source: postlfs/security/mitkrb.xml@ fa2c610

10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 gimp3 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since fa2c610 was fa2c610, checked in by Douglas R. Reno <renodr@…>, 4 years ago

Update to vala-0.50.2
Update to cmake-3.19.0
Update to libksba-1.5.0
Update to tcsh-6.22.03
Update to umockdev-0.15.1
Update to krb5-1.18.3 (Security Update)
Update to Net-DNS-1.29 (Perl Module)

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23917 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 31.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY mitkrb-download-http "https://kerberos.org/dist/krb5/&mitkrb-major-version;/krb5-&mitkrb-version;.tar.gz">
8 <!ENTITY mitkrb-download-ftp " ">
9 <!ENTITY mitkrb-md5sum "a64e8018a7572e0b4bd477c745129ffc">
10 <!ENTITY mitkrb-size "8.3 MB">
11 <!ENTITY mitkrb-buildsize "138 MB (add 24 MB for tests)">
12 <!ENTITY mitkrb-time "0.8 SBU (add 4.4 SBU for tests)">
13]>
14
15<sect1 id="mitkrb" xreflabel="MIT Kerberos V5-&mitkrb-version;">
16 <?dbhtml filename="mitkrb.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>MIT Kerberos V5-&mitkrb-version;</title>
24
25 <indexterm zone="mitkrb">
26 <primary sortas="a-MIT-Kerberos">MIT Kerberos V5</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to MIT Kerberos V5</title>
31
32 <para>
33 <application>MIT Kerberos V5</application> is a free implementation
34 of Kerberos 5. Kerberos is a network authentication protocol. It
35 centralizes the authentication database and uses kerberized
36 applications to work with servers or services that support Kerberos
37 allowing single logins and encrypted communication over internal
38 networks or the Internet.
39 </para>
40
41 &lfs10_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&mitkrb-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &mitkrb-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &mitkrb-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &mitkrb-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &mitkrb-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">MIT Kerberos V5 Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Optional</bridgehead>
80 <para role="optional">
81 <!-- <xref linkend="dejagnu"/> (for full test coverage), -->
82 <xref linkend="gnupg2"/> (to authenticate the package),
83 <xref linkend="keyutils"/>,
84 <xref linkend="openldap"/>,<!-- Seems so that mit has its own
85 implementation of rpc now.
86 <xref linkend="rpcbind"/> (used during the testsuite),-->
87 <xref linkend="valgrind"/> (used during the testsuite),
88 <ulink url="http://thrysoee.dk/editline/">libedit</ulink>,
89 <ulink url="https://cmocka.org/">cmocka</ulink>,
90 <ulink url="https://pypi.org/project/pyrad/">pyrad</ulink>, and
91 <ulink url="https://cwrap.org/resolv_wrapper.html">resolv_wrapper</ulink>
92 </para>
93
94 <note>
95 <para>
96 Some sort of time synchronization facility on your system (like
97 <xref linkend="ntp"/>) is required since Kerberos won't authenticate
98 if there is a time difference between a kerberized client and the
99 KDC server.
100 </para>
101 </note>
102
103 <para condition="html" role="usernotes">User Notes:
104 <ulink url="&blfs-wiki;/mitkrb"/>
105 </para>
106 </sect2>
107
108 <sect2 role="installation">
109 <title>Installation of MIT Kerberos V5</title>
110
111 <para>
112 Build <application>MIT Kerberos V5</application> by running the
113 following commands:
114 </para>
115
116<screen><userinput>cd src &amp;&amp;
117
118sed -i -e 's@\^u}@^u cols 300}@' tests/dejagnu/config/default.exp &amp;&amp;
119sed -i -e '/eq 0/{N;s/12 //}' plugins/kdb/db2/libdb2/test/run.test &amp;&amp;
120
121./configure --prefix=/usr \
122 --sysconfdir=/etc \
123 --localstatedir=/var/lib \
124 --with-system-et \
125 --with-system-ss \
126 --with-system-verto=no \
127 --enable-dns-for-realm &amp;&amp;
128make</userinput></screen>
129
130 <para>
131 To test the build, issue as the <systemitem
132 class="username">root</systemitem> user: <command>make -k -j1 check</command>.
