Changeset 852cd813


Ignore:
Timestamp:
01/27/2005 03:36:13 PM (20 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
Children:
dcee0f2f
Parents:
305e60de
Message:

Updated to Heimdal-0.6.3; updated Glossary

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3345 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • appendices/glossary.xml

    r305e60de r852cd813  
    4949<glossdef><para>American Standard Code for Information Interchange</para></glossdef></glossentry>
    5050
     51<glossentry id="gASN"><glossterm><acronym>ASN</acronym></glossterm>
     52<glossdef><para>Abstract Syntax Notation</para></glossdef></glossentry>
     53
    5154<glossentry id="gASF"><glossterm><acronym>ASF</acronym></glossterm>
    5255<glossdef><para>Advanced Streaming Format</para></glossdef></glossentry>
     
    6669<glossentry id="gAWT"><glossterm><acronym>AWT</acronym></glossterm>
    6770<glossdef><para>Abstract Window Toolkit</para></glossdef></glossentry>
     71
     72<glossentry id="gBER"><glossterm><acronym>BER</acronym></glossterm>
     73<glossdef><para>Basic Encoding Rules</para></glossdef></glossentry>
    6874
    6975<glossentry id="gBIC"><glossterm><acronym>BICS</acronym></glossterm>
     
    125131<glossdef><para>Digital Equipment Corporation</para></glossdef></glossentry>
    126132
     133<glossentry id="gDER"><glossterm><acronym>DER</acronym></glossterm>
     134<glossdef><para>Distinguished Encoding Rules</para></glossdef></glossentry>
     135
    127136<glossentry id="gDES"><glossterm><acronym>DES</acronym></glossterm>
    128137<glossdef><para>Data Encryption Standard</para></glossdef></glossentry>
     
    244253<glossentry id="gGPM"><glossterm><acronym>GPM</acronym></glossterm>
    245254<glossdef><para>General Purpose Mouse</para></glossdef></glossentry>
     255
     256<glossentry id="gGSS"><glossterm><acronym>GSS</acronym></glossterm>
     257<glossdef><para>Generic Security Service</para></glossdef></glossentry>
     258
     259<glossentry id="gGSSAPI"><glossterm><acronym>GSSAPI</acronym></glossterm>
     260<glossdef><para>Generic Security Service Application Programming Interface</para></glossdef></glossentry>
    246261
    247262<glossentry id="gGTK"><glossterm><acronym>GTK</acronym></glossterm>
  • general.ent

    r305e60de r852cd813  
    1 <!ENTITY day          "26">
     1<!ENTITY day          "27">
    22<!ENTITY month        "01">
    33<!ENTITY year         "2005">
     
    3636<!ENTITY gnupg-version                "1.4.0"> 
    3737<!ENTITY tripwire-version             "portable-0.9">   
    38 <!ENTITY heimdal-version              "0.6.2">   
     38<!ENTITY heimdal-version              "0.6.3">   
    3939<!ENTITY mitkrb-version               "1.3.6">
    4040<!ENTITY cyrus-sasl-version           "2.1.20">
  • introduction/welcome/changelog.xml

    r305e60de r852cd813  
    2222
    2323<itemizedlist>
     24
     25<listitem><para>January 27th, 2005 [randy]: Updated to
     26Heimdal-0.6.3; updated Glossary.</para></listitem>
    2427
    2528<listitem><para>January 26th, 2005 [randy]: Updated J2SDK binary version to
  • postlfs/security/heimdal.xml

    r305e60de r852cd813  
    77  <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz">
    88  <!ENTITY heimdal-download-ftp  "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz">
    9   <!ENTITY heimdal-size          "3.2 MB">
    10   <!ENTITY heimdal-buildsize     "142 MB">
    11   <!ENTITY heimdal-time          "2.55 SBU">
     9  <!ENTITY heimdal-size          "3.3 MB">
     10  <!ENTITY heimdal-buildsize     "70 MB">
     11  <!ENTITY heimdal-time          "2.18 SBU">
    1212]>
    1313
     
    1919<?dbhtml filename="heimdal.html"?>
    2020<title>Heimdal-&heimdal-version;</title>
     21<indexterm zone="heimdal">
     22<primary sortas="a-Heimdal">Heimdal</primary>
     23</indexterm>
    2124
    2225<sect2>
     
    6265<sect3><title><application>Heimdal</application> dependencies</title>
    6366<sect4><title>Required</title>
    64 <para><xref linkend="openssl"/> and
     67<para><xref linkend="openssl"/> and 
    6568<xref linkend="db"/></para>
    6669</sect4>
     70
    6771<sect4><title>Optional</title>
    68 <para><xref linkend="Linux_PAM"/>,
    69 <xref linkend="openldap"/>,
    70 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
    71 <xref linkend="cracklib"/> and
    72 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>
    73 </para>
    74 
    75 <note><para>
    76 Some sort of time synchronization facility on your system (like <xref
    77 linkend="ntp"/>) is required since Kerberos won't authenticate if the
    78 time differential between a kerberized client and the
     72<para><xref linkend="Linux_PAM"/>,
     73<xref linkend="openldap"/>,
     74X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>),
     75<xref linkend="cracklib"/> and
     76<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para>
     77
     78<note><para>Some sort of time synchronization facility on your system (like
     79<xref linkend="ntp"/>) is required since Kerberos won't authenticate if the
     80time differential between a kerberized client and the
    7981<acronym>KDC</acronym> server is more than 5 minutes.</para></note>
    8082</sect4>
     
    8789<title>Installation of <application>Heimdal</application></title>
    8890
    89 <para>
    90 Before installing the package, you may want to preserve the
     91<para>Before installing the package, you may want to preserve the
    9192<command>ftp</command> program from the <application>Inetutils</application>
    9293package. This is because using the <application>Heimdal</application>
     
