Changeset 852cd813
- Timestamp:
- 01/27/2005 03:36:13 PM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- dcee0f2f
- Parents:
- 305e60de
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
appendices/glossary.xml
r305e60de r852cd813 49 49 <glossdef><para>American Standard Code for Information Interchange</para></glossdef></glossentry> 50 50 51 <glossentry id="gASN"><glossterm><acronym>ASN</acronym></glossterm> 52 <glossdef><para>Abstract Syntax Notation</para></glossdef></glossentry> 53 51 54 <glossentry id="gASF"><glossterm><acronym>ASF</acronym></glossterm> 52 55 <glossdef><para>Advanced Streaming Format</para></glossdef></glossentry> … … 66 69 <glossentry id="gAWT"><glossterm><acronym>AWT</acronym></glossterm> 67 70 <glossdef><para>Abstract Window Toolkit</para></glossdef></glossentry> 71 72 <glossentry id="gBER"><glossterm><acronym>BER</acronym></glossterm> 73 <glossdef><para>Basic Encoding Rules</para></glossdef></glossentry> 68 74 69 75 <glossentry id="gBIC"><glossterm><acronym>BICS</acronym></glossterm> … … 125 131 <glossdef><para>Digital Equipment Corporation</para></glossdef></glossentry> 126 132 133 <glossentry id="gDER"><glossterm><acronym>DER</acronym></glossterm> 134 <glossdef><para>Distinguished Encoding Rules</para></glossdef></glossentry> 135 127 136 <glossentry id="gDES"><glossterm><acronym>DES</acronym></glossterm> 128 137 <glossdef><para>Data Encryption Standard</para></glossdef></glossentry> … … 244 253 <glossentry id="gGPM"><glossterm><acronym>GPM</acronym></glossterm> 245 254 <glossdef><para>General Purpose Mouse</para></glossdef></glossentry> 255 256 <glossentry id="gGSS"><glossterm><acronym>GSS</acronym></glossterm> 257 <glossdef><para>Generic Security Service</para></glossdef></glossentry> 258 259 <glossentry id="gGSSAPI"><glossterm><acronym>GSSAPI</acronym></glossterm> 260 <glossdef><para>Generic Security Service Application Programming Interface</para></glossdef></glossentry> 246 261 247 262 <glossentry id="gGTK"><glossterm><acronym>GTK</acronym></glossterm> -
general.ent
r305e60de r852cd813 1 <!ENTITY day "2 6">1 <!ENTITY day "27"> 2 2 <!ENTITY month "01"> 3 3 <!ENTITY year "2005"> … … 36 36 <!ENTITY gnupg-version "1.4.0"> 37 37 <!ENTITY tripwire-version "portable-0.9"> 38 <!ENTITY heimdal-version "0.6. 2">38 <!ENTITY heimdal-version "0.6.3"> 39 39 <!ENTITY mitkrb-version "1.3.6"> 40 40 <!ENTITY cyrus-sasl-version "2.1.20"> -
introduction/welcome/changelog.xml
r305e60de r852cd813 22 22 23 23 <itemizedlist> 24 25 <listitem><para>January 27th, 2005 [randy]: Updated to 26 Heimdal-0.6.3; updated Glossary.</para></listitem> 24 27 25 28 <listitem><para>January 26th, 2005 [randy]: Updated J2SDK binary version to -
postlfs/security/heimdal.xml
r305e60de r852cd813 7 7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz"> 8 8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz"> 9 <!ENTITY heimdal-size "3. 2MB">10 <!ENTITY heimdal-buildsize " 142MB">11 <!ENTITY heimdal-time "2. 55SBU">9 <!ENTITY heimdal-size "3.3 MB"> 10 <!ENTITY heimdal-buildsize "70 MB"> 11 <!ENTITY heimdal-time "2.18 SBU"> 12 12 ]> 13 13 … … 19 19 <?dbhtml filename="heimdal.html"?> 20 20 <title>Heimdal-&heimdal-version;</title> 21 <indexterm zone="heimdal"> 22 <primary sortas="a-Heimdal">Heimdal</primary> 23 </indexterm> 21 24 22 25 <sect2> … … 62 65 <sect3><title><application>Heimdal</application> dependencies</title> 63 66 <sect4><title>Required</title> 64 <para><xref linkend="openssl"/> and 67 <para><xref linkend="openssl"/> and 65 68 <xref linkend="db"/></para> 66 69 </sect4> 70 67 71 <sect4><title>Optional</title> 68 <para><xref linkend="Linux_PAM"/>, 69 <xref linkend="openldap"/>, 70 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), 71 <xref linkend="cracklib"/> and 72 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink> 73 </para> 74 75 <note><para> 76 Some sort of time synchronization facility on your system (like <xref 77 linkend="ntp"/>) is required since Kerberos won't authenticate if the 78 time differential between a kerberized client and the 72 <para><xref linkend="Linux_PAM"/>, 73 <xref linkend="openldap"/>, 74 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), 75 <xref linkend="cracklib"/> and 76 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para> 77 78 <note><para>Some sort of time synchronization facility on your system (like 79 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if the 80 time differential between a kerberized client and the 79 81 <acronym>KDC</acronym> server is more than 5 minutes.</para></note> 80 82 </sect4> … … 87 89 <title>Installation of <application>Heimdal</application></title> 88 90 89 <para> 90 Before installing the package, you may want to preserve the 91 <para>Before installing the package, you may want to preserve the 91 92 <command>ftp</command> program from the <application>Inetutils</application> 92 93 package. This is because using the <application>Heimdal</application> … … 94 95 not work properly. It will allow you to connect (letting you know that 95 96 transmission of the password is clear text) but will have problems doing puts 96 and gets. 97 </para> 98 99 <screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen> 100 101 <para> 102 If you wish the <application>Heimdal</application> package to link against the 103 <application>cracklib</application> library, you must apply a patch: 104 </para> 97 and gets. Issue the following command as the root user.