterm zone="mitkrb krb5-config">
238 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
239 </indexterm>
240
241 </sect3>
242
243 <sect3>
244 <title>Configuration Information</title>
245
246 <sect4>
247 <title>Kerberos Configuration</title>
248
249 <tip>
250 <para>You should consider installing some sort of password checking
251 dictionary so that you can configure the installation to only
252 accept strong passwords. A suitable dictionary to use is shown in
253 the <xref linkend="cracklib"/> instructions. Note that only one
254 file can be used, but you can concatenate many files into one. The
255 configuration file shown below assumes you have installed a
256 dictionary to <filename>/usr/share/dict/words</filename>.</para>
257 </tip>
258
259 <para>Create the Kerberos configuration file with the following
260 commands issued by the <systemitem class="username">root</systemitem>
261 user:</para>
262
263<screen role="root"><userinput>install -v -m755 -d /etc/krb5 &amp;&amp;
264cat &gt; /etc/krb5/krb5.conf &lt;&lt; "EOF"
265<literal># Begin /etc/krb5/krb5.conf
266
267[libdefaults]
268 default_realm = <replaceable>&lt;LFS.ORG&gt;</replaceable>
269 encrypt = true
270
271[realms]
272 <replaceable>&lt;LFS.ORG&gt;</replaceable> = {
273 kdc = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
274 admin_server = <replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
275 dict_file = /usr/share/dict/words
276 }
277
278[domain_realm]
279 .<replaceable>&lt;lfs.org&gt;</replaceable> = <replaceable>&lt;LFS.ORG&gt;</replaceable>
280
281[logging]
282 kdc = SYSLOG[:INFO[:AUTH]]
283 admin_server = SYSLOG[INFO[:AUTH]]
284 default = SYSLOG[[:SYS]]
285
286# End /etc/krb5/krb5.conf</literal>
287EOF</userinput></screen>
288
289 <para>You will need to substitute your domain and proper hostname
290 for the occurences of the <replaceable>&lt;belgarath&gt;</replaceable> and
291 <replaceable>&lt;lfs.org&gt;</replaceable> names.</para>
292
293 <para><option>default_realm</option> should be the name of your
294 domain changed to ALL CAPS. This isn't required, but both
295 <application>Heimdal</application> and MIT recommend it.</para>
296
297 <para><option>encrypt = true</option> provides encryption of all
298 traffic between kerberized clients and servers. It's not necessary
299 and can be left off. If you leave it off, you can encrypt all traffic
300 from the client to the server using a switch on the client program
301 instead.</para>
302
303 <para>The <option>[realms]</option> parameters tell the client
304 programs where to look for the KDC authentication services.</para>
305
306 <para>The <option>[domain_realm]</option> section maps a domain to
307 a realm.</para>
308
309 <para>Create the KDC database:</para>
310
311<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;LFS.ORG&gt;</replaceable> -s</userinput></screen>
312
313 <para>Now you should populate the database with principles
314 (users). For now, just use your regular login name or
315 <systemitem class="username">root</systemitem>.</para>
316
317<screen role="root"><userinput>kadmin.local
318<prompt>kadmin:</prompt> add_policy dict-only
319<prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
320
321 <para>The KDC server and any machine running kerberized
322 server daemons must have a host key installed:</para>
323
324<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
325
326 <para>After choosing the defaults when prompted, you will have to
327 export the data to a keytab file:</para>
328
329<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
330
331 <para>This should have created a file in
332 <filename class="directory">/etc/krb5</filename> named
333 <filename>krb5.keytab</filename> (Kerberos 5). This file should
334 have 600 (<systemitem class="username">root</systemitem> rw only)