    9495not work properly. It will allow you to connect (letting you know that
    9596transmission of the password is clear text) but will have problems doing puts
    96 and gets.
    97 </para>
    98 
    99 <screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
    100 
    101 <para>
    102 If you wish the <application>Heimdal</application> package to link against the
    103 <application>cracklib</application> library, you must apply a patch:
    104 </para>
     97and gets. Issue the following command as the root user.</para>
     98
     99<screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen>
     100
     101<para>If you wish the <application>Heimdal</application> package to link
     102against the <application>cracklib</application> library, you must apply a
     103patch:</para>
    105104
    106105<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen>
    107106
    108 <para>Install <application>Heimdal</application> by running the following commands:</para>
     107<para>Install <application>Heimdal</application> by running the following
     108commands:</para>
    109109
    110110<screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch &amp;&amp;
    111111./configure --prefix=/usr --sysconfdir=/etc/heimdal \
    112     --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \
    113     --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \
    114     --enable-shared --with-openssl=/usr &amp;&amp;
    115 make &amp;&amp;
    116 make install &amp;&amp;
     112    --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \
     113    --libexecdir=/usr/sbin --enable-shared \
     114    --with-openssl=/usr --with-readline=/usr &amp;&amp;
     115make</command></userinput></screen>
     116
     117<para>Now, as the root user:</para>
     118
     119<screen><userinput role='root'><command>make install &amp;&amp;
    117120mv /bin/login /bin/login.shadow &amp;&amp;
    118 mv /bin/su /bin/su.coreutils &amp;&amp;
     121mv /bin/su /bin/su.shadow &amp;&amp;
    119122mv /usr/bin/{login,su} /bin &amp;&amp;
    120123ln -sf ../../bin/login /usr/bin &amp;&amp;
    121 mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib &amp;&amp;
    122 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib &amp;&amp;
    123 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib &amp;&amp;
    124 mv /usr/lib/libdb-4.1.so /lib &amp;&amp;
    125 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
     124mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \
     125   /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib &amp;&amp;
     126ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \
    126127    /usr/lib &amp;&amp;
    127 ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
     128ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \
    128129    /usr/lib &amp;&amp;
    129 ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
     130ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \
    130131    /usr/lib &amp;&amp;
    131 ln -sf ../../lib/libdb-4.1.so /usr/lib &amp;&amp;
    132132ldconfig</command></userinput></screen>
    133133
     
    144144If you want to preserve all your existing <application>Inetutils</application>
    145145package daemons, install the <application>Heimdal</application> daemons into
    146 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you want).
    147 Since these programs will be called from <command>(x)inetd</command> or
     146<filename class="directory">/usr/sbin/heimdal</filename> (or wherever you
     147want). Since these programs will be called from <command>(x)inetd</command> or
    148148<filename>rc</filename> scripts, it really doesn't matter where they are
    149 installed, as long as they are correctly specified in the
    150 <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename>
     149installed, as long as they are correctly specified in the 
     150<filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename> 
    151151scripts. If you choose something other than
    152152<filename class="directory">/usr/sbin</filename>, you may want to move some of
    153153the user programs (such as <command>kadmin</command>) to
    154 <filename class="directory">/usr/sbin</filename> manually so they'll be in the
     154<filename class="directory">/usr/sbin</filename> manually so they'll be in the 
    155155privileged user's default path.</para></note>
    156156
    157 <para>
    158 <screen><command>mv /bin/login /bin/login.shadow
    159 mv /bin/su /bin/su.coreutils
    160 mv /usr/bin/{login,su} /bin
    161 ln -sf ../../bin/login /usr/bin</command></screen>
    162 
    163 The <command>login</command> and <command>su</command> programs installed by
     157<para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The
     158<command>login</command> and <command>su</command> programs installed by
    164159<application>Heimdal</application> belong in the
    165 <filename class="directory">/bin</filename> directory. The
     160<filename class="directory">/bin</filename> directory. The 
    166161<command>login</command> program is symlinked because
    167162<application>Heimdal</application> is expecting to find it in
    168163<filename class="directory">/usr/bin</filename>. The old executables are
    169 preserved before the move to keep things sane should breaks occur.
    170 </para>
    171 
    172 <para>
    173 <screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib
    174 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib
    175 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib
    176 mv /usr/lib/libdb-4.1.so /lib
    177 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \
    178     /usr/lib
    179 ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \
    180     /usr/lib
    181 ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \
    182     /usr/lib
    183 ln -sf ../../lib/libdb-4.1.so /usr/lib</command></screen>
    184 
    185 The <command>login</command> and <command>su</command> programs
    186 installed by <application>Heimdal</application> link against
     164preserved before the move to keep things sane should breaks occur.</para>
     165
     166<para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The
     167<command>login</command> and <command>su</command> programs installed by
     168<application>Heimdal</application> link against
    187169<application>Heimdal</application> libraries as well as libraries provided by
    188 the <application>OpenSSL</application>, <application>Berkeley DB</application>
    189 and <application>E2fsprogs</application> packages. These libraries are moved
    190 to <filename class="directory">/lib</filename> to be <acronym>FHS</acronym>
    191 compliant and also in case <filename class="directory">/usr</filename> is
    192 located on a separate partition which may not always be mounted.
    193 </para>
     170the <application>Open<acronym>SSL</acronym></application> and
     171<application>Berkeley <acronym>DB</acronym></application> packages. These
     172libraries are moved to <filename class="directory">/lib</filename> to be
     173<acronym>FHS</acronym> compliant and also in case
     174<filename class="directory">/usr</filename> is located on a separate partition
     175which may not always be mounted.</para>
    194176
    195177</sect2>
     
    198180<title>Configuring <application>Heimdal</application></title>
    199181
    200 <sect3><title>Config files</title>
     182<sect3 id="heimdal-config"><title>Config files</title>
    201183<para><filename>/etc/heimdal/*</filename></para>
     184<indexterm zone="heimdal heimdal-config">
     185<primary sortas="e-etc-heimdal">/etc/heimdal/*</primary>
     186</indexterm>
    202187</sect3>
    203188
     
    206191<sect4><title>Master <acronym>KDC</acronym> Server Configuration</title>
    207192
    208 <para>
    209 Create the Kerberos configuration file with the following commands:
    210 </para>
    211 
    212 <screen><userinput><command>install -d /etc/heimdal &amp;&amp;
     193<para>Create the Kerberos configuration file with the following
     194commands:</para>
     195
     196<screen><userinput role='root'><command>install -d /etc/heimdal &amp;&amp;
    213197cat &gt; /etc/heimdal/krb5.conf &lt;&lt; "EOF"</command>
    214198# Begin /etc/heimdal/krb5.conf
     