</para> 98 99 <screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen> 100 101 <para>If you wish the <application>Heimdal</application> package to link 102 against the <application>cracklib</application> library, you must apply a 103 patch:</para> 105 104 106 105 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen> 107 106 108 <para>Install <application>Heimdal</application> by running the following commands:</para> 107 <para>Install <application>Heimdal</application> by running the following 108 commands:</para> 109 109 110 110 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch && 111 111 ./configure --prefix=/usr --sysconfdir=/etc/heimdal \ 112 --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \ 113 --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \ 114 --enable-shared --with-openssl=/usr && 115 make && 116 make install && 112 --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \ 113 --libexecdir=/usr/sbin --enable-shared \ 114 --with-openssl=/usr --with-readline=/usr && 115 make</command></userinput></screen> 116 117 <para>Now, as the root user:</para> 118 119 <screen><userinput role='root'><command>make install && 117 120 mv /bin/login /bin/login.shadow && 118 mv /bin/su /bin/su. coreutils&&121 mv /bin/su /bin/su.shadow && 119 122 mv /usr/bin/{login,su} /bin && 120 123 ln -sf ../../bin/login /usr/bin && 121 mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib && 122 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib && 123 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib && 124 mv /usr/lib/libdb-4.1.so /lib && 125 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \ 124 mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \ 125 /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib && 126 ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \ 126 127 /usr/lib && 127 ln -sf ../../lib/lib{krb5.so.17 ,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \128 ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \ 128 129 /usr/lib && 129 ln -sf ../../lib/lib{roken.so.16 ,roken.so.16.0.3,crypto.so.0.9.7} \130 ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \ 130 131 /usr/lib && 131 ln -sf ../../lib/libdb-4.1.so /usr/lib &&132 132 ldconfig</command></userinput></screen> 133 133 … … 144 144 If you want to preserve all your existing <application>Inetutils</application> 145 145 package daemons, install the <application>Heimdal</application> daemons into 146 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you want).147 Since these programs will be called from <command>(x)inetd</command> or 146 <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you 147 want). Since these programs will be called from <command>(x)inetd</command> or 148 148 <filename>rc</filename> scripts, it really doesn't matter where they are 149 installed, as long as they are correctly specified in the 150 <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename> 149 installed, as long as they are correctly specified in the 150 <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename> 151 151 scripts. If you choose something other than 152 152 <filename class="directory">/usr/sbin</filename>, you may want to move some of 153 153 the user programs (such as <command>kadmin</command>) to 154 <filename class="directory">/usr/sbin</filename> manually so they'll be in the 154 <filename class="directory">/usr/sbin</filename> manually so they'll be in the 155 155 privileged user's default path.</para></note> 156 156 157 <para> 158 <screen><command>mv /bin/login /bin/login.shadow 159 mv /bin/su /bin/su.coreutils 160 mv /usr/bin/{login,su} /bin 161 ln -sf ../../bin/login /usr/bin</command></screen> 162 163 The <command>login</command> and <command>su</command> programs installed by 157 <para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The 158 <command>login</command> and <command>su</command> programs installed by 164 159 <application>Heimdal</application> belong in the 165 <filename class="directory">/bin</filename> directory. The 160 <filename class="directory">/bin</filename> directory. The 166 161 <command>login</command> program is symlinked because 167 162 <application>Heimdal</application> is expecting to find it in 168 163 <filename class="directory">/usr/bin</filename>. The old executables are 169 preserved before the move to keep things sane should breaks occur. 170 </para> 171 172 <para> 173 <screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib 174 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib 175 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib 176 mv /usr/lib/libdb-4.1.so /lib 177 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} \ 178 /usr/lib 179 ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} \ 180 /usr/lib 181 ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} \ 182 /usr/lib 183 ln -sf ../../lib/libdb-4.1.so /usr/lib</command></screen> 184 185 The <command>login</command> and <command>su</command> programs 186 installed by <application>Heimdal</application> link against 164 preserved before the move to keep things sane should breaks occur.</para> 165 166 <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The 167 <command>login</command> and <command>su</command> programs installed by 168 <application>Heimdal</application> link against 187 169 <application>Heimdal</application> libraries as well as libraries provided by 188 the <application>Open SSL</application>, <application>Berkeley DB</application>189 and <application>E2fsprogs</application> packages. These libraries are moved190 to <filename class="directory">/lib</filename> to be <acronym>FHS</acronym> 191 compliant and also in case <filename class="directory">/usr</filename> is192 located on a separate partition which may not always be mounted. 193 </para>170 the <application>Open<acronym>SSL</acronym></application> and 171 <application>Berkeley <acronym>DB</acronym></application> packages. These 172 libraries are moved to <filename class="directory">/lib</filename> to be 173 <acronym>FHS</acronym> compliant and also in case 174 <filename class="directory">/usr</filename> is located on a separate partition 175 which may not always be mounted.</para> 194 176 195 177 </sect2> … … 198 180 <title>Configuring <application>Heimdal</application></title> 199 181 200 <sect3 ><title>Config files</title>182 <sect3 id="heimdal-config"><title>Config files</title> 201 183 <para><filename>/etc/heimdal/*</filename></para> 184 <indexterm zone="heimdal heimdal-config"> 185 <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary> 186 </indexterm> 202 187 </sect3> 203 188 … … 206 191 <sect4><title>Master <acronym>KDC</acronym> Server Configuration</title> 207 192 208 <para> 209 Create the Kerberos configuration file with the following commands: 210 </para> 211 212 <screen><userinput><command>install -d /etc/heimdal && 193 <para>Create the Kerberos configuration file with the following 194 commands:</para> 195 196 <screen><userinput role='root'><command>install -d /etc/heimdal && 213 197 cat > /etc/heimdal/krb5.conf << "EOF"</command> 214 198 # Begin /etc/heimdal/krb5.conf … … 236 220 <command>EOF</command></userinput></screen> 237 221 238 <para> 239 You will need to substitute your domain and proper hostname for the 222 <para>You will need to substitute your domain and proper hostname for the 240 223 occurrences of the <replaceable>[hostname]</replaceable> and 241 <replaceable>[EXAMPLE.COM]</replaceable> names. 