133 <!-- You need at least <xref link end="tcl"/>, which is used to drive the
134 testsuite. Furthermore, <xref link end="dejagnu"/> must be available for
135 some of the tests to run.--> If you have a former version of MIT Kerberos V5
136 installed, it may happen that the test suite may pick up the installed
137 versions of the libraries, rather than the newly built ones. If so, it is
138 better to run the tests after the installation.
139 <!-- Note: on my laptop -j8 fails but -j1 passes -->
140 </para>
141
142 <para>
143 Now, as the <systemitem class="username">root</systemitem> user:
144 </para>
145
146<screen role="root"><userinput>make install &amp;&amp;
147
148for f in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \
149 kdb5 kdb_ldap krad krb5 krb5support verto ; do
150
151 find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;
152done &amp;&amp;
153
154mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
155mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
156mv -v /usr/lib/libkrb5support.so.0* /lib &amp;&amp;
157
158ln -v -sf ../../lib/libkrb5.so.3.3 /usr/lib/libkrb5.so &amp;&amp;
159ln -v -sf ../../lib/libk5crypto.so.3.1 /usr/lib/libk5crypto.so &amp;&amp;
160ln -v -sf ../../lib/libkrb5support.so.0.1 /usr/lib/libkrb5support.so &amp;&amp;
161
162mv -v /usr/bin/ksu /bin &amp;&amp;
163chmod -v 755 /bin/ksu &amp;&amp;
164
165install -v -dm755 /usr/share/doc/krb5-&mitkrb-version; &amp;&amp;
166cp -vfr ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen>
167
168 </sect2>
169
170 <sect2 role="commands">
171 <title>Command Explanations</title>
172
173 <para>
174 The first sed increases the width of the virtual terminal used for some
175 tests to prevent some spurious text in the output which is taken as a
176 failure. The second <command>sed</command> removes a test that is known
177 to fail.
178 </para>
179
180 <para>
181 <parameter>--localstatedir=/var/lib</parameter>: This option is
182 used so that the Kerberos variable run-time data is located in
183 <filename class="directory">/var/lib</filename> instead of
184 <filename class="directory">/usr/var</filename>.
185 </para>
186
187 <para>
188 <parameter>--with-system-et</parameter>: This switch causes the build
189 to use the system-installed versions of the error-table support
190 software.
191 </para>
192
193 <para>
194 <parameter>--with-system-ss</parameter>: This switch causes the build
195 to use the system-installed versions of the subsystem command-line
196 interface software.
197 </para>
198
199 <para>
200 <parameter>--with-system-verto=no</parameter>: This switch fixes a bug in
201 the package: it does not recognize its own verto library installed
202 previously. This is not a problem, if reinstalling the same version,
203 but if you are updating, the old library is used as system's one,
204 instead of installing the new version.
205 </para>
206
207 <para>
208 <parameter>--enable-dns-for-realm</parameter>: This switch allows
209 realms to be resolved using the DNS server.
210 </para>
211
212 <para>
213 <option>--with-ldap</option>: Use this switch if you want to compile the
214 <application>OpenLDAP</application> database backend module.
215 </para>
216
217 <para>
218 <command>mv -v /usr/lib/libk... /lib </command> and
219 <command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
220 Move critical libraries to the
221 <filename class="directory">/lib</filename> directory so that they are
222 available when the <filename class="directory">/usr</filename>
223 filesystem is not mounted.
224 </para>
225
226 <para>
227 <command>find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;</command>:
228 This command changes the permisison of installed libraries.
229 </para>
230
231 <para>
232 <command>mv -v /usr/bin/ksu /bin</command>: Moves the
233 <command>ksu</command> program to the
234 <filename class="directory">/bin</filename> directory so that it is
235 available when the <filename class="directory">/usr</filename>
236 filesystem is not mounted.
237 </para>
238
239 </sect2>
240
241 <sect2 role="configuration">
242 <title>Configuring MIT Kerberos V5</title>
243
244 <sect3 id="krb5-config">
245 <title>Config Files</title>
246
247 <para>
248 <filename>/etc/krb5.conf</filename> and
249 <filename>/var/lib/krb5kdc/kdc.conf</filename>
250 </para>
251
252 <indexterm zone="mitkrb krb5-config">
253 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
254 </indexterm>
255
256 <indexterm zone="mitkrb krb5-config">
257 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
258 </indexterm>
259
260 </sect3>
261
262 <sect3>
263 <title>Configuration Information</title>
264
265 <sect4>
266 <title>Kerberos Configuration</title>
267
268 <tip>
269 <para>
270 You should consider installing some sort of password checking
271 dictionary so that you can configure the installation to only
272 accept strong passwords. A suitable dictionary to use is shown in
273 the <xref linkend="cracklib"/> instructions. Note that only one
274 file can be used, but you can concatenate many files into one. The
275 configuration file shown below assumes you have installed a
276 dictionary to <filename>/usr/share/dict/words</filename>.