    236220<command>EOF</command></userinput></screen>
    237221
    238 <para>
    239 You will need to substitute your domain and proper hostname for the
     222<para>You will need to substitute your domain and proper hostname for the
    240223occurrences of the <replaceable>[hostname]</replaceable> and
    241 <replaceable>[EXAMPLE.COM]</replaceable> names.
    242 </para>
    243 
    244 <para>
    245 <userinput>default_realm</userinput> should be the name of your domain changed
    246 to ALL CAPS. This isn't required, but both <application>Heimdal</application>
    247 and <application><acronym>MIT</acronym> krb5</application> recommend it.
    248 </para>
    249 
    250 <para>
    251 <userinput>encrypt = true</userinput> provides encryption of all traffic
     224<replaceable>[EXAMPLE.COM]</replaceable> names.</para>
     225
     226<para><userinput>default_realm</userinput> should be the name of your domain
     227changed to ALL CAPS. This isn't required, but both
     228<application>Heimdal</application> and <application><acronym>MIT</acronym>
     229krb5</application> recommend it.</para>
     230
     231<para><userinput>encrypt = true</userinput> provides encryption of all traffic
    252232between kerberized clients and servers. It's not necessary and can be left
    253233off. If you leave it off, you can encrypt all traffic from the client to the
    254 server using a switch on the client program instead.
    255 </para>
    256 
    257 <para>
    258 The <userinput>[realms]</userinput> parameters tell the client programs where
    259 to look for the <acronym>KDC</acronym> authentication services.
    260 </para>
    261 
    262 <para>
    263 The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
    264 </para>
    265 
    266 <para>
    267 Store the master password in a key file using the following commands:
    268 </para>
    269 
    270 <screen><userinput><command>install -d -m 755 /var/lib/heimdal &amp;&amp;
     234server using a switch on the client program instead.</para>
     235
     236<para>The <userinput>[realms]</userinput> parameters tell the client programs
     237where to look for the <acronym>KDC</acronym> authentication services.</para>
     238
     239<para>The <userinput>[domain_realm]</userinput> section maps a domain to a
     240realm.</para>
     241
     242<para>Store the master password in a key file using the following
     243commands:</para>
     244
     245<screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal &amp;&amp;
    271246kstash</command></userinput></screen>
    272247
    273 <para>
    274 Create the <acronym>KDC</acronym> database:
    275 </para>
    276 
    277 <screen><userinput><command>kadmin -l</command></userinput></screen>
    278 
    279 <para>
    280 Choose the defaults for now. You can go in later and change the
    281 defaults, should you feel the need. At the
    282 <userinput>kadmin&gt;</userinput> prompt, issue the following statement:
    283 </para>
    284 
    285 <screen><userinput><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
    286 
    287 <para>
    288 The database must now be populated with at least one principle (user). For now,
    289 just use your regular login name or root. You may create as few, or as many
    290 principles as you wish using the following statement:
    291 </para>
    292 
    293 <screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
    294 
    295 <para>
    296 The <acronym>KDC</acronym> server and any machine running kerberized
    297 server daemons must have a host key installed:
    298 </para>
    299 
    300 <screen><userinput><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
    301 
    302 <para>
    303 After choosing the defaults when prompted, you will have to export the
    304 data to a keytab file:
    305 </para>
    306 
    307 <screen><userinput><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
    308 
    309 <para>
    310 This should have created two files in
    311 <filename class="directory">/etc/heimdal</filename>:
    312 <filename>krb5.keytab</filename> (Kerberos 5) and
    313 <filename>srvtab</filename> (Kerberos 4). Both files should have 600
    314 (root rw only) permissions. Keeping the keytab files from public access
    315 is crucial to the overall security of the Kerberos installation.
    316 </para>
    317 
    318 <para>
    319 Eventually, you'll want to add server daemon principles to the database
    320 and extract them to the keytab file. You do this in the same way you
    321 created the host principles. Below is an example:
    322 </para>
    323 
    324 <screen><userinput><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
    325 
    326 <para>
    327 (choose the defaults)
    328 </para>
    329 
    330 <screen><userinput><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
    331 
    332 <para>
    333 Exit the <command>kadmin</command> program (use <command>quit</command>
    334 or <command>exit</command>) and return back to the shell prompt. Start
     248<para>Create the <acronym>KDC</acronym> database:</para>
     249
     250<screen><userinput role='root'><command>kadmin -l</command></userinput></screen>
     251
     252<para>Choose the defaults for now. You can go in later and change the
     253defaults, should you feel the need. At the
     254<userinput>kadmin&gt;</userinput> prompt, issue the following statement:</para>
     255
     256<screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen>
     257
     258<para>The database must now be populated with at least one principle (user).
     259For now, just use your regular login name or root. You may create as few, or
     260as many principles as you wish using the following statement:</para>
     261
     262<screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen>
     263
     264<para>The <acronym>KDC</acronym> server and any machine running kerberized
     265server daemons must have a host key installed:</para>
     266
     267<screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
     268
     269<para>After choosing the defaults when prompted, you will have to export the
     270data to a keytab file:</para>
     271
     272<screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
     273
     274<para>This should have created two files in
     275<filename class="directory">/etc/heimdal</filename>:
     276<filename>krb5.keytab</filename> (Kerberos 5) and
     277<filename>srvtab</filename> (Kerberos 4). Both files should have 600
     278(root rw only) permissions. Keeping the keytab files from public access
     279is crucial to the overall security of the Kerberos installation.</para>
     280
     281<para>Eventually, you'll want to add server daemon principles to the database
     282and extract them to the keytab file. You do this in the same way you created
     283the host principles. Below is an example:</para>
     284
     285<screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
     286
     287<para>(choose the defaults)</para>
     288