242 </para> 243 244 <para> 245 <userinput>default_realm</userinput> should be the name of your domain changed 246 to ALL CAPS. This isn't required, but both <application>Heimdal</application> 247 and <application><acronym>MIT</acronym> krb5</application> recommend it. 248 </para> 249 250 <para> 251 <userinput>encrypt = true</userinput> provides encryption of all traffic 224 <replaceable>[EXAMPLE.COM]</replaceable> names.</para> 225 226 <para><userinput>default_realm</userinput> should be the name of your domain 227 changed to ALL CAPS. This isn't required, but both 228 <application>Heimdal</application> and <application><acronym>MIT</acronym> 229 krb5</application> recommend it.</para> 230 231 <para><userinput>encrypt = true</userinput> provides encryption of all traffic 252 232 between kerberized clients and servers. It's not necessary and can be left 253 233 off. If you leave it off, you can encrypt all traffic from the client to the 254 server using a switch on the client program instead. 255 </para> 256 257 <para> 258 The <userinput>[realms]</userinput> parameters tell the client programs where 259 to look for the <acronym>KDC</acronym> authentication services. 260 </para> 261 262 <para> 263 The <userinput>[domain_realm]</userinput> section maps a domain to a realm. 264 </para> 265 266 <para> 267 Store the master password in a key file using the following commands: 268 </para> 269 270 <screen><userinput><command>install -d -m 755 /var/lib/heimdal && 234 server using a switch on the client program instead.</para> 235 236 <para>The <userinput>[realms]</userinput> parameters tell the client programs 237 where to look for the <acronym>KDC</acronym> authentication services.</para> 238 239 <para>The <userinput>[domain_realm]</userinput> section maps a domain to a 240 realm.</para> 241 242 <para>Store the master password in a key file using the following 243 commands:</para> 244 245 <screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal && 271 246 kstash</command></userinput></screen> 272 247 273 <para> 274 Create the <acronym>KDC</acronym> database: 275 </para> 276 277 <screen><userinput><command>kadmin -l</command></userinput></screen> 278 279 <para> 280 Choose the defaults for now. You can go in later and change the 281 defaults, should you feel the need. At the 282 <userinput>kadmin></userinput> prompt, issue the following statement: 283 </para> 284 285 <screen><userinput><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen> 286 287 <para> 288 The database must now be populated with at least one principle (user). For now, 289 just use your regular login name or root. You may create as few, or as many 290 principles as you wish using the following statement: 291 </para> 292 293 <screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen> 294 295 <para> 296 The <acronym>KDC</acronym> server and any machine running kerberized 297 server daemons must have a host key installed: 298 </para> 299 300 <screen><userinput><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 301 302 <para> 303 After choosing the defaults when prompted, you will have to export the 304 data to a keytab file: 305 </para> 306 307 <screen><userinput><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 308 309 <para> 310 This should have created two files in 311 <filename class="directory">/etc/heimdal</filename>: 312 <filename>krb5.keytab</filename> (Kerberos 5) and 313 <filename>srvtab</filename> (Kerberos 4). Both files should have 600 314 (root rw only) permissions. Keeping the keytab files from public access 315 is crucial to the overall security of the Kerberos installation. 316 </para> 317 318 <para> 319 Eventually, you'll want to add server daemon principles to the database 320 and extract them to the keytab file. You do this in the same way you 321 created the host principles. Below is an example: 322 </para> 323 324 <screen><userinput><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 325 326 <para> 327 (choose the defaults) 328 </para> 329 330 <screen><userinput><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 331 332 <para> 333 Exit the <command>kadmin</command> program (use <command>quit</command> 334 or <command>exit</command>) and return back to the shell prompt. Start 248 <para>Create the <acronym>KDC</acronym> database:</para> 249 250 <screen><userinput role='root'><command>kadmin -l</command></userinput></screen> 251 252 <para>Choose the defaults for now. You can go in later and change the 253 defaults, should you feel the need. At the 254 <userinput>kadmin></userinput> prompt, issue the following statement:</para> 255 256 <screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen> 257 258 <para>The database must now be populated with at least one principle (user). 259 For now, just use your regular login name or root. You may create as few, or 260 as many principles as you wish using the following statement:</para> 261 262 <screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen> 263 264 <para>The <acronym>KDC</acronym> server and any machine running kerberized 265 server daemons must have a host key installed:</para> 266 267 <screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 268 269 <para>After choosing the defaults when prompted, you will have to export the 270 data to a keytab file:</para> 271 272 <screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 273 274 <para>This should have created two files in 275 <filename class="directory">/etc/heimdal</filename>: 276 <filename>krb5.keytab</filename> (Kerberos 5) and 277 <filename>srvtab</filename> (Kerberos 4). Both files should have 600 278 (root rw only) permissions. Keeping the keytab files from public access 279 is crucial to the overall security of the Kerberos installation.