335 permissions. Keeping the keytab files from public access is crucial
336 to the overall security of the Kerberos installation.</para>
337
338 <para>Eventually, you'll want to add server daemon principles to the
339 database and extract them to the keytab file. You do this in the same
340 way you created the host principles. Below is an example:</para>
341
342<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable>
343<prompt>kadmin:</prompt> ktadd ftp/<replaceable>&lt;belgarath.lfs.org&gt;</replaceable></userinput></screen>
344
345 <para>Exit the <command>kadmin</command> program (use
346 <command>quit</command> or <command>exit</command>) and return
347 back to the shell prompt. Start the KDC daemon manually, just to
348 test out the installation:</para>
349
350<screen role='root'><userinput>/usr/sbin/krb5kdc &amp;</userinput></screen>
351
352 <para>Attempt to get a ticket with the following command:</para>
353
354<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
355
356 <para>You will be prompted for the password you created. After you
357 get your ticket, you can list it with the following command:</para>
358
359<screen><userinput>klist</userinput></screen>
360
361 <para>Information about the ticket should be displayed on the
362 screen.</para>
363
364 <para>To test the functionality of the keytab file, issue the
365 following command:</para>
366
367<screen><userinput>ktutil
368<prompt>ktutil:</prompt> rkt /etc/krb5/krb5.keytab
369<prompt>ktutil:</prompt> l</userinput></screen>
370
371 <para>This should dump a list of the host principal, along with
372 the encryption methods used to access the principal.</para>
373
374 <para>At this point, if everything has been successful so far, you
375 can feel fairly confident in the installation and configuration of
376 the package.</para>
377
378 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
379 script included in the <xref linkend="bootscripts"/>
380 package.</para>
381
382<screen role="root"><userinput>make install-kerberos</userinput></screen>
383
384 </sect4>
385
386 <sect4>
387 <title>Using Kerberized Client Programs</title>
388
389 <para>To use the kerberized client programs (<command>telnet</command>,
390 <command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
391 <command>rlogin</command>), you first must get an authentication ticket.
392 Use the <command>kinit</command> program to get the ticket. After you've
393 acquired the ticket, you can use the kerberized programs to connect to
394 any kerberized server on the network. You will not be prompted for
395 authentication until your ticket expires (default is one day), unless
396 you specify a different user as a command line argument to the
397 program.</para>
398
399 <para>The kerberized programs will connect to non kerberized daemons,
400 warning you that authentication is not encrypted.</para>
401
402 </sect4>
403
404 <sect4>
405 <title>Using Kerberized Server Programs</title>
406
407 <para>Using kerberized server programs (<command>telnetd</command>,
408 <command>kpropd</command>, <command>klogind</command> and
409 <command>kshd</command>) requires two additional configuration steps.
410 First the <filename>/etc/services</filename> file must be updated to
411 include eklogin and krb5_prop. Second, the
412 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
413 must be modified for each server that will be activated, usually
414 replacing the server from <xref linkend="inetutils"/>.</para>
415
416 </sect4>
417
418 <sect4>
419 <title>Additional Information</title>
420
421 <para>For additional information consult <ulink
422 url="http://web.mit.edu/kerberos/www/krb5-1.6/#documentation">
423 Documentation for krb-&mitkrb-version;</ulink> on which the above
424 instructions are based.</para>
425
426 </sect4>
427
428 </sect3>
429
430 </sect2>