     289<screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen>
     290
     291<para>Exit the <command>kadmin</command> program (use <command>quit</command>
     292or <command>exit</command>) and return back to the shell prompt. Start
    335293the <acronym>KDC</acronym> daemon manually, just to test out the
    336 installation:
    337 </para>
    338 
    339 <screen><userinput><command>/usr/sbin/kdc &amp;</command></userinput></screen>
    340 
    341 <para>
    342 Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the
    343 following command:
    344 </para>
     294installation:</para>
     295
     296<screen><userinput role='root'><command>/usr/sbin/kdc &amp;</command></userinput></screen>
     297
     298<para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with
     299the following command:</para>
    345300
    346301<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
    347302
    348 <para>
    349 You will be prompted for the password you created. After you get your
    350 ticket, you should list it with the following command:
    351 </para>
     303<para>You will be prompted for the password you created. After you get your
     304ticket, you should list it with the following command:</para>
    352305
    353306<screen><userinput><command>klist</command></userinput></screen>
    354307
    355 <para>
    356 Information about the ticket should be displayed on the screen.
    357 </para>
    358 
    359 <para>
    360 To test the functionality of the keytab file, issue the following command:
    361 </para>
     308<para>Information about the ticket should be displayed on the screen.</para>
     309
     310<para>To test the functionality of the keytab file, issue the following
     311command:</para>
    362312
    363313<screen><userinput><command>ktutil list</command></userinput></screen>
    364314
    365 <para>
    366 This should dump a list of the host principals, along with the encryption
    367 methods used to access the principals.
    368 </para>
    369 
    370 <para>
    371 At this point, if everything has been successful so far, you can feel
    372 fairly confident in the installation and configuration of the package.
    373 </para>
    374 
    375 <para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script
    376 included in the <xref linkend="intro-important-bootscripts"/>
    377 package:</para>
    378 
    379 <screen><userinput><command>make install-heimdal</command></userinput></screen>
    380 
     315<para>This should dump a list of the host principals, along with the encryption
     316methods used to access the principals.</para>
     317
     318<para>At this point, if everything has been successful so far, you can feel
     319fairly confident in the installation and configuration of the package.</para>
     320
     321<para id="heimdal-init">Install the
     322<filename>/etc/rc.d/init.d/heimdal</filename> init script included in the
     323<xref linkend="intro-important-bootscripts"/> package:</para>
     324<indexterm zone="heimdal heimdal-init">
     325<primary sortas="f-heimdal">heimdal</primary>
     326</indexterm>
     327
     328<screen><userinput role='root'><command>make install-heimdal</command></userinput></screen>
    381329</sect4>
    382330
    383331<sect4><title>Using Kerberized Client Programs</title>
    384332
    385 <para>
    386 To use the kerberized client programs (<command>telnet</command>,
    387 <command>ftp</command>, <command>rsh</command>,
    388 <command>rxterm</command>, <command>rxtelnet</command>,
    389 <command>rcp</command>, <command>xnlock</command>), you first must get
    390 a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
    391 get the ticket. After you've acquired the ticket, you can use the
    392 kerberized programs to connect to any kerberized server on the network.
    393 You will not be prompted for authentication until your ticket expires
    394 (default is one day), unless you specify a different user as a command
    395 line argument to the program.
    396 </para>
    397 
    398 <para>
    399 The kerberized programs will connect to non-kerberized daemons, warning
    400 you that authentication is not encrypted. As mentioned earlier, only the
     333<para>To use the kerberized client programs (<command>telnet</command>,
     334<command>ftp</command>, <command>rsh</command>,
     335<command>rxterm</command>, <command>rxtelnet</command>,
     336<command>rcp</command>, <command>xnlock</command>), you first must get
     337a <acronym>TGT</acronym>. Use the <command>kinit</command> program to
     338get the ticket. After you've acquired the ticket, you can use the
     339kerberized programs to connect to any kerberized server on the network.
     340You will not be prompted for authentication until your ticket expires
     341(default is one day), unless you specify a different user as a command
     342line argument to the program.</para>
     343
     344<para>The kerberized programs will connect to non-kerberized daemons, warning
     345you that authentication is not encrypted. As mentioned earlier, only the
    401346<command>ftp</command> program gives any trouble connecting to
    402 non-kerberized daemons.
    403 </para>
     347non-kerberized daemons.</para>
    404348
    405349<para>In order to use the <application>Heimdal</application>
    406 <application>X</application> programs, you'll need to add a service port
     350<application>X</application> programs, you'll need to add a service port 
    407351entry to the <filename>/etc/services</filename> file for the
    408 <command>kxd</command> server. There is no 'standardized port number' for
    409 the 'kx' service in the IANA database, so you'll have to pick an unused port
    410 number. Add an entry to the <filename>services</filename> file similar to the
    411 entry below (substitute your chosen port number for
     352<command>kxd</command> server. There is no 'standardized port number' for 
     353the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to
     354pick an unused port number. Add an entry to the <filename>services</filename>
     355file similar to the entry below (substitute your chosen port number for
    412356<replaceable>[49150]</replaceable>):</para>
    413357
    414 <screen><userinput>kx              <replaceable>[49150]</replaceable>/tcp   # Heimdal kerberos X
     358<screen><userinput role='root'>kx              <replaceable>[49150]</replaceable>/tcp   # Heimdal kerberos X
    415359kx              <replaceable>[49150]</replaceable>/udp   # Heimdal kerberos X</userinput></screen>
    416360
    417 <para>
    418 For additional information consult <ulink
    419 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
    420 Heimdal hint</ulink> on which the above instructions are based.
    421 </para>
    422 
     361<para>For additional information consult <ulink
     362url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the
     363Heimdal hint</ulink> on which the above instructions are based.</para>
    423364</sect4>
    424 
    425365</sect3>
    426366
     