</para> 280 281 <para>Eventually, you'll want to add server daemon principles to the database 282 and extract them to the keytab file. You do this in the same way you created 283 the host principles. Below is an example:</para> 284 285 <screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 286 287 <para>(choose the defaults)</para> 288 289 <screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> 290 291 <para>Exit the <command>kadmin</command> program (use <command>quit</command> 292 or <command>exit</command>) and return back to the shell prompt. Start 335 293 the <acronym>KDC</acronym> daemon manually, just to test out the 336 installation: 337 </para> 338 339 <screen><userinput><command>/usr/sbin/kdc &</command></userinput></screen> 340 341 <para> 342 Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the 343 following command: 344 </para> 294 installation:</para> 295 296 <screen><userinput role='root'><command>/usr/sbin/kdc &</command></userinput></screen> 297 298 <para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with 299 the following command:</para> 345 300 346 301 <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen> 347 302 348 <para> 349 You will be prompted for the password you created. After you get your 350 ticket, you should list it with the following command: 351 </para> 303 <para>You will be prompted for the password you created. After you get your 304 ticket, you should list it with the following command:</para> 352 305 353 306 <screen><userinput><command>klist</command></userinput></screen> 354 307 355 <para> 356 Information about the ticket should be displayed on the screen. 357 </para> 358 359 <para> 360 To test the functionality of the keytab file, issue the following command: 361 </para> 308 <para>Information about the ticket should be displayed on the screen.</para> 309 310 <para>To test the functionality of the keytab file, issue the following 311 command:</para> 362 312 363 313 <screen><userinput><command>ktutil list</command></userinput></screen> 364 314 365 <para> 366 This should dump a list of the host principals, along with the encryption 367 methods used to access the principals. 368 </para> 369 370 <para> 371 At this point, if everything has been successful so far, you can feel 372 fairly confident in the installation and configuration of the package. 373 </para> 374 375 <para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script 376 included in the <xref linkend="intro-important-bootscripts"/> 377 package:</para> 378 379 <screen><userinput><command>make install-heimdal</command></userinput></screen> 380 315 <para>This should dump a list of the host principals, along with the encryption 316 methods used to access the principals.</para> 317 318 <para>At this point, if everything has been successful so far, you can feel 319 fairly confident in the installation and configuration of the package.</para> 320 321 <para id="heimdal-init">Install the 322 <filename>/etc/rc.d/init.d/heimdal</filename> init script included in the 323 <xref linkend="intro-important-bootscripts"/> package:</para> 324 <indexterm zone="heimdal heimdal-init"> 325 <primary sortas="f-heimdal">heimdal</primary> 326 </indexterm> 327 328 <screen><userinput role='root'><command>make install-heimdal</command></userinput></screen> 381 329 </sect4> 382 330 383 331 <sect4><title>Using Kerberized Client Programs</title> 384 332 385 <para> 386 To use the kerberized client programs (<command>telnet</command>, 387 <command>ftp</command>, <command>rsh</command>, 388 <command>rxterm</command>, <command>rxtelnet</command>, 389 <command>rcp</command>, <command>xnlock</command>), you first must get 390 a <acronym>TGT</acronym>. Use the <command>kinit</command> program to 391 get the ticket. After you've acquired the ticket, you can use the 392 kerberized programs to connect to any kerberized server on the network. 393 You will not be prompted for authentication until your ticket expires 394 (default is one day), unless you specify a different user as a command 395 line argument to the program. 396 </para> 397 398 <para> 399 The kerberized programs will connect to non-kerberized daemons, warning 400 you that authentication is not encrypted. As mentioned earlier, only the 333 <para>To use the kerberized client programs (<command>telnet</command>, 334 <command>ftp</command>, <command>rsh</command>, 335 <command>rxterm</command>, <command>rxtelnet</command>, 336 <command>rcp</command>, <command>xnlock</command>), you first must get 337 a <acronym>TGT</acronym>. Use the <command>kinit</command> program to 338 get the ticket. After you've acquired the ticket, you can use the 339 kerberized programs to connect to any kerberized server on the network. 340 You will not be prompted for authentication until your ticket expires 341 (default is one day), unless you specify a different user as a command 342 line argument to the program.</para> 343 344 <para>The kerberized programs will connect to non-kerberized daemons, warning 345 you that authentication is not encrypted. As mentioned earlier, only the 401 346 <command>ftp</command> program gives any trouble connecting to 402 non-kerberized daemons. 403 </para> 347 non-kerberized daemons.</para> 404 348 405 349 <para>In order to use the <application>Heimdal</application> 406 <application>X</application> programs, you'll need to add a service port 350 <application>X</application> programs, you'll need to add a service port 407 351 entry to the <filename>/etc/services</filename> file for the 408 <command>kxd</command> server. There is no 'standardized port number' for 409 the 'kx' service in the IANA database, so you'll have to pick an unused port410 number. Add an entry to the <filename>services</filename> file similar to the411 entry below (substitute your chosen port number for352 <command>kxd</command> server. There is no 'standardized port number' for 353 the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to 354 pick an unused port number. Add an entry to the <filename>services</filename> 355 file similar to the entry below (substitute your chosen port number for 412 356 <replaceable>[49150]</replaceable>):</para> 413 357 414 <screen><userinput >kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X358 <screen><userinput role='root'>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X 415 359 kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen> 416 360 417 <para> 418 For additional information consult <ulink 419 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the 420 Heimdal hint</ulink> on which the above instructions are based. 