277 </para>
278 </tip>
279
280 <para>
281 Create the Kerberos configuration file with the following
282 commands issued by the <systemitem class="username">root</systemitem>
283 user:
284 </para>
285
286<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
287<literal># Begin /etc/krb5.conf
288
289[libdefaults]
290 default_realm = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
291 encrypt = true
292
293[realms]
294 <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> = {
295 kdc = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
296 admin_server = <replaceable>&lt;belgarath.example.org&gt;</replaceable>
297 dict_file = /usr/share/dict/words
298 }
299
300[domain_realm]
301 .<replaceable>&lt;example.org&gt;</replaceable> = <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable>
302
303[logging]
304 kdc = SYSLOG:INFO:AUTH
305 admin_server = SYSLOG:INFO:AUTH
306 default = SYSLOG:DEBUG:DAEMON
307
308# End /etc/krb5.conf</literal>
309EOF</userinput></screen>
310
311 <para>
312 You will need to substitute your domain and proper hostname for the
313 occurrences of the <replaceable>&lt;belgarath&gt;</replaceable> and
314 <replaceable>&lt;example.org&gt;</replaceable> names.
315 </para>
316
317 <para>
318 <option>default_realm</option> should be the name of your
319 domain changed to ALL CAPS. This isn't required, but both
320 <application>Heimdal</application> and MIT recommend it.
321 </para>
322
323 <para>
324 <option>encrypt = true</option> provides encryption of all traffic
325 between kerberized clients and servers. It's not necessary and can
326 be left off. If you leave it off, you can encrypt all traffic from
327 the client to the server using a switch on the client program
328 instead.
329 </para>
330
331 <para>
332 The <option>[realms]</option> parameters tell the client programs
333 where to look for the KDC authentication services.
334 </para>
335
336 <para>
337 The <option>[domain_realm]</option> section maps a domain to a realm.
338 </para>
339
340 <para>
341 Create the KDC database:
342 </para>
343
344<screen role="root"><userinput>kdb5_util create -r <replaceable>&lt;EXAMPLE.ORG&gt;</replaceable> -s</userinput></screen>
345
346 <para>
347 Now you should populate the database with principals
348 (users). For now, just use your regular login name or
349 <systemitem class="username">root</systemitem>.
350 </para>
351
352<screen role="root"><userinput>kadmin.local
353<prompt>kadmin.local:</prompt> add_policy dict-only
354<prompt>kadmin.local:</prompt> addprinc -policy dict-only <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
355
356 <para>
357 The KDC server and any machine running kerberized
358 server daemons must have a host key installed:
359 </para>
360
361<screen role="root"><userinput><prompt>kadmin.local:</prompt> addprinc -randkey host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
362
363 <para>
364 After choosing the defaults when prompted, you will have to
365 export the data to a keytab file:
366 </para>
367
368<screen role="root"><userinput><prompt>kadmin.local:</prompt> ktadd host/<replaceable>&lt;belgarath.example.org&gt;</replaceable></userinput></screen>
369
370 <para>
371 This should have created a file in
372 <filename class="directory">/etc</filename> named
373 <filename>krb5.keytab</filename> (Kerberos 5). This file should
374 have 600 (<systemitem class="username">root</systemitem> rw only)
375 permissions. Keeping the keytab files from public access is crucial
376 to the overall security of the Kerberos installation.
377 </para>
378
379 <para>
380 Exit the <command>kadmin</command> program (use
381 <command>quit</command> or <command>exit</command>) and return
382 back to the shell prompt. Start the KDC daemon manually, just to
383 test out the installation:
384 </para>
385
386<screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen>
387
388 <para>
389 Attempt to get a ticket with the following command:
390 </para>
391
392<screen><userinput>kinit <replaceable>&lt;loginname&gt;</replaceable></userinput></screen>
393
394 <para>
395 You will be prompted for the password you created. After you
396 get your ticket, you can list it with the following command:
397 </para>
398
399<screen><userinput>klist</userinput></screen>
400
401 <para>
402 Information about the ticket should be displayed on the
403 screen.
