Context Navigation

← Previous Changeset
Next Changeset →

Changeset 93c27d5

Timestamp:

05/14/2005 12:32:44 PM (19 years ago)

Author:

Manuel Canales Esparcia <manuel@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

5a5bbbf

Parents:

7f0fe5f

Message:

Tagged mitkrb.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4205 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

: 1 edited

postlfs/security/mitkrb.xml (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

postlfs/security/mitkrb.xml

-              r7f0fe5f
+              r93c27d5
 <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="mitkrb.html"?>
+<title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
+<indexterm zone="mitkrb">
+<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm>
+<sect2>
+<title>Introduction to <application><acronym>MIT</acronym>
+krb5</application></title>
+<para>
+<application><acronym>MIT</acronym> krb5</application> is a free
+implementation of Kerberos 5. Kerberos is a network authentication
+protocol. It centralizes the authentication database and uses kerberized
+applications to work with servers or services that support Kerberos
+allowing single logins and encrypted communication over internal
+networks or the Internet.
+</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP):
+<ulink url="&mitkrb-download-http;"/></para></listitem>
+<listitem><para>Download (FTP):
+<ulink url="&mitkrb-download-ftp;"/></para></listitem>
+<listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem>
+<listitem><para>Download size: &mitkrb-size;</para></listitem>
+<listitem><para>Estimated disk space required:
+&mitkrb-buildsize;</para></listitem>
+<listitem><para>Estimated build time:
+&mitkrb-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title><application><acronym>MIT</acronym> krb5</application>
+dependencies</title>
+<sect4><title>Optional</title>
+<para>
+<xref linkend="xinetd"/> (services servers only),
+<xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
+<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
+password database)
+</para>
+<note><para>
+Some sort of time synchronization facility on your system (like
+<xref linkend="ntp"/>) is required since Kerberos won't authenticate if there
+is a time difference between a kerberized client and the
+<acronym>KDC</acronym> server.</para></note>
+</sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of <application><acronym>MIT</acronym>
+krb5</application></title>
+<para>
+<application><acronym>MIT</acronym> krb5</application> is distributed in a
+<acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym>
+package and a detached <acronym>PGP</acronym>
+<filename class="extension">ASC</filename> file.
+</para>
+<para>
+If you have installed <xref linkend="gnupg"/>, you can
+authenticate the package with the following command:
+</para>
+<screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen>
+<para>
+Build <application><acronym>MIT</acronym> krb5</application> by running the
+following commands:
+</para>
+<screen><userinput><command>cd src &amp;&amp;
+  <?dbhtml filename="mitkrb.html"?>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+  <title>MIT Krb5-&mitkrb-version;</title>
+  <indexterm zone="mitkrb">
+    <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary>
+  </indexterm>
+    <sect2 role="package">
+      <title>Introduction to MIT Krb5</title>
+    <para><application>MIT krb5</application> is a free implementation of
+    Kerberos 5. Kerberos is a network authentication protocol. It
+    centralizes the authentication database and uses kerberized
+    applications to work with servers or services that support Kerberos
+    allowing single logins and encrypted communication over internal
+    networks or the Internet.</para>
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &mitkrb-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &mitkrb-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &mitkrb-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &mitkrb-time;</para>
+      </listitem>
+    </itemizedlist>
+    <bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead>
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para><xref linkend="xinetd"/> (services servers only),
+    <xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
+    <xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
+    password database)</para>
+    <note>
+      <para>Some sort of time synchronization facility on your system (like
+      <xref linkend="ntp"/>) is required since Kerberos won't authenticate if
+      there is a time difference between a kerberized client and the
+      KDC server.</para>
+    </note>
+  </sect2>
+  <sect2 role="installation">
+    <title>Installation of MIT Krb5</title>
+    <para><application>MIT krb5</application> is distributed in a
+    TAR file containing a compressed TAR package and a detached PGP
+    <filename class="extension">ASC</filename> file.</para>
+    <para>If you have installed <xref linkend="gnupg"/>, you can
+    authenticate the package with the following command:</para>
+<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
+    <para>Build <application>MIT krb5</application> by running the
+    following commands:</para>
+<screen><userinput>cd src &amp;&amp;
 ./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib --enable-dns \
     --enable-static --mandir=/usr/share/man &amp;&amp;
+make</command></userinput></screen>
+<para>
+Install <application><acronym>MIT</acronym> krb5</application> by
+running the following commands as root:
+</para>
+<screen><userinput role='root'><command>make install &amp;&amp;
+mv /bin/login /bin/login.shadow &amp;&amp;
+cp /usr/sbin/login.krb5 /bin/login &amp;&amp;