421 </para> 422 361 <para>For additional information consult <ulink 362 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the 363 Heimdal hint</ulink> on which the above instructions are based.</para> 423 364 </sect4> 424 425 365 </sect3> 426 366 … … 430 370 <title>Contents</title> 431 371 432 <para>The <application>Heimdal</application> package contains 433 <command>afslog</command>, 434 <command>dump_log</command>, 435 <command>ftp</command>, 436 <command>ftpd</command>, 437 <command>hprop</command>, 438 <command>hpropd</command>, 439 <command>ipropd-master</command>, 440 <command>ipropd-slave</command>, 441 <command>kadmin</command>, 442 <command>kadmind</command>, 443 <command>kauth</command>, 444 <command>kdc</command>, 445 <command>kdestroy</command>, 446 <command>kf</command>, 447 <command>kfd</command>, 448 <command>kgetcred</command>, 449 <command>kinit</command>, 450 <command>klist</command>, 451 <command>kpasswd</command>, 452 <command>kpasswdd</command>, 453 <command>krb5-config</command>, 454 <command>kstash</command>, 455 <command>ktutil</command>, 456 <command>kx</command>, 457 <command>kxd</command>, 458 <command>login</command>, 459 <command>mk_cmds</command>, 460 <command>otp</command>, 461 <command>otpprint</command>, 462 <command>pagsh</command>, 463 <command>pfrom</command>, 464 <command>popper</command>, 465 <command>push</command>, 466 <command>rcp</command>, 467 <command>replay_log</command>, 468 <command>rsh</command>, 469 <command>rshd</command>, 470 <command>rxtelnet</command>, 471 <command>rxterm</command>, 472 <command>string2key</command>, 473 <command>su</command>, 474 <command>telnet</command>, 475 <command>telnetd</command>, 476 <command>tenletxr</command>, 477 <command>truncate_log</command>, 478 <command>verify_krb5_conf</command>, 479 <command>xnlock</command>, 480 <filename class="libraryfile">libasn1</filename>, 481 <filename class="libraryfile">libeditline</filename>, 482 <filename class="libraryfile">libgssapi</filename>, 483 <filename class="libraryfile">libhdb</filename>, 484 <filename class="libraryfile">libkadm5clnt</filename>, 485 <filename class="libraryfile">libkadm5srv</filename>, 486 <filename class="libraryfile">libkafs</filename>, 487 <filename class="libraryfile">libkrb5</filename>, 488 <filename class="libraryfile">libotp</filename>, 489 <filename class="libraryfile">libroken</filename>, 490 <filename class="libraryfile">libsl</filename> and 491 <filename class="libraryfile">libss</filename>. 492 </para> 372 <segmentedlist> 373 <segtitle>Installed Programs</segtitle> 374 <segtitle>Installed Libraries</segtitle> 375 <segtitle>Installed Directories</segtitle> 376 377 <seglistitem> 378 <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave, 379 kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist, 380 kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp, 381 otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet, 382 rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log, 383 verify_krb5_conf and xnlock</seg> 384 <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], 385 libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], 386 libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg> 387 <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and 388 /var/lib/heimdal</seg> 389 </seglistitem> 390 </segmentedlist> 391 392 <variablelist> 393 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 394 <?dbfo list-presentation="list"?> 395 396 <varlistentry id="afslog"> 397 <term><command>afslog</command></term> 398 <listitem><para>obtains <acronym>AFS</acronym> tokens for a number of 399 cells.</para> 400 <indexterm zone="heimdal afslog"> 401 <primary sortas="b-afslog">afslog</primary> 402 </indexterm></listitem> 403 </varlistentry> 404 405 <varlistentry id="ftp"> 406 <term><command>ftp</command></term> 407 <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para> 408 <indexterm zone="heimdal ftp"> 409 <primary sortas="b-ftp">ftp</primary> 410 </indexterm></listitem> 411 </varlistentry> 412 413 <varlistentry id="ftpd"> 414 <term><command>ftpd</command></term> 415 <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para> 416 <indexterm zone="heimdal ftpd"> 417 <primary sortas="b-ftpd">ftpd</primary> 418 </indexterm></listitem> 419 </varlistentry> 420 421 <varlistentry id="hprop"> 422 <term><command>hprop</command></term> 423 <listitem><para> takes a principal database in a specified format and converts 424 it into a stream of <application>Heimdal</application> database records.</para> 425 <indexterm zone="heimdal hprop"> 426 <primary sortas="b-hprop">hprop</primary> 427 </indexterm></listitem> 428 </varlistentry> 429 430 <varlistentry id="hpropd"> 431 <term><command>hpropd</command></term> 432 <listitem><para>is a server that receives a database sent by 433 <command>hprop</command> and writes it as a local database.</para> 434 <indexterm zone="heimdal hpropd"> 435 <primary sortas="b-hpropd">hpropd</primary> 436 </indexterm></listitem> 437 </varlistentry> 438 439 <varlistentry id="ipropd-master"> 440 <term><command>ipropd-master</command></term> 441 <listitem><para>is a daemon which runs on the master <acronym>KDC</acronym> 442 server which incrementally propogates changes to the <acronym>KDC</acronym> 443 database to the slave <acronym>KDC</acronym> servers.</para> 444 <indexterm zone="heimdal ipropd-master"> 445 <primary sortas="b-ipropd-master">ipropd-master</primary> 446 </indexterm></listitem> 447 </varlistentry> 448 449 <varlistentry id="ipropd-slave"> 450 <term><command>ipropd-slave</command></term> 451 <listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym> 452 servers which incrementally propogates changes to the <acronym>KDC</acronym> 453 database from the master <acronym>KDC</acronym> server.