404 </para>
405
406 <para>
407 To test the functionality of the keytab file, issue the
408 following command as the
409 <systemitem class="username">root</systemitem> user:
410 </para>
411
412<screen role="root"><userinput>ktutil
413<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
414<prompt>ktutil:</prompt> l</userinput></screen>
415
416 <para>
417 This should dump a list of the host principal, along with
418 the encryption methods used to access the principal.
419 </para>
420
421 <para>
422 Create an empty ACL file that can be modified later:
423 </para>
424
425<screen role="root"><userinput>touch /var/lib/krb5kdc/kadm5.acl</userinput></screen>
426
427 <para>
428 At this point, if everything has been successful so far, you
429 can feel fairly confident in the installation and configuration of
430 the package.
431 </para>
432
433 </sect4>
434
435 <sect4>
436 <title>Additional Information</title>
437
438 <para>
439 For additional information consult the <ulink
440 url="http://web.mit.edu/kerberos/www/krb5-&mitkrb-major-version;/#documentation">
441 documentation for krb5-&mitkrb-version;</ulink> on which the above
442 instructions are based.
443 </para>
444
445 </sect4>
446
447 </sect3>
448
449 <sect3 id="mitkrb-init">
450 <title><phrase revision="sysv">Init Script</phrase>
451 <phrase revision="systemd">Systemd Unit</phrase></title>
452
453 <para revision="sysv">
454 If you want to start <application>Kerberos</application> services
455 at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
456 script included in the <xref linkend="bootscripts"/> package using
457 the following command:
458 </para>
459
460 <para revision="systemd">
461 If you want to start <application>Kerberos</application> services
462 at boot, install the <filename>krb5.service</filename> unit included in
463 the <xref linkend="systemd-units"/> package using the following command:
464 </para>
465
466 <indexterm zone="mitkrb mitkrb-init">
467 <primary sortas="f-krb5">krb5</primary>
468 </indexterm>
469
470<screen role="root"><userinput>make install-krb5</userinput></screen>
471
472 </sect3>
473
474 </sect2>
475
476 <sect2 role="content">
477
478 <title>Contents</title>
479
480 <segmentedlist>
481 <segtitle>Installed Programs</segtitle>
482 <segtitle>Installed Libraries</segtitle>
483 <segtitle>Installed Directories</segtitle>
484
485 <seglistitem>
486 <seg>
487 gss-client, gss-server, k5srvutil, kadmin, kadmin.local,
488 kadmind, kdb5_ldap_util (optional), kdb5_util, kdestroy, kinit, klist,
489 kpasswd, kprop, kpropd, kproplog, krb5-config, krb5-send-pr, krb5kdc,
490 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server,
491 sserver, uuclient, and uuserver
492 </seg>
493 <seg>
494 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, libkadm5clnt_mit.so,
495 libkadm5clnt.so, libkadm5srv_mit.so, libkadm5srv.so, libkdb_ldap.so
496 (optional), libkdb5.so, libkrad.so, libkrb5.so, libkrb5support.so,
497 libverto.so, and some plugins under the /usr/lib/krb5 tree
498 </seg>
499 <seg>
500 /usr/include/{gssapi,gssrpc,kadm5,krb5},
501 /usr/lib/krb5,
502 /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
503 /var/lib/krb5kdc, and
504 /run/krb5kdc
505 </seg>
506 </seglistitem>
507 </segmentedlist>
508
509 <variablelist>
510 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
511 <?dbfo list-presentation="list"?>
512 <?dbhtml list-presentation="table"?>
513
514 <varlistentry id="gss-client">
515 <term><command>gss-client</command></term>
516 <listitem>
517 <para>
518 is a GSSAPI test client.
519 </para>
520 <indexterm zone="mitkrb gss-client">
521 <primary sortas="b-gss-client">gss-client</primary>
522 </indexterm>
523 </listitem>
524 </varlistentry>
525
526 <varlistentry id="gss-server">
527 <term><command>gss-server</command></term>
528 <listitem>
529 <para>
530 is a GSSAPI test server.
531 </para>
532 <indexterm zone="mitkrb gss-server">
533 <primary sortas="b-gss-server">gss-server</primary>
534 </indexterm>
535 </listitem>
536 </varlistentry>
537
538 <varlistentry id="k5srvutil">
539 <term><command>k5srvutil</command></term>
540 <listitem>
541 <para>
542 is a host keytable manipulation utility.