431
432 <sect2 role="content">
433 <title>Contents</title>
434 <para></para>
435
436 <segmentedlist>
437 <segtitle>Installed Programs</segtitle>
438 <segtitle>Installed Libraries</segtitle>
439 <segtitle>Installed Directories</segtitle>
440
441 <seglistitem>
442 <seg>ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
443 kadmin.local, kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist,
444 klogind, kpasswd, kprop, kpropd, krb5-config, krb5-send-pr, krb524d,
445 krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
446 rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
447 uuclient, uuserver and v4rcp</seg>
448 <seg>libdes425.so, libgssapi_krb5.so,
449 libgssrpc.so, libk5crypto.so, libkadm5clnt.so, libkadm5srv.so,
450 libkdb5.so, libkdb_ldap.so, libkrb4.so, libkrb5.so and
451 libkrb5support.so</seg>
452 <seg>/etc/krb5, /usr/include/{gssapi,gssrpc,kerberosIV,krb5},
453 /usr/lib/krb5, /usr/share/{doc/krb5-&mitkrb-version;,examples,gnats}
454 and /var/lib/krb5kdc</seg>
455 </seglistitem>
456 </segmentedlist>
457
458 <variablelist>
459 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
460 <?dbfo list-presentation="list"?>
461 <?dbhtml list-presentation="table"?>
462
463 <varlistentry id="ftp-mitkrb">
464 <term><command>ftp</command></term>
465 <listitem>
466 <para>is a kerberized FTP client.</para>
467 <indexterm zone="mitkrb ftp-mitkrb">
468 <primary sortas="b-ftp">ftp</primary>
469 </indexterm>
470 </listitem>
471 </varlistentry>
472
473 <varlistentry id="ftpd-mitkrb">
474 <term><command>ftpd</command></term>
475 <listitem>
476 <para>is a kerberized FTP daemon.</para>
477 <indexterm zone="mitkrb ftpd-mitkrb">
478 <primary sortas="b-ftpd">ftpd</primary>
479 </indexterm>
480 </listitem>
481 </varlistentry>
482
483 <varlistentry id="k5srvutil">
484 <term><command>k5srvutil</command></term>
485 <listitem>
486 <para>is a host keytable manipulation utility.</para>
487 <indexterm zone="mitkrb k5srvutil">
488 <primary sortas="b-k5srvutil">k5srvutil</primary>
489 </indexterm>
490 </listitem>
491 </varlistentry>
492
493 <varlistentry id="kadmin-mitkrb">
494 <term><command>kadmin</command></term>
495 <listitem>
496 <para>is an utility used to make modifications
497 to the Kerberos database.</para>
498 <indexterm zone="mitkrb kadmin-mitkrb">
499 <primary sortas="b-kadmin">kadmin</primary>
500 </indexterm>
501 </listitem>
502 </varlistentry>
503
504 <varlistentry id="kadmind-mitkrb">
505 <term><command>kadmind</command></term>
506 <listitem>
507 <para>is a server for administrative access
508 to a Kerberos database.</para>
509 <indexterm zone="mitkrb kadmind-mitkrb">
510 <primary sortas="b-kadmind">kadmind</primary>
511 </indexterm>
512 </listitem>
513 </varlistentry>
514
515 <varlistentry id="kdb5_util">
516 <term><command>kdb5_util</command></term>
517 <listitem>
518 <para>is the KDC database utility.</para>
519 <indexterm zone="mitkrb kdb5_util">
520 <primary sortas="b-kdb5_util">kdb5_util</primary>
521 </indexterm>
522 </listitem>
523 </varlistentry>
524
525 <varlistentry id="kdestroy-mitkrb">
526 <term><command>kdestroy</command></term>
527 <listitem>
528 <para>removes the current set of tickets.</para>
529 <indexterm zone="mitkrb kdestroy-mitkrb">
530 <primary sortas="b-kdestroy">kdestroy</primary>
531 </indexterm>
532 </listitem>
533 </varlistentry>
534
535 <varlistentry id="kinit-mitkrb">
536 <term><command>kinit</command></term>
537 <listitem>
538 <para>is used to authenticate to the Kerberos server as a
539 principal and acquire a ticket granting ticket that can
540 later be used to obtain tickets for other services.</para>
541 <indexterm zone="mitkrb kinit-mitkrb">
542 <primary sortas="b-kinit">kinit</primary>
543 </indexterm>
544 </listitem>
545 </varlistentry>
546
547 <varlistentry id="klist-mitkrb">
548 <term><command>klist</command></term>