</para> 454 <indexterm zone="heimdal ipropd-slave"> 455 <primary sortas="b-ipropd-slave">ipropd-slave</primary> 456 </indexterm></listitem> 457 </varlistentry> 458 459 <varlistentry id="kadmin"> 460 <term><command>kadmin</command></term> 461 <listitem><para>is a utility used to make modifications to the Kerberos 462 database.</para> 463 <indexterm zone="heimdal kadmin"> 464 <primary sortas="b-kadmin">kadmin</primary> 465 </indexterm></listitem> 466 </varlistentry> 467 468 <varlistentry id="kadmind"> 469 <term><command>kadmind</command></term> 470 <listitem><para>is a server for administrative access to the Kerberos 471 database.</para> 472 <indexterm zone="heimdal kadmind"> 473 <primary sortas="b-kadmind">kadmind</primary> 474 </indexterm></listitem> 475 </varlistentry> 476 477 <varlistentry id="kauth"> 478 <term><command>kauth</command></term> 479 <listitem><para>is a symbolic link to the <command>kinit</command> 480 program.</para> 481 <indexterm zone="heimdal kauth"> 482 <primary sortas="g-kauth">kauth</primary> 483 </indexterm></listitem> 484 </varlistentry> 485 486 <varlistentry id="kdc"> 487 <term><command>kdc</command></term> 488 <listitem><para>is a Kerberos 5 server.</para> 489 <indexterm zone="heimdal kdc"> 490 <primary sortas="b-kdc">kdc</primary> 491 </indexterm></listitem> 492 </varlistentry> 493 494 <varlistentry id="kdestroy"> 495 <term><command>kdestroy</command></term> 496 <listitem><para>removes a principle's current set of tickets.</para> 497 <indexterm zone="heimdal kdestroy"> 498 <primary sortas="b-kdestroy">kdestroy</primary> 499 </indexterm></listitem> 500 </varlistentry> 501 502 <varlistentry id="kf"> 503 <term><command>kf</command></term> 504 <listitem><para>is a program which forwards tickets to a remote host through 505 an authenticated and encrypted stream.</para> 506 <indexterm zone="heimdal kf"> 507 <primary sortas="b-kf">kf</primary> 508 </indexterm></listitem> 509 </varlistentry> 510 511 <varlistentry id="kfd"> 512 <term><command>kfd</command></term> 513 <listitem><para>is a server used to receive forwarded tickets.</para> 514 <indexterm zone="heimdal kfd"> 515 <primary sortas="b-kfd">kfd</primary> 516 </indexterm></listitem> 517 </varlistentry> 518 519 <varlistentry id="kgetcred"> 520 <term><command>kgetcred</command></term> 521 <listitem><para>obtains a ticket for a service.</para> 522 <indexterm zone="heimdal kgetcred"> 523 <primary sortas="b-kgetcred">kgetcred</primary> 524 </indexterm></listitem> 525 </varlistentry> 526 527 <varlistentry id="kinit"> 528 <term><command>kinit</command></term> 529 <listitem><para>is used to authenticate to the Kerberos server as a principal 530 and acquire a ticket granting ticket that can later be used to obtain tickets 531 for other services.</para> 532 <indexterm zone="heimdal kinit"> 533 <primary sortas="b-kinit">kinit</primary> 534 </indexterm></listitem> 535 </varlistentry> 536 537 <varlistentry id="klist"> 538 <term><command>klist</command></term> 539 <listitem><para>reads and displays the current tickets in the credential 540 cache.</para> 541 <indexterm zone="heimdal klist"> 542 <primary sortas="b-klist">klist</primary> 543 </indexterm></listitem> 544 </varlistentry> 545 546 <varlistentry id="kpasswd"> 547 <term><command>kpasswd</command></term> 548 <listitem><para>is a program for changing Kerberos 5 passwords.</para> 549 <indexterm zone="heimdal kpasswd"> 550 <primary sortas="b-kpasswd">kpasswd</primary> 551 </indexterm></listitem> 552 </varlistentry> 553 554 <varlistentry id="kpasswdd"> 555 <term><command>kpasswdd</command></term> 556 <listitem><para>is a Kerberos 5 password changing server.</para> 557 <indexterm zone="heimdal kpasswdd"> 558 <primary sortas="b-kpasswdd">kpasswdd</primary> 559 </indexterm></listitem> 560 </varlistentry> 561 562 <varlistentry id="krb5-config-prog"> 563 <term><command>krb5-config</command></term> 564 <listitem><para>gives information on how to link programs against 565 <application>Heimdal</application> libraries.</para> 566 <indexterm zone="heimdal krb5-config-prog"> 567 <primary sortas="b-krb5-config">krb5-config</primary> 568 </indexterm></listitem> 569 </varlistentry> 570 571 <varlistentry id="kstash"> 572 <term><command>kstash</command></term> 573 <listitem><para>stores the <acronym>KDC</acronym> master password in a 574 file.</para> 575 <indexterm zone="heimdal kstash"> 576 <primary sortas="b-kstash">kstash</primary> 577 </indexterm></listitem> 578 </varlistentry> 579 580 <varlistentry id="ktutil"> 581 <term><command>ktutil</command></term> 582 <listitem><para>is a program for managing Kerberos keytabs.</para> 583 <indexterm zone="heimdal ktutil"> 584 <primary sortas="b-ktutil">ktutil</primary> 585 </indexterm></listitem> 586 </varlistentry> 587 588 <varlistentry id="kx"> 589 <term><command>kx</command></term> 590 <listitem><para>is a program which securely forwards 591 <application>X</application> connections.</para> 592 <indexterm zone="heimdal kx"> 593 <primary sortas="b-kx">kx</primary> 594 </indexterm></listitem> 595 </varlistentry> 596 597 <varlistentry id="kxd"> 598 <term><command>kxd</command></term> 599 <listitem><para>is the daemon for <command>kx</command>.</para> 600 <indexterm zone="heimdal kxd"> 601 <primary sortas="b-kxd">kxd</primary> 602 </indexterm></listitem> 603 </varlistentry> 604 605 <varlistentry id="login"> 606 <term><command>login</command></term> 607 <listitem><para>is a kerberized login program.</para> 608 <indexterm zone="heimdal login"> 609 <primary sortas="b-login">login</primary> 610 </indexterm></listitem> 611 </varlistentry> 612 613 <varlistentry id="otp"> 614 <term><command>otp</command></term> 615 <listitem><para>manages one-time passwords.</para> 616 <indexterm zone="heimdal otp"> 617 <primary sortas="b-otp">otp</primary> 618 </indexterm></listitem> 619 </varlistentry> 620 621 <varlistentry id="otpprint"> 622 <term><command>otpprint</command></term> 623 <listitem><para>prints lists of one-time passwords.</para> 624 <indexterm zone="heimdal otpprint"> 625 <primary sortas="b-otpprint">otpprint</primary> 626 </indexterm></listitem> 627 </varlistentry> 628 629 <varlistentry id="pfrom"> 630 <term><command>pfrom</command></term> 631 <listitem><para>is a script that runs <command>push --from</command>.