543 </para>
544 <indexterm zone="mitkrb k5srvutil">
545 <primary sortas="b-k5srvutil">k5srvutil</primary>
546 </indexterm>
547 </listitem>
548 </varlistentry>
549
550 <varlistentry id="kadmin">
551 <term><command>kadmin</command></term>
552 <listitem>
553 <para>
554 is an utility used to make modifications
555 to the Kerberos database.
556 </para>
557 <indexterm zone="mitkrb kadmin">
558 <primary sortas="b-kadmin">kadmin</primary>
559 </indexterm>
560 </listitem>
561 </varlistentry>
562
563 <varlistentry id="kadmin.local">
564 <term><command>kadmin.local</command></term>
565 <listitem>
566 <para>
567 is an utility similar to <command>kadmin</command>, but if the
568 database is db2, the local client <command>kadmin.local</command>,
569 is intended to run directly on the master KDC without Kerberos
570 authentication.
571 </para>
572 <indexterm zone="mitkrb kadmin.local">
573 <primary sortas="b-kadmin.local">kadmin.local</primary>
574 </indexterm>
575 </listitem>
576 </varlistentry>
577
578 <varlistentry id="kadmind">
579 <term><command>kadmind</command></term>
580 <listitem>
581 <para>
582 is a server for administrative access
583 to a Kerberos database.
584 </para>
585 <indexterm zone="mitkrb kadmind">
586 <primary sortas="b-kadmind">kadmind</primary>
587 </indexterm>
588 </listitem>
589 </varlistentry>
590
591 <varlistentry id="kdb5_ldap_util">
592 <term><command>kdb5_ldap_util (optional)</command></term>
593 <listitem>
594 <para>
595 allows an administrator to manage realms, Kerberos services
596 and ticket policies.
597 </para>
598 <indexterm zone="mitkrb kdb5_ldap_util">
599 <primary sortas="b-kdb5_ldap_util">kdb5_ldap_util</primary>
600 </indexterm>
601 </listitem>
602 </varlistentry>
603
604 <varlistentry id="kdb5_util">
605 <term><command>kdb5_util</command></term>
606 <listitem>
607 <para>
608 is the KDC database utility.
609 </para>
610 <indexterm zone="mitkrb kdb5_util">
611 <primary sortas="b-kdb5_util">kdb5_util</primary>
612 </indexterm>
613 </listitem>
614 </varlistentry>
615
616 <varlistentry id="kdestroy">
617 <term><command>kdestroy</command></term>
618 <listitem>
619 <para>
620 removes the current set of tickets.
621 </para>
622 <indexterm zone="mitkrb kdestroy">
623 <primary sortas="b-kdestroy">kdestroy</primary>
624 </indexterm>
625 </listitem>
626 </varlistentry>
627
628 <varlistentry id="kinit">
629 <term><command>kinit</command></term>
630 <listitem>
631 <para>
632 is used to authenticate to the Kerberos server as a
633 principal and acquire a ticket granting ticket that can
634 later be used to obtain tickets for other services.
635 </para>
636 <indexterm zone="mitkrb kinit">
637 <primary sortas="b-kinit">kinit</primary>
638 </indexterm>
639 </listitem>
640 </varlistentry>
641
642 <varlistentry id="klist">
643 <term><command>klist</command></term>
644 <listitem>
645 <para>
646 reads and displays the current tickets in
647 the credential cache.
648 </para>
649 <indexterm zone="mitkrb klist">
650 <primary sortas="b-klist">klist</primary>
651 </indexterm>
652 </listitem>
653 </varlistentry>
654
655 <varlistentry id="kpasswd">
656 <term><command>kpasswd</command></term>
657 <listitem>
658 <para>
659 is a program for changing Kerberos 5 passwords.
660 </para>
661 <indexterm zone="mitkrb kpasswd">
662 <primary sortas="b-kpasswd">kpasswd</primary>
663 </indexterm>
664 </listitem>
665 </varlistentry>
666
667 <varlistentry id="kprop">
668 <term><command>kprop</command></term>
669 <listitem>
670 <para>
671 takes a principal database in a specified format and
672 converts it into a stream of database records.