    430370<title>Contents</title>
    431371
    432 <para>The <application>Heimdal</application> package contains
    433 <command>afslog</command>,
    434 <command>dump_log</command>,
    435 <command>ftp</command>,
    436 <command>ftpd</command>,
    437 <command>hprop</command>,
    438 <command>hpropd</command>,
    439 <command>ipropd-master</command>,
    440 <command>ipropd-slave</command>,
    441 <command>kadmin</command>,
    442 <command>kadmind</command>,
    443 <command>kauth</command>,
    444 <command>kdc</command>,
    445 <command>kdestroy</command>,
    446 <command>kf</command>,
    447 <command>kfd</command>,
    448 <command>kgetcred</command>,
    449 <command>kinit</command>,
    450 <command>klist</command>,
    451 <command>kpasswd</command>,
    452 <command>kpasswdd</command>,
    453 <command>krb5-config</command>,
    454 <command>kstash</command>,
    455 <command>ktutil</command>,
    456 <command>kx</command>,
    457 <command>kxd</command>,
    458 <command>login</command>,
    459 <command>mk_cmds</command>,
    460 <command>otp</command>,
    461 <command>otpprint</command>,
    462 <command>pagsh</command>,
    463 <command>pfrom</command>,
    464 <command>popper</command>,
    465 <command>push</command>,
    466 <command>rcp</command>,
    467 <command>replay_log</command>,
    468 <command>rsh</command>,
    469 <command>rshd</command>,
    470 <command>rxtelnet</command>,
    471 <command>rxterm</command>,
    472 <command>string2key</command>,
    473 <command>su</command>,
    474 <command>telnet</command>,
    475 <command>telnetd</command>,
    476 <command>tenletxr</command>,
    477 <command>truncate_log</command>,
    478 <command>verify_krb5_conf</command>,
    479 <command>xnlock</command>,
    480 <filename class="libraryfile">libasn1</filename>,
    481 <filename class="libraryfile">libeditline</filename>,
    482 <filename class="libraryfile">libgssapi</filename>,
    483 <filename class="libraryfile">libhdb</filename>,
    484 <filename class="libraryfile">libkadm5clnt</filename>,
    485 <filename class="libraryfile">libkadm5srv</filename>,
    486 <filename class="libraryfile">libkafs</filename>,
    487 <filename class="libraryfile">libkrb5</filename>,
    488 <filename class="libraryfile">libotp</filename>,
    489 <filename class="libraryfile">libroken</filename>,
    490 <filename class="libraryfile">libsl</filename> and
    491 <filename class="libraryfile">libss</filename>.
    492 </para>
     372<segmentedlist>
     373<segtitle>Installed Programs</segtitle>
     374<segtitle>Installed Libraries</segtitle>
     375<segtitle>Installed Directories</segtitle>
     376
     377<seglistitem>
     378<seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave,
     379kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist,
     380kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp,
     381otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet,
     382rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log,
     383verify_krb5_conf and xnlock</seg>
     384<seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a],
     385libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a],
     386libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg>
     387<seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and
     388/var/lib/heimdal</seg>
     389</seglistitem>
     390</segmentedlist>
     391
     392<variablelist>
     393<bridgehead renderas="sect3">Short Descriptions</bridgehead>
     394<?dbfo list-presentation="list"?>
     395
     396<varlistentry id="afslog">
     397<term><command>afslog</command></term>
     398<listitem><para>obtains <acronym>AFS</acronym> tokens for a number of
     399cells.</para>
     400<indexterm zone="heimdal afslog">
     401<primary sortas="b-afslog">afslog</primary>
     402</indexterm></listitem>
     403</varlistentry>
     404
     405<varlistentry id="ftp">
     406<term><command>ftp</command></term>
     407<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
     408<indexterm zone="heimdal ftp">
     409<primary sortas="b-ftp">ftp</primary>
     410</indexterm></listitem>
     411</varlistentry>
     412
     413<varlistentry id="ftpd">
     414<term><command>ftpd</command></term>
     415<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
     416<indexterm zone="heimdal ftpd">
     417<primary sortas="b-ftpd">ftpd</primary>
     418</indexterm></listitem>
     419</varlistentry>
     420
     421<varlistentry id="hprop">
     422<term><command>hprop</command></term>
     423<listitem><para> takes a principal database in a specified format and converts
     424it into a stream of <application>Heimdal</application> database records.</para>
     425<indexterm zone="heimdal hprop">
     426<primary sortas="b-hprop">hprop</primary>
     427</indexterm></listitem>
     428</varlistentry>
     429
     430<varlistentry id="hpropd">
     431<term><command>hpropd</command></term>
     432<listitem><para>is a server that receives a database sent by
     433<command>hprop</command> and writes it as a local database.</para>
     434<indexterm zone="heimdal hpropd">
     435<primary sortas="b-hpropd">hpropd</primary>
     436</indexterm></listitem>
     437</varlistentry>
     438
     439<varlistentry id="ipropd-master">
     440<term><command>ipropd-master</command></term>
     441<listitem><para>is a daemon which runs on the master <acronym>KDC</acronym>
     442server which incrementally propogates changes to the <acronym>KDC</acronym>
     443database to the slave <acronym>KDC</acronym> servers.</para>
     444<indexterm zone="heimdal ipropd-master">
     445<primary sortas="b-ipropd-master">ipropd-master</primary>
     446</indexterm></listitem>
     447</varlistentry>
     448
     449<varlistentry id="ipropd-slave">
     450<term><command>ipropd-slave</command></term>
     451<listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym>
     452servers which incrementally propogates changes to the <acronym>KDC</acronym>
     453database from the master <acronym>KDC</acronym> server.</para>
     454<indexterm zone="heimdal ipropd-slave">
     455<primary sortas="b-ipropd-slave">ipropd-slave</primary>
     456</indexterm></listitem>
     457</varlistentry>
     458
     459<varlistentry id="kadmin">
     460<term><command>kadmin</command></term>
     461<listitem><para>is a utility used to make modifications to the Kerberos
     462database.</para>
     463<indexterm zone="heimdal kadmin">
     464<primary sortas="b-kadmin">kadmin</primary>
     465</indexterm></listitem>
     466</varlistentry>
     467
     468<varlistentry id="kadmind">
     469<term><command>kadmind</command></term>
     470<listitem><para>is a server for administrative access to the Kerberos