</para> 632 <indexterm zone="heimdal pfrom"> 633 <primary sortas="b-pfrom">pfrom</primary> 634 </indexterm></listitem> 635 </varlistentry> 636 637 <varlistentry id="popper"> 638 <term><command>popper</command></term> 639 <listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para> 640 <indexterm zone="heimdal popper"> 641 <primary sortas="b-popper">popper</primary> 642 </indexterm></listitem> 643 </varlistentry> 644 645 <varlistentry id="push"> 646 <term><command>push</command></term> 647 <listitem><para>is a kerberized <acronym>POP</acronym> mail retreival 648 client.</para> 649 <indexterm zone="heimdal push"> 650 <primary sortas="b-push">push</primary> 651 </indexterm></listitem> 652 </varlistentry> 653 654 <varlistentry id="rcp"> 655 <term><command>rcp</command></term> 656 <listitem><para>is a kerberized rcp client program.</para> 657 <indexterm zone="heimdal rcp"> 658 <primary sortas="b-rcp">rcp</primary> 659 </indexterm></listitem> 660 </varlistentry> 661 662 <varlistentry id="rsh"> 663 <term><command>rsh</command></term> 664 <listitem><para>is a kerberized rsh client program.</para> 665 <indexterm zone="heimdal rsh"> 666 <primary sortas="b-rsh">rsh</primary> 667 </indexterm></listitem> 668 </varlistentry> 669 670 <varlistentry id="rshd"> 671 <term><command>rshd</command></term> 672 <listitem><para>is a kerberized rsh server.</para> 673 <indexterm zone="heimdal rshd"> 674 <primary sortas="b-rshd">rshd</primary> 675 </indexterm></listitem> 676 </varlistentry> 677 678 <varlistentry id="rxtelnet"> 679 <term><command>rxtelnet</command></term> 680 <listitem><para>starts a secure <command>xterm</command> window with a 681 <command>telnet</command> to a given host and forwards 682 <application>X</application> connections.</para> 683 <indexterm zone="heimdal rxtelnet"> 684 <primary sortas="b-rxtelnet">rxtelnet</primary> 685 </indexterm></listitem> 686 </varlistentry> 687 688 <varlistentry id="rxterm"> 689 <term><command>rxterm</command></term> 690 <listitem><para>starts a secure remote <command>xterm</command>.</para> 691 <indexterm zone="heimdal rxterm"> 692 <primary sortas="b-rxterm">rxterm</primary> 693 </indexterm></listitem> 694 </varlistentry> 695 696 <varlistentry id="string2key"> 697 <term><command>string2key</command></term> 698 <listitem><para>maps a password into a key.</para> 699 <indexterm zone="heimdal string2key"> 700 <primary sortas="b-string2key">string2key</primary> 701 </indexterm></listitem> 702 </varlistentry> 703 704 <varlistentry id="su"> 705 <term><command>su</command></term> 706 <listitem><para>is a kerberized su client program.</para> 707 <indexterm zone="heimdal su"> 708 <primary sortas="b-su">su</primary> 709 </indexterm></listitem> 710 </varlistentry> 711 712 <varlistentry id="telnet"> 713 <term><command>telnet</command></term> 714 <listitem><para>is a kerberized telnet client program.</para> 715 <indexterm zone="heimdal telnet"> 716 <primary sortas="b-telnet">telnet</primary> 717 </indexterm></listitem> 718 </varlistentry> 719 720 <varlistentry id="telnetd"> 721 <term><command>telnetd</command></term> 722 <listitem><para>is a kerberized telnet server.</para> 723 <indexterm zone="heimdal telnetd"> 724 <primary sortas="b-telnetd">telnetd</primary> 725 </indexterm></listitem> 726 </varlistentry> 727 728 <varlistentry id="tenletxr"> 729 <term><command>tenletxr</command></term> 730 <listitem><para>forwards <application>X</application> connections 731 backwards.</para> 732 <indexterm zone="heimdal tenletxr"> 733 <primary sortas="b-tenletxr">tenletxr</primary> 734 </indexterm></listitem> 735 </varlistentry> 736 737 <varlistentry id="verify_krb5_conf"> 738 <term><command>verify_krb5_conf</command></term> 739 <listitem><para>checks <filename>krb5.conf</filename> file for obvious 740 errors.</para> 741 <indexterm zone="heimdal verify_krb5_conf"> 742 <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary> 743 </indexterm></listitem> 744 </varlistentry> 745 746 <varlistentry id="xnlock"> 747 <term><command>xnlock</command></term> 748 <listitem><para>is a program that acts as a secure screen saver for 749 workstations running <application>X</application>.</para> 750 <indexterm zone="heimdal xnlock"> 751 <primary sortas="b-xnlock">xnlock</primary> 752 </indexterm></listitem> 753 </varlistentry> 754 755 <varlistentry id="libasn1"> 756 <term><filename class='libraryfile'>libasn1.[so,a]</filename></term> 757 <listitem><para>provides the ASN.1 and DER functions to encode and decode 758 the Kerberos TGTs.</para> 759 <indexterm zone="heimdal libasn1"> 760 <primary sortas="c-libasn1">libasn1.[so,a]</primary> 761 </indexterm></listitem> 762 </varlistentry> 763 764 <varlistentry id="libeditline"> 765 <term><filename class='libraryfile'>libeditline.a</filename></term> 766 <listitem><para>is a command-line editing library with history.</para> 767 <indexterm zone="heimdal libeditline"> 768 <primary sortas="c-libeditline">libeditline.a</primary> 769 </indexterm></listitem> 770 </varlistentry> 771 772 <varlistentry id="libgssapi"> 773 <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term> 774 <listitem><para>contain the Generic Security Service Application Programming 775 Interface (<acronym>GSSAPI</acronym>) functions which provides security 776 services to callers in a generic fashion, supportable with a range of 777 underlying mechanisms and technologies and hence allowing source-level 778 portability of applications to different environments.</para> 779 <indexterm zone="heimdal libgssapi"> 780 <primary sortas="c-libgssapi">libgssapi.[so,a]</primary> 781 </indexterm></listitem> 782 </varlistentry> 783 784 <varlistentry id="libhdb"> 785 <term><filename class='libraryfile'>libhdb.[so,a]</filename></term> 786 <listitem><para>is a <application>Heimdal</application> Kerberos 5 787 authentication/authorization database access library.</para> 788 <indexterm zone="heimdal libhdb"> 789 <primary sortas="c-libhdb">libhdb.[so,a]</primary> 790 </indexterm></listitem> 791 </varlistentry> 792 793 <varlistentry id="libkadm5clnt"> 794 <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term> 795 <listitem><para>contains the administrative authentication and password 796 checking functions required by Kerberos 5 client-side programs.