673 </para>
674 <indexterm zone="mitkrb kprop">
675 <primary sortas="b-kprop">kprop</primary>
676 </indexterm>
677 </listitem>
678 </varlistentry>
679
680 <varlistentry id="kpropd">
681 <term><command>kpropd</command></term>
682 <listitem>
683 <para>
684 receives a database sent by <command>kprop</command>
685 and writes it as a local database.
686 </para>
687 <indexterm zone="mitkrb kpropd">
688 <primary sortas="b-kpropd">kpropd</primary>
689 </indexterm>
690 </listitem>
691 </varlistentry>
692
693 <varlistentry id="kproplog">
694 <term><command>kproplog</command></term>
695 <listitem>
696 <para>
697 displays the contents of the KDC database update log to standard
698 output.
699 </para>
700 <indexterm zone="mitkrb kproplog">
701 <primary sortas="b-kproplog">kproplog</primary>
702 </indexterm>
703 </listitem>
704 </varlistentry>
705
706 <varlistentry id="krb5-config-prog2">
707 <term><command>krb5-config</command></term>
708 <listitem>
709 <para>
710 gives information on how to link programs against
711 libraries.
712 </para>
713 <indexterm zone="mitkrb krb5-config-prog2">
714 <primary sortas="b-krb5-config">krb5-config</primary>
715 </indexterm>
716 </listitem>
717 </varlistentry>
718
719 <varlistentry id="krb5kdc">
720 <term><command>krb5kdc</command></term>
721 <listitem>
722 <para>
723 is the <application>Kerberos 5</application> server.
724 </para>
725 <indexterm zone="mitkrb krb5kdc">
726 <primary sortas="b-krb5kdc">krb5kdc</primary>
727 </indexterm>
728 </listitem>
729 </varlistentry>
730
731 <varlistentry id="krb5-send-pr">
732 <term><command>krb5-send-pr</command></term>
733 <listitem>
734 <para>
735 sends a problem report (PR) to a central support site.
736 </para>
737 <indexterm zone="mitkrb krb5-send-pr">
738 <primary sortas="b-krb-send-pr">krb5-send-pr</primary>
739 </indexterm>
740 </listitem>
741 </varlistentry>
742
743 <varlistentry id="ksu">
744 <term><command>ksu</command></term>
745 <listitem>
746 <para>
747 is the super user program using Kerberos protocol.
748 Requires a properly configured
749 <filename>/etc/shells</filename> and
750 <filename>~/.k5login</filename> containing principals
751 authorized to become super users.
752 </para>
753 <indexterm zone="mitkrb ksu">
754 <primary sortas="b-ksu">ksu</primary>
755 </indexterm>
756 </listitem>
757 </varlistentry>
758
759 <varlistentry id="kswitch">
760 <term><command>kswitch</command></term>
761 <listitem>
762 <para>
763 makes the specified credential cache the
764 primary cache for the collection, if a cache
765 collection is available.
766 </para>
767 <indexterm zone="mitkrb kswitch">
768 <primary sortas="b-kswitch">kswitch</primary>
769 </indexterm>
770 </listitem>
771 </varlistentry>
772
773 <varlistentry id="ktutil">
774 <term><command>ktutil</command></term>
775 <listitem>
776 <para>
777 is a program for managing Kerberos keytabs.
778 </para>
779 <indexterm zone="mitkrb ktutil">
780 <primary sortas="b-ktutil">ktutil</primary>
781 </indexterm>
782 </listitem>
783 </varlistentry>
784
785 <varlistentry id="kvno">
786 <term><command>kvno</command></term>
787 <listitem>
788 <para>
789 prints keyversion numbers of Kerberos principals.
790 </para>
791 <indexterm zone="mitkrb kvno">
792 <primary sortas="b-kvno">kvno</primary>
793 </indexterm>
794 </listitem>
795 </varlistentry>
796
797 <varlistentry id="sclient">
798 <term><command>sclient</command></term>
799 <listitem>
800 <para>
801 is used to contact a sample server and authenticate to it
802 using Kerberos 5 tickets, then display the server's
803 response.
804 </para>
805 <indexterm zone="mitkrb sclient">
806 <primary sortas="b-sclient">sclient</primary>
807 </indexterm>
808 </listitem>
809 </varlistentry>
810
811 <varlistentry id="sim_client">
812 <term><command>sim_client</command></term>
813 <listitem>
814 <para>
815 is a simple UDP-based sample client program, for
816 demonstration.