549 <listitem>
550 <para>reads and displays the current tickets in
551 the credential cache.</para>
552 <indexterm zone="mitkrb klist-mitkrb">
553 <primary sortas="b-klist">klist</primary>
554 </indexterm>
555 </listitem>
556 </varlistentry>
557
558 <varlistentry id="klogind">
559 <term><command>klogind</command></term>
560 <listitem>
561 <para>is the server that responds to <command>rlogin</command>
562 requests.</para>
563 <indexterm zone="mitkrb klogind">
564 <primary sortas="b-klogind">klogind</primary>
565 </indexterm>
566 </listitem>
567 </varlistentry>
568
569 <varlistentry id="kpasswd-mitkrb">
570 <term><command>kpasswd</command></term>
571 <listitem>
572 <para>is a program for changing Kerberos 5 passwords.</para>
573 <indexterm zone="mitkrb kpasswd-mitkrb">
574 <primary sortas="b-kpasswd">kpasswd</primary>
575 </indexterm>
576 </listitem>
577 </varlistentry>
578
579 <varlistentry id="kprop">
580 <term><command>kprop</command></term>
581 <listitem>
582 <para>takes a principal database in a specified format and
583 converts it into a stream of database records.</para>
584 <indexterm zone="mitkrb kprop">
585 <primary sortas="b-kprop">kprop</primary>
586 </indexterm>
587 </listitem>
588 </varlistentry>
589
590 <varlistentry id="kpropd">
591 <term><command>kpropd</command></term>
592 <listitem>
593 <para>receives a database sent by <command>kprop</command>
594 and writes it as a local database.</para>
595 <indexterm zone="mitkrb kpropd">
596 <primary sortas="b-kpropd">kpropd</primary>
597 </indexterm>
598 </listitem>
599 </varlistentry>
600
601 <varlistentry id="krb5-config-prog2">
602 <term><command>krb5-config</command></term>
603 <listitem>
604 <para>gives information on how to link programs against
605 libraries.</para>
606 <indexterm zone="mitkrb krb5-config-prog2">
607 <primary sortas="b-krb5-config">krb5-config</primary>
608 </indexterm>
609 </listitem>
610 </varlistentry>
611
612 <varlistentry id="krb5kdc">
613 <term><command>krb5kdc</command></term>
614 <listitem>
615 <para>is a Kerberos 5 server.</para>
616 <indexterm zone="mitkrb krb5kdc">
617 <primary sortas="b-krb5kdc">krb5kdc</primary>
618 </indexterm>
619 </listitem>
620 </varlistentry>
621
622 <varlistentry id="kshd">
623 <term><command>kshd</command></term>
624 <listitem>
625 <para>is the server that responds to <command>rsh</command>
626 requests.</para>
627 <indexterm zone="mitkrb kshd">
628 <primary sortas="b-kshd">kshd</primary>
629 </indexterm>
630 </listitem>
631 </varlistentry>
632
633 <varlistentry id="ksu">
634 <term><command>ksu</command></term>
635 <listitem>
636 <para>is the super user program using Kerberos protocol.
637 Requires a properly configured
638 <filename class="directory">/etc/shells</filename> and
639 <filename>~/.k5login</filename> containing principals
640 authorized to become super users.</para>
641 <indexterm zone="mitkrb ksu">
642 <primary sortas="b-ksu">ksu</primary>
643 </indexterm>
644 </listitem>
645 </varlistentry>
646
647 <varlistentry id="ktutil-mitkrb">
648 <term><command>ktutil</command></term>
649 <listitem>
650 <para>is a program for managing Kerberos keytabs.</para>
651 <indexterm zone="mitkrb ktutil-mitkrb">
652 <primary sortas="b-ktutil">ktutil</primary>
653 </indexterm>
654 </listitem>
655 </varlistentry>
656
657 <varlistentry id="kvno">
658 <term><command>kvno</command></term>
659 <listitem>
660 <para>prints keyversion numbers of Kerberos principals.</para>
661 <indexterm zone="mitkrb kvno">
662 <primary sortas="b-kvno">kvno</primary>
663 </indexterm>
664 </listitem>
665 </varlistentry>
666
667 <varlistentry id="login.krb5">
668 <term><command>login.krb5</command></term>
669 <listitem>
670 <para>is a kerberized login program.</para>
671 <indexterm zone="mitkrb login">
672 <primary sortas="b-login.krb5">login.krb5</primary>