</para> 797 <indexterm zone="heimdal libkadm5clnt"> 798 <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary> 799 </indexterm></listitem> 800 </varlistentry> 801 802 <varlistentry id="libkadm5srv"> 803 <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term> 804 <listitem><para>contain the administrative authentication and password 805 checking functions required by Kerberos 5 servers.</para> 806 <indexterm zone="heimdal libkadm5srv"> 807 <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary> 808 </indexterm></listitem> 809 </varlistentry> 810 811 <varlistentry id="libkafs"> 812 <term><filename class='libraryfile'>libkafs.[so,a]</filename></term> 813 <listitem><para>contains the functions required to authenticated to AFS.</para> 814 <indexterm zone="heimdal libkafs"> 815 <primary sortas="c-libkafs">libkafs.[so,a]</primary> 816 </indexterm></listitem> 817 </varlistentry> 818 819 <varlistentry id="libkrb5"> 820 <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term> 821 <listitem><para>is an all-purpose Kerberos 5 library.</para> 822 <indexterm zone="heimdal libkrb5"> 823 <primary sortas="c-libkrb5">libkrb5.[so,a]</primary> 824 </indexterm></listitem> 825 </varlistentry> 826 827 <varlistentry id="libotp"> 828 <term><filename class='libraryfile'>libotp.[so,a]</filename></term> 829 <listitem><para>contains the functions required to handle authenticating 830 one time passwords.</para> 831 <indexterm zone="heimdal libotp"> 832 <primary sortas="c-libotp">libotp.[so,a]</primary> 833 </indexterm></listitem> 834 </varlistentry> 835 836 <varlistentry id="libroken"> 837 <term><filename class='libraryfile'>libroken.[so,a]</filename></term> 838 <listitem><para>is a library containing Kerberos 5 compatibility 839 functions.</para> 840 <indexterm zone="heimdal libroken"> 841 <primary sortas="c-libroken">libroken.[so,a]</primary> 842 </indexterm></listitem> 843 </varlistentry> 844 845 </variablelist> 493 846 494 847 </sect2> 495 848 496 <sect2><title>Description</title>497 498 <sect3><title>afslog</title>499 <para><command>afslog</command> obtains <acronym>AFS</acronym> tokens for a500 number of cells.</para></sect3>501 502 <sect3><title>hprop</title>503 <para><command>hprop</command> takes a principal database in a specified504 format and converts it into a stream of <application>Heimdal</application>505 database records.</para></sect3>506 507 <sect3><title>hpropd</title>508 <para><command>hpropd</command> receives a database sent by509 <command>hprop</command> and writes it as a local database.</para></sect3>510 511 <sect3><title>kadmin</title>512 <para><command>kadmin</command> is a utility used to make modifications513 to the Kerberos database.</para></sect3>514 515 <sect3><title>kadmind</title>516 <para><command>kadmind</command> is a server for administrative access517 to the Kerberos database.</para></sect3>518 519 <sect3><title>kauth, kinit</title>520 <para><command>kauth</command> and <command>kinit</command> are used to521 authenticate to the Kerberos server as a principal and acquire a ticket522 granting ticket that can later be used to obtain tickets for other523 services.</para></sect3>524 525 <sect3><title>kdc</title>526 <para><command>kdc</command> is a Kerberos 5 server.</para></sect3>527 528 <sect3><title>kdestroy</title>529 <para><command>kdestroy</command> removes a principle's current set of530 tickets.</para></sect3>531 532 <sect3><title>kf</title>533 <para><command>kf</command> is a program which forwards tickets to a534 remote host through an authenticated and encrypted535 stream.</para></sect3>536 537 <sect3><title>kfd</title>538 <para><command>kfd</command> receives forwarded tickets.</para></sect3>539 540 <sect3><title>kgetcred</title>541 <para><command>kgetcred</command> obtains a ticket for a542 service.</para></sect3>543 544 <sect3><title>klist</title>545 <para><command>klist</command> reads and displays the current tickets in546 the credential cache.</para></sect3>547 548 <sect3><title>kpasswd</title>549 <para><command>kpasswd</command> is a program for changing Kerberos 5550 passwords.</para></sect3>551 552 <sect3><title>kpasswdd</title>553 <para><command>kpasswdd</command> is a Kerberos 5 password changing554 server.</para></sect3>555 556 <sect3><title>krb5-config</title>557 <para><command>krb5-config</command> gives information on how to link558 programs against <application>Heimdal</application> libraries.</para></sect3>559 560 <sect3><title>kstash</title>561 <para><command>kstash</command> stores the <acronym>KDC</acronym> master562 password in a file.</para></sect3>563 564 <sect3><title>ktutil</title>565 <para><command>ktutil</command> is a program for managing Kerberos566 keytabs.</para></sect3>567 568 <sect3><title>kx</title>569 <para><command>kx</command> is a program which securely forwards570 <application>X</application> connections.</para></sect3>571 572 <sect3><title>kxd</title>573 <para><command>kxd</command> is the daemon for574 <command>kx</command>.</para></sect3>575 576 <sect3><title>otp</title>577 <para><command>otp</command> manages one-time passwords.</para></sect3>578 579 <sect3><title>otpprint</title>580 <para><command>otpprint</command> prints lists of one-time581 passwords.</para></sect3>582 583 <sect3><title>rxtelnet</title>584 <para><command>rxtelnet</command> starts an <command>xterm</command>585 window with a telnet to a given host and forwards586 <application>X</application> connections.</para></sect3>587 588 <sect3><title>rxterm</title>589 <para><command>rxterm</command> starts a secure remote590 <command>xterm</command>.</para></sect3>591 592 <sect3><title>string2key</title>593 <para><command>string2key</command> maps a password into a594 key.</para></sect3>595 596 <sect3><title>tenletxr</title>597 <para><command>tenletxr</command> forwards <application>X</application>598 connections backwards.</para></sect3>599 600 <sect3><title>verify_krb5_conf</title>601 <para><command>verify_krb5_conf</command> checks602 <filename>krb5.conf</filename> file for obvious errors.</para></sect3>603 604 <sect3><title>xnlock</title>605 <para><command>xnlock</command> is a program that acts as a secure screen606 saver for workstations running <application>X</application>.</para></sect3>607 608 </sect2>609 610 849 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.