817 </para>
818 <indexterm zone="mitkrb sim_client">
819 <primary sortas="b-sim_client">sim_client</primary>
820 </indexterm>
821 </listitem>
822 </varlistentry>
823
824 <varlistentry id="sim_server">
825 <term><command>sim_server</command></term>
826 <listitem>
827 <para>
828 is a simple UDP-based server application, for
829 demonstration.
830 </para>
831 <indexterm zone="mitkrb sim_server">
832 <primary sortas="b-sim_server">sim_server</primary>
833 </indexterm>
834 </listitem>
835 </varlistentry>
836
837 <varlistentry id="sserver">
838 <term><command>sserver</command></term>
839 <listitem>
840 <para>
841 is the sample Kerberos 5 server.
842 </para>
843 <indexterm zone="mitkrb sserver">
844 <primary sortas="b-sserver">sserver</primary>
845 </indexterm>
846 </listitem>
847 </varlistentry>
848
849 <varlistentry id="uuclient">
850 <term><command>uuclient</command></term>
851 <listitem>
852 <para>
853 is another sample client.
854 </para>
855 <indexterm zone="mitkrb uuclient">
856 <primary sortas="b-uuclient">uuclient</primary>
857 </indexterm>
858 </listitem>
859 </varlistentry>
860
861 <varlistentry id="uuserver">
862 <term><command>uuserver</command></term>
863 <listitem>
864 <para>
865 is another sample server.
866 </para>
867 <indexterm zone="mitkrb uuserver">
868 <primary sortas="b-uuserver">uuserver</primary>
869 </indexterm>
870 </listitem>
871 </varlistentry>
872
873
874 <varlistentry id="libgssapi_krb5">
875 <term><filename class="libraryfile">libgssapi_krb5.so</filename></term>
876 <listitem>
877 <para>
878 contains the Generic Security Service Application Programming
879 Interface (GSSAPI) functions which provides security services
880 to callers in a generic fashion, supportable with a range of
881 underlying mechanisms and technologies and hence allowing
882 source-level portability of applications to different
883 environments.
884 </para>
885 <indexterm zone="mitkrb libgssapi_krb5">
886 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary>
887 </indexterm>
888 </listitem>
889 </varlistentry>
890
891 <varlistentry id="libkadm5clnt">
892 <term><filename class="libraryfile">libkadm5clnt.so</filename></term>
893 <listitem>
894 <para>
895 contains the administrative authentication and password checking
896 functions required by Kerberos 5 client-side programs.
897 </para>
898 <indexterm zone="mitkrb libkadm5clnt">
899 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary>
900 </indexterm>
901 </listitem>
902 </varlistentry>
903
904 <varlistentry id="libkadm5srv">
905 <term><filename class="libraryfile">libkadm5srv.so</filename></term>
906 <listitem>
907 <para>
908 contains the administrative authentication and password
909 checking functions required by Kerberos 5 servers.
910 </para>
911 <indexterm zone="mitkrb libkadm5srv">
912 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary>
913 </indexterm>
914 </listitem>
915 </varlistentry>
916
917 <varlistentry id="libkdb5">
918 <term><filename class="libraryfile">libkdb5.so</filename></term>
919 <listitem>
920 <para>
921 is a Kerberos 5 authentication/authorization database
922 access library.
923 </para>
924 <indexterm zone="mitkrb libkdb5">
925 <primary sortas="c-libkdb5">libkdb5.so</primary>
926 </indexterm>
927 </listitem>
928 </varlistentry>
929
930 <varlistentry id="libkrad">
931 <term><filename class="libraryfile">libkrad.so</filename></term>
932 <listitem>
933 <para>
934 contains the internal support library for RADIUS functionality.
935 </para>
936 <indexterm zone="mitkrb libkrad">
937 <primary sortas="c-libkrad">libkrad.so</primary>
938 </indexterm>
939 </listitem>
940 </varlistentry>
941
942 <varlistentry id="libkrb5">
943 <term><filename class="libraryfile">libkrb5.so</filename></term>
944 <listitem>
945 <para>
946 is an all-purpose <application>Kerberos 5</application> library.
947 </para>
948 <indexterm zone="mitkrb libkrb5">
949 <primary sortas="c-libkrb5">libkrb5.so</primary>
950 </indexterm>
951 </listitem>
952 </varlistentry>
953
954 </variablelist>
955
956 </sect2>
957
958</sect1>
Note: See TracBrowser for help on using the repository browser.