673 </indexterm>
674 </listitem>
675 </varlistentry>
676
677 <varlistentry id="rcp-mitkrb">
678 <term><command>rcp</command></term>
679 <listitem>
680 <para>is a kerberized rcp client program.</para>
681 <indexterm zone="mitkrb rcp-mitkrb">
682 <primary sortas="b-rcp">rcp</primary>
683 </indexterm>
684 </listitem>
685 </varlistentry>
686
687 <varlistentry id="rlogin">
688 <term><command>rlogin</command></term>
689 <listitem>
690 <para>is a kerberized rlogin client program.</para>
691 <indexterm zone="mitkrb rlogin">
692 <primary sortas="b-rlogin">rlogin</primary>
693 </indexterm>
694 </listitem>
695 </varlistentry>
696
697 <varlistentry id="rsh-mitkrb">
698 <term><command>rsh</command></term>
699 <listitem>
700 <para>is a kerberized rsh client program.</para>
701 <indexterm zone="mitkrb rsh-mitkrb">
702 <primary sortas="b-rsh">rsh</primary>
703 </indexterm>
704 </listitem>
705 </varlistentry>
706
707 <varlistentry id="telnet-mitkrb">
708 <term><command>telnet</command></term>
709 <listitem>
710 <para>is a kerberized telnet client program.</para>
711 <indexterm zone="mitkrb telnet-mitkrb">
712 <primary sortas="b-telnet">telnet</primary>
713 </indexterm>
714 </listitem>
715 </varlistentry>
716
717 <varlistentry id="telnetd-mitkrb">
718 <term><command>telnetd</command></term>
719 <listitem>
720 <para>is a kerberized telnet server.</para>
721 <indexterm zone="mitkrb telnetd-mitkrb">
722 <primary sortas="b-telnetd">telnetd</primary>
723 </indexterm>
724 </listitem>
725 </varlistentry>
726
727 <varlistentry id="libgssapi_krb5-mitkrb">
728 <term><filename class='libraryfile'>libgssapi_krb5.so</filename></term>
729 <listitem>
730 <para>contain the Generic Security Service Application
731 Programming Interface (GSSAPI) functions which provides security
732 services to callers in a generic fashion, supportable with a range of
733 underlying mechanisms and technologies and hence allowing source-level
734 portability of applications to different environments.</para>
735 <indexterm zone="mitkrb libgssapi_krb5-mitkrb">
736 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
737 </indexterm>
738 </listitem>
739 </varlistentry>
740
741 <varlistentry id="libkadm5clnt-mitkrb">
742 <term><filename class='libraryfile'>libkadm5clnt.so</filename></term>
743 <listitem>
744 <para>contains the administrative authentication and password
745 checking functions required by Kerberos 5 client-side programs.</para>
746 <indexterm zone="mitkrb libkadm5clnt-mitkrb">
747 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
748 </indexterm>
749 </listitem>
750 </varlistentry>
751
752 <varlistentry id="libkadm5srv-mitkrb">
753 <term><filename class='libraryfile'>libkadm5srv.so</filename></term>
754 <listitem>
755 <para>contain the administrative authentication and password
756 checking functions required by Kerberos 5 servers.</para>
757 <indexterm zone="mitkrb libkadm5srv-mitkrb">
758 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
759 </indexterm>
760 </listitem>
761 </varlistentry>
762
763 <varlistentry id="libkdb5">
764 <term><filename class='libraryfile'>libkdb5.so</filename></term>
765 <listitem>
766 <para>is a Kerberos 5 authentication/authorization database
767 access library.</para>
768 <indexterm zone="mitkrb libkdb5">
769 <primary sortas="c-libkdb5">libkdb5.so</primary>
770 </indexterm>
771 </listitem>
772 </varlistentry>
773
774 <varlistentry id="libkrb5-mitkrb">
775 <term><filename class='libraryfile'>libkrb5.so</filename></term>
776 <listitem>
777 <para>is an all-purpose Kerberos 5 library.</para>
778 <indexterm zone="mitkrb libkrb5-mitkrb">
779 <primary sortas="c-libkrb5">libkrb5.so</primary>
780 </indexterm>
781 </listitem>
782 </varlistentry>
783
784 </variablelist>
785
786 </sect2>
787
788</sect1>
Note: See TracBrowser for help on using the repository browser.