     471database.</para>
     472<indexterm zone="heimdal kadmind">
     473<primary sortas="b-kadmind">kadmind</primary>
     474</indexterm></listitem>
     475</varlistentry>
     476
     477<varlistentry id="kauth">
     478<term><command>kauth</command></term>
     479<listitem><para>is a symbolic link to the <command>kinit</command>
     480program.</para>
     481<indexterm zone="heimdal kauth">
     482<primary sortas="g-kauth">kauth</primary>
     483</indexterm></listitem>
     484</varlistentry>
     485
     486<varlistentry id="kdc">
     487<term><command>kdc</command></term>
     488<listitem><para>is a Kerberos 5 server.</para>
     489<indexterm zone="heimdal kdc">
     490<primary sortas="b-kdc">kdc</primary>
     491</indexterm></listitem>
     492</varlistentry>
     493
     494<varlistentry id="kdestroy">
     495<term><command>kdestroy</command></term>
     496<listitem><para>removes a principle's current set of tickets.</para>
     497<indexterm zone="heimdal kdestroy">
     498<primary sortas="b-kdestroy">kdestroy</primary>
     499</indexterm></listitem>
     500</varlistentry>
     501
     502<varlistentry id="kf">
     503<term><command>kf</command></term>
     504<listitem><para>is a program which forwards tickets to a remote host through
     505an authenticated and encrypted stream.</para>
     506<indexterm zone="heimdal kf">
     507<primary sortas="b-kf">kf</primary>
     508</indexterm></listitem>
     509</varlistentry>
     510
     511<varlistentry id="kfd">
     512<term><command>kfd</command></term>
     513<listitem><para>is a server used to receive forwarded tickets.</para>
     514<indexterm zone="heimdal kfd">
     515<primary sortas="b-kfd">kfd</primary>
     516</indexterm></listitem>
     517</varlistentry>
     518
     519<varlistentry id="kgetcred">
     520<term><command>kgetcred</command></term>
     521<listitem><para>obtains a ticket for a service.</para>
     522<indexterm zone="heimdal kgetcred">
     523<primary sortas="b-kgetcred">kgetcred</primary>
     524</indexterm></listitem>
     525</varlistentry>
     526
     527<varlistentry id="kinit">
     528<term><command>kinit</command></term>
     529<listitem><para>is used to authenticate to the Kerberos server as a principal
     530and acquire a ticket granting ticket that can later be used to obtain tickets
     531for other services.</para>
     532<indexterm zone="heimdal kinit">
     533<primary sortas="b-kinit">kinit</primary>
     534</indexterm></listitem>
     535</varlistentry>
     536
     537<varlistentry id="klist">
     538<term><command>klist</command></term>
     539<listitem><para>reads and displays the current tickets in the credential
     540cache.</para>
     541<indexterm zone="heimdal klist">
     542<primary sortas="b-klist">klist</primary>
     543</indexterm></listitem>
     544</varlistentry>
     545
     546<varlistentry id="kpasswd">
     547<term><command>kpasswd</command></term>
     548<listitem><para>is a program for changing Kerberos 5 passwords.</para>
     549<indexterm zone="heimdal kpasswd">
     550<primary sortas="b-kpasswd">kpasswd</primary>
     551</indexterm></listitem>
     552</varlistentry>
     553
     554<varlistentry id="kpasswdd">
     555<term><command>kpasswdd</command></term>
     556<listitem><para>is a Kerberos 5 password changing server.</para>
     557<indexterm zone="heimdal kpasswdd">
     558<primary sortas="b-kpasswdd">kpasswdd</primary>
     559</indexterm></listitem>
     560</varlistentry>
     561
     562<varlistentry id="krb5-config-prog">
     563<term><command>krb5-config</command></term>
     564<listitem><para>gives information on how to link programs against
     565<application>Heimdal</application> libraries.</para>
     566<indexterm zone="heimdal krb5-config-prog">
     567<primary sortas="b-krb5-config">krb5-config</primary>
     568</indexterm></listitem>
     569</varlistentry>
     570
     571<varlistentry id="kstash">
     572<term><command>kstash</command></term>
     573<listitem><para>stores the <acronym>KDC</acronym> master password in a
     574file.</para>
     575<indexterm zone="heimdal kstash">
     576<primary sortas="b-kstash">kstash</primary>
     577</indexterm></listitem>
     578</varlistentry>
     579
     580<varlistentry id="ktutil">
     581<term><command>ktutil</command></term>
     582<listitem><para>is a program for managing Kerberos keytabs.</para>
     583<indexterm zone="heimdal ktutil">
     584<primary sortas="b-ktutil">ktutil</primary>
     585</indexterm></listitem>
     586</varlistentry>
     587
     588<varlistentry id="kx">
     589<term><command>kx</command></term>
     590<listitem><para>is a program which securely forwards
     591<application>X</application> connections.</para>
     592<indexterm zone="heimdal kx">
     593<primary sortas="b-kx">kx</primary>
     594</indexterm></listitem>
     595</varlistentry>
     596
     597<varlistentry id="kxd">
     598<term><command>kxd</command></term>
     599<listitem><para>is the daemon for <command>kx</command>.</para>
     600<indexterm zone="heimdal kxd">
     601<primary sortas="b-kxd">kxd</primary>
     602</indexterm></listitem>
     603</varlistentry>
     604
     605<varlistentry id="login">
     606<term><command>login</command></term>
     607<listitem><para>is a kerberized login program.</para>
     608<indexterm zone="heimdal login">
     609<primary sortas="b-login">login</primary>
     610</indexterm></listitem>
     611</varlistentry>
     612
     613<varlistentry id="otp">
     614<term><command>otp</command></term>
     615<listitem><para>manages one-time passwords.</para>
     616<indexterm zone="heimdal otp">
     617<primary sortas="b-otp">otp</primary>
     618</indexterm></listitem>
     619</varlistentry>
     620
     621<varlistentry id="otpprint">
     622<term><command>otpprint</command></term>
     623<listitem><para>prints lists of one-time passwords.</para>
     624<indexterm zone="heimdal otpprint">
     625<primary sortas="b-otpprint">otpprint</primary>
     626</indexterm></listitem>
     627</varlistentry>
     628
     629<varlistentry id="pfrom">
     630<term><command>pfrom</command></term>
     631<listitem><para>is a script that runs <command>push --from</command>.</para>
     632<indexterm zone="heimdal pfrom">
     633<primary sortas="b-pfrom">pfrom</primary>
     634</indexterm></listitem>
     635</varlistentry>
     636
     637<varlistentry id="popper">
     638<term><command>popper</command></term>
     639<listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para>
     640<indexterm zone="heimdal popper">
     641<primary sortas="b-popper">popper</primary>
     642</indexterm></listitem>