+mv /usr/bin/ksu /bin &amp;&amp;
+mv /usr/lib/libkrb5.so.3* /lib &amp;&amp;
+mv /usr/lib/libkrb4.so.2* /lib &amp;&amp;
+mv /usr/lib/libdes425.so.3* /lib &amp;&amp;
+mv /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
+mv /usr/lib/libcom_err.so.3* /lib &amp;&amp;
+ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &amp;&amp;
+ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &amp;&amp;
+ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &amp;&amp;
+ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &amp;&amp;
+ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &amp;&amp;
+ldconfig</command></userinput></screen>
+</sect2>
+<sect2>
+<title>Command explanations</title>
+<para>
+<parameter>--enable-dns</parameter>: This switch allows realms to
+be resolved using the <acronym>DNS</acronym> server.
+</para>
+<para>
+<parameter>--enable-static</parameter>: This switch builds static
+libraries in addition to the shared libraries.
+</para>
+<para>
+<screen><command>mv /bin/login /bin/login.shadow
+cp /usr/sbin/login.krb5 /bin/login
+mv /usr/bin/ksu /bin</command></screen>
+Preserves <application>Shadow</application>'s <command>login</command>
+command, moves <command>ksu</command> and <command>login</command> to
+the <filename class="directory">/bin</filename> directory.
+</para>
+<para>
+<screen><command>mv /usr/lib/libkrb5.so.3* /lib
+mv /usr/lib/libkrb4.so.2* /lib
+mv /usr/lib/libdes425.so.3* /lib
+mv /usr/lib/libk5crypto.so.3* /lib
+mv /usr/lib/libcom_err.so.3* /lib
+ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so
+ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so
+ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so
+ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so
+ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen>
+The <command>login</command> and <command>ksu</command> programs
+are linked against these libraries, therefore we move these libraries to
+<filename class="directory">/lib</filename> to allow logins without mounting
+<filename class="directory">/usr</filename>.
+</para>
+</sect2>
+<sect2>
+<title>Configuring <application><acronym>MIT</acronym> krb5</application></title>
+<sect3 id="krb5-config"><title>Config files</title>
+<para>
+<filename>/etc/krb5.conf</filename> and
+<filename>/var/lib/krb5kdc/kdc.conf</filename>
+</para>
+<indexterm zone="mitkrb krb5-config">
+<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm>
+<indexterm zone="mitkrb krb5-config">
+<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
+</indexterm>
+</sect3>
+<sect3><title>Configuration Information</title>
+<sect4><title>Kerberos Configuration</title>
+<para>
+Create the Kerberos configuration file with the following command:
+</para>
+<screen><userinput role='root'><command>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"</command>
+# Begin /etc/krb5.conf
+make</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+<screen role="root"><userinput>make install &amp;&amp;
+mv -v /bin/login /bin/login.shadow &amp;&amp;
+cp -v /usr/sbin/login.krb5 /bin/login &amp;&amp;
+mv -v /usr/bin/ksu /bin &amp;&amp;
+mv -v /usr/lib/libkrb5.so.3* /lib &amp;&amp;
+mv -v /usr/lib/libkrb4.so.2* /lib &amp;&amp;
+mv -v /usr/lib/libdes425.so.3* /lib &amp;&amp;
+mv -v /usr/lib/libk5crypto.so.3* /lib &amp;&amp;
+mv -v /usr/lib/libcom_err.so.3* /lib &amp;&amp;
+ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &amp;&amp;
+ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &amp;&amp;
+ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &amp;&amp;
+ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &amp;&amp;
+ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &amp;&amp;
+ldconfig</userinput></screen>
+  </sect2>
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+    <para><parameter>--enable-dns</parameter>: This switch allows
+    realms to be resolved using the DNS server.</para>
+    <para><parameter>--enable-static</parameter>: This switch builds static
+    libraries in addition to the shared libraries.</para>
+    <para><command>mv -v /bin/login /bin/login.shadow &amp;&amp;
+    cp -v /usr/sbin/login.krb5 /bin/login &amp;&amp;
+    mv -v /usr/bin/ksu /bin</command>: Preserves
+    <application>Shadow</application>'s <command>login</command>
+    command, moves <command>ksu</command> and <command>login</command> to
+    the <filename class="directory">/bin</filename> directory.</para>
+    <para><command>mv -v ... /lib &amp;&amp; ln -v -sf ...</command>:
+    The <command>login</command> and <command>ksu</command> programs
+    are linked against these libraries, therefore we move these libraries
+    to <filename class="directory">/lib</filename> to allow logins without
+    mounting <filename class="directory">/usr</filename>.</para>
+  </sect2>
+  <sect2 role="configuration">
+    <title>Configuring MIT Krb5</title>
+    <sect3 id="krb5-config">
+      <title>Config Files</title>
+      <para><filename>/etc/krb5.conf</filename> and
+      <filename>/var/lib/krb5kdc/kdc.conf</filename></para>
+      <indexterm zone="mitkrb krb5-config">
+        <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary>
+      </indexterm>
+      <indexterm zone="mitkrb krb5-config">
+        <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
+      </indexterm>
+    </sect3>
+    <sect3>
+      <title>Configuration Information</title>
+      <sect4>
+        <title>Kerberos Configuration</title>
+        <para>Create the Kerberos configuration file with the following
+        command:</para>
+<screen role="root"><userinput>cat &gt; /etc/krb5.conf &lt;&lt; "EOF"
+<literal># Begin /etc/krb5.conf
 [libdefaults]
 …
     default = SYSLOG[[:SYS]]
+# End /etc/krb5.conf