     643</varlistentry>
     644
     645<varlistentry id="push">
     646<term><command>push</command></term>
     647<listitem><para>is a kerberized <acronym>POP</acronym> mail retreival
     648client.</para>
     649<indexterm zone="heimdal push">
     650<primary sortas="b-push">push</primary>
     651</indexterm></listitem>
     652</varlistentry>
     653
     654<varlistentry id="rcp">
     655<term><command>rcp</command></term>
     656<listitem><para>is a kerberized rcp client program.</para>
     657<indexterm zone="heimdal rcp">
     658<primary sortas="b-rcp">rcp</primary>
     659</indexterm></listitem>
     660</varlistentry>
     661
     662<varlistentry id="rsh">
     663<term><command>rsh</command></term>
     664<listitem><para>is a kerberized rsh client program.</para>
     665<indexterm zone="heimdal rsh">
     666<primary sortas="b-rsh">rsh</primary>
     667</indexterm></listitem>
     668</varlistentry>
     669
     670<varlistentry id="rshd">
     671<term><command>rshd</command></term>
     672<listitem><para>is a kerberized rsh server.</para>
     673<indexterm zone="heimdal rshd">
     674<primary sortas="b-rshd">rshd</primary>
     675</indexterm></listitem>
     676</varlistentry>
     677
     678<varlistentry id="rxtelnet">
     679<term><command>rxtelnet</command></term>
     680<listitem><para>starts a secure <command>xterm</command> window with a
     681<command>telnet</command> to a given host and forwards
     682<application>X</application> connections.</para>
     683<indexterm zone="heimdal rxtelnet">
     684<primary sortas="b-rxtelnet">rxtelnet</primary>
     685</indexterm></listitem>
     686</varlistentry>
     687
     688<varlistentry id="rxterm">
     689<term><command>rxterm</command></term>
     690<listitem><para>starts a secure remote <command>xterm</command>.</para>
     691<indexterm zone="heimdal rxterm">
     692<primary sortas="b-rxterm">rxterm</primary>
     693</indexterm></listitem>
     694</varlistentry>
     695
     696<varlistentry id="string2key">
     697<term><command>string2key</command></term>
     698<listitem><para>maps a password into a key.</para>
     699<indexterm zone="heimdal string2key">
     700<primary sortas="b-string2key">string2key</primary>
     701</indexterm></listitem>
     702</varlistentry>
     703
     704<varlistentry id="su">
     705<term><command>su</command></term>
     706<listitem><para>is a kerberized su client program.</para>
     707<indexterm zone="heimdal su">
     708<primary sortas="b-su">su</primary>
     709</indexterm></listitem>
     710</varlistentry>
     711
     712<varlistentry id="telnet">
     713<term><command>telnet</command></term>
     714<listitem><para>is a kerberized telnet client program.</para>
     715<indexterm zone="heimdal telnet">
     716<primary sortas="b-telnet">telnet</primary>
     717</indexterm></listitem>
     718</varlistentry>
     719
     720<varlistentry id="telnetd">
     721<term><command>telnetd</command></term>
     722<listitem><para>is a kerberized telnet server.</para>
     723<indexterm zone="heimdal telnetd">
     724<primary sortas="b-telnetd">telnetd</primary>
     725</indexterm></listitem>
     726</varlistentry>
     727
     728<varlistentry id="tenletxr">
     729<term><command>tenletxr</command></term>
     730<listitem><para>forwards <application>X</application> connections
     731backwards.</para>
     732<indexterm zone="heimdal tenletxr">
     733<primary sortas="b-tenletxr">tenletxr</primary>
     734</indexterm></listitem>
     735</varlistentry>
     736
     737<varlistentry id="verify_krb5_conf">
     738<term><command>verify_krb5_conf</command></term>
     739<listitem><para>checks <filename>krb5.conf</filename> file for obvious
     740errors.</para>
     741<indexterm zone="heimdal verify_krb5_conf">
     742<primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary>
     743</indexterm></listitem>
     744</varlistentry>
     745
     746<varlistentry id="xnlock">
     747<term><command>xnlock</command></term>
     748<listitem><para>is a program that acts as a secure screen saver for
     749workstations running <application>X</application>.</para>
     750<indexterm zone="heimdal xnlock">
     751<primary sortas="b-xnlock">xnlock</primary>
     752</indexterm></listitem>
     753</varlistentry>
     754
     755<varlistentry id="libasn1">
     756<term><filename class='libraryfile'>libasn1.[so,a]</filename></term>
     757<listitem><para>provides the ASN.1 and DER functions to encode and decode
     758the Kerberos TGTs.</para>
     759<indexterm zone="heimdal libasn1">
     760<primary sortas="c-libasn1">libasn1.[so,a]</primary>
     761</indexterm></listitem>
     762</varlistentry>
     763
     764<varlistentry id="libeditline">
     765<term><filename class='libraryfile'>libeditline.a</filename></term>
     766<listitem><para>is a command-line editing library with history.</para>
     767<indexterm zone="heimdal libeditline">
     768<primary sortas="c-libeditline">libeditline.a</primary>
     769</indexterm></listitem>
     770</varlistentry>
     771
     772<varlistentry id="libgssapi">
     773<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
     774<listitem><para>contain the Generic Security Service Application Programming
     775Interface (<acronym>GSSAPI</acronym>) functions which provides security
     776services to callers in a generic fashion, supportable with a range of
     777underlying mechanisms and technologies and hence allowing source-level
     778portability of applications to different environments.</para>
     779<indexterm zone="heimdal libgssapi">
     780<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
     781</indexterm></listitem>
     782</varlistentry>
     783
     784<varlistentry id="libhdb">
     785<term><filename class='libraryfile'>libhdb.[so,a]</filename></term>
     786<listitem><para>is a <application>Heimdal</application> Kerberos 5
     787authentication/authorization database access library.</para>
     788<indexterm zone="heimdal libhdb">
     789<primary sortas="c-libhdb">libhdb.[so,a]</primary>
     790</indexterm></listitem>
     791</varlistentry>
     792
     793<varlistentry id="libkadm5clnt">
     794<term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
     795<listitem><para>contains the administrative authentication and password
     796checking functions required by Kerberos 5 client-side programs.</para>
     797<indexterm zone="heimdal libkadm5clnt">
     798<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
     799</indexterm></listitem>
     800</varlistentry>
     801
     802<varlistentry id="libkadm5srv">
     803<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