+<command>EOF</command></userinput></screen>
+<para>
+You will need to substitute your domain and proper hostname for the
+occurances of the <replaceable>[belgarath]</replaceable> and
+<replaceable>[lfs.org]</replaceable> names.
+</para>
+<para>
+<userinput>default_realm</userinput> should be the name of your domain changed
+to ALL CAPS. This isn't required, but both <application>Heimdal</application>
+and <acronym>MIT</acronym> recommend it.
+</para>
+<para>
+<userinput>encrypt = true</userinput> provides encryption of all traffic
+between kerberized clients and servers. It's not necessary and can be left
+off. If you leave it off, you can encrypt all traffic from the client to the
+server using a switch on the client program instead.
+</para>
+<para>
+The <userinput>[realms]</userinput> parameters tell the client programs where
+to look for the <acronym>KDC</acronym> authentication services.
+</para>
+<para>
+The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
+</para>
+<para>
+Create the <acronym>KDC</acronym> database:
+</para>
+<screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
+<para>
+Now you should populate the database with principles (users). For now,
+just use your regular login name or root.
+</para>
+<screen><userinput role='root'><command>kadmin.local</command></userinput>
+<prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen>
+<para>
+The <acronym>KDC</acronym> server and any machine running kerberized
+server daemons must have a host key installed:
+</para>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<para>
+After choosing the defaults when prompted, you will have to export the
+data to a keytab file:
+</para>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<para>
+This should have created a file in <filename class="directory">/etc</filename>
+named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600
+(root rw only) permissions. Keeping the keytab files from public access
+is crucial to the overall security of the Kerberos installation.
+</para>
+<para>
+Eventually, you'll want to add server daemon principles to the database
+and extract them to the keytab file. You do this in the same way you
+created the host principles. Below is an example:
+</para>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
+<prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<para>
+Exit the <command>kadmin</command> program (use <command>quit</command>
+or <command>exit</command>) and return back to the shell prompt. Start
+the <acronym>KDC</acronym> daemon manually, just to test out the
+installation:
+</para>
+<screen><userinput role='root'><command>/usr/sbin/krb5kdc &amp;</command></userinput></screen>
+<para>
+Attempt to get a ticket with the following command:
+</para>
+<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
+<para>
+You will be prompted for the password you created. After you get your
+ticket, you can list it with the following command:
+</para>
+<screen><userinput><command>klist</command></userinput></screen>
+<para>
+Information about the ticket should be displayed on the screen.
+</para>
+<para>
+To test the functionality of the keytab file, issue the following
+command:
+</para>
+<screen><userinput><command>ktutil</command></userinput>
+<prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput>
+<prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen>
+<para>
+This should dump a list of the host principal, along with the encryption
+methods used to access the principal.
+</para>
+<para>
+At this point, if everything has been successful so far, you can feel
+fairly confident in the installation and configuration of the package.
+</para>
+<para>
+Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
+included in the <xref linkend="intro-important-bootscripts"/> package.
+</para>
+<screen><userinput role='root'><command>make install-kerberos</command></userinput></screen>
+</sect4>
+<sect4><title>Using Kerberized Client Programs</title>
+<para>
+To use the kerberized client programs (<command>telnet</command>,
+<command>ftp</command>, <command>rsh</command>,
+<command>rcp</command>, <command>rlogin</command>), you first must get
+an authentication ticket. Use the <command>kinit</command> program to
+get the ticket. After you've acquired the ticket, you can use the
+kerberized programs to connect to any kerberized server on the network.
+You will not be prompted for authentication until your ticket expires
+(default is one day), unless you specify a different user as a command
+line argument to the program.
+</para>
+<para>
+The kerberized programs will connect to non kerberized daemons, warning
+you that authentication is not encrypted.
+</para>
+</sect4>
+<sect4><title>Using Kerberized Server Programs</title>
+<para>
+Using kerberized server programs (<command>telnetd</command>,
+<command>kpropd</command>, <command>klogind</command> and
+<command>kshd</command>) requires two additional configuration steps.
+First the <filename>/etc/services</filename> file must be updated to
+include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename>
+or <filename>xinetd.conf</filename> must be modified for each server that will
+be activated, usually replacing the server from <xref linkend="inetutils"/>.
+</para>
+</sect4>
+<sect4><title>Additional Information</title>
+<para>
+For additional information consult <ulink
+url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation
+for krb-&mitkrb-version;</ulink> on which the above instructions are based.
+</para>
+</sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<segmentedlist>
+<segtitle>Installed Programs</segtitle>
+<segtitle>Installed Libraries</segtitle>
+<segtitle>Installed Directories</segtitle>
+<seglistitem