     804<listitem><para>contain the administrative authentication and password
     805checking functions required by Kerberos 5 servers.</para>
     806<indexterm zone="heimdal libkadm5srv">
     807<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
     808</indexterm></listitem>
     809</varlistentry>
     810
     811<varlistentry id="libkafs">
     812<term><filename class='libraryfile'>libkafs.[so,a]</filename></term>
     813<listitem><para>contains the functions required to authenticated to AFS.</para>
     814<indexterm zone="heimdal libkafs">
     815<primary sortas="c-libkafs">libkafs.[so,a]</primary>
     816</indexterm></listitem>
     817</varlistentry>
     818
     819<varlistentry id="libkrb5">
     820<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
     821<listitem><para>is an all-purpose Kerberos 5 library.</para>
     822<indexterm zone="heimdal libkrb5">
     823<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
     824</indexterm></listitem>
     825</varlistentry>
     826
     827<varlistentry id="libotp">
     828<term><filename class='libraryfile'>libotp.[so,a]</filename></term>
     829<listitem><para>contains the functions required to handle authenticating
     830one time passwords.</para>
     831<indexterm zone="heimdal libotp">
     832<primary sortas="c-libotp">libotp.[so,a]</primary>
     833</indexterm></listitem>
     834</varlistentry>
     835
     836<varlistentry id="libroken">
     837<term><filename class='libraryfile'>libroken.[so,a]</filename></term>
     838<listitem><para>is a library containing Kerberos 5 compatibility
     839functions.</para>
     840<indexterm zone="heimdal libroken">
     841<primary sortas="c-libroken">libroken.[so,a]</primary>
     842</indexterm></listitem>
     843</varlistentry>
     844
     845</variablelist>
    493846
    494847</sect2>
    495848
    496 <sect2><title>Description</title>
    497 
    498 <sect3><title>afslog</title>
    499 <para><command>afslog</command> obtains <acronym>AFS</acronym> tokens for a
    500 number of cells.</para></sect3>
    501 
    502 <sect3><title>hprop</title>
    503 <para><command>hprop</command> takes a principal database in a specified
    504 format and converts it into a stream of <application>Heimdal</application>
    505 database records.</para></sect3>
    506 
    507 <sect3><title>hpropd</title>
    508 <para><command>hpropd</command> receives a database sent by
    509 <command>hprop</command> and writes it as a local database.</para></sect3>
    510 
    511 <sect3><title>kadmin</title>
    512 <para><command>kadmin</command> is a utility used to make modifications
    513 to the Kerberos database.</para></sect3>
    514 
    515 <sect3><title>kadmind</title>
    516 <para><command>kadmind</command> is a server for administrative access
    517 to the Kerberos database.</para></sect3>
    518 
    519 <sect3><title>kauth, kinit</title>
    520 <para><command>kauth</command> and <command>kinit</command> are used to
    521 authenticate to the Kerberos server as a principal and acquire a ticket
    522 granting ticket that can later be used to obtain tickets for other
    523 services.</para></sect3>
    524 
    525 <sect3><title>kdc</title>
    526 <para><command>kdc</command> is a Kerberos 5 server.</para></sect3>
    527 
    528 <sect3><title>kdestroy</title>
    529 <para><command>kdestroy</command> removes a principle's current set of
    530 tickets.</para></sect3>
    531 
    532 <sect3><title>kf</title>
    533 <para><command>kf</command> is a program which forwards tickets to a
    534 remote host through an authenticated and encrypted
    535 stream.</para></sect3>
    536 
    537 <sect3><title>kfd</title>
    538 <para><command>kfd</command> receives forwarded tickets.</para></sect3>
    539 
    540 <sect3><title>kgetcred</title>
    541 <para><command>kgetcred</command> obtains a ticket for a
    542 service.</para></sect3>
    543 
    544 <sect3><title>klist</title>
    545 <para><command>klist</command> reads and displays the current tickets in
    546 the credential cache.</para></sect3>
    547 
    548 <sect3><title>kpasswd</title>
    549 <para><command>kpasswd</command> is a program for changing Kerberos 5
    550 passwords.</para></sect3>
    551 
    552 <sect3><title>kpasswdd</title>
    553 <para><command>kpasswdd</command> is a Kerberos 5 password changing
    554 server.</para></sect3>
    555 
    556 <sect3><title>krb5-config</title>
    557 <para><command>krb5-config</command> gives information on how to link
    558 programs against <application>Heimdal</application> libraries.</para></sect3>
    559 
    560 <sect3><title>kstash</title>
    561 <para><command>kstash</command> stores the <acronym>KDC</acronym> master
    562 password in a file.</para></sect3>
    563 
    564 <sect3><title>ktutil</title>
    565 <para><command>ktutil</command> is a program for managing Kerberos
    566 keytabs.</para></sect3>
    567 
    568 <sect3><title>kx</title>
    569 <para><command>kx</command> is a program which securely forwards
    570 <application>X</application> connections.</para></sect3>
    571 
    572 <sect3><title>kxd</title>
    573 <para><command>kxd</command> is the daemon for
    574 <command>kx</command>.</para></sect3>
    575 
    576 <sect3><title>otp</title>
    577 <para><command>otp</command> manages one-time passwords.</para></sect3>
    578 
    579 <sect3><title>otpprint</title>
    580 <para><command>otpprint</command> prints lists of one-time
    581 passwords.</para></sect3>
    582 
    583 <sect3><title>rxtelnet</title>
    584 <para><command>rxtelnet</command> starts an <command>xterm</command>
    585 window with a telnet to a given host and forwards
    586 <application>X</application> connections.</para></sect3>
    587 
    588 <sect3><title>rxterm</title>
    589 <para><command>rxterm</command> starts a secure remote
    590 <command>xterm</command>.</para></sect3>
    591 
    592 <sect3><title>string2key</title>
    593 <para><command>string2key</command> maps a password into a
    594 key.</para></sect3>
    595 
    596 <sect3><title>tenletxr</title>
    597 <para><command>tenletxr</command> forwards <application>X</application>
    598 connections backwards.</para></sect3>
    599 
    600 <sect3><title>verify_krb5_conf</title>
    601 <para><command>verify_krb5_conf</command> checks
    602 <filename>krb5.conf</filename> file for obvious errors.</para></sect3>
    603 
    604 <sect3><title>xnlock</title>
    605 <para><command>xnlock</command> is a program that acts as a secure screen
    606 saver for workstations running <application>X</application>.</para></sect3>
    607 
    608 </sect2>
    609 
    610849</sect1>
Note: See TracChangeset for help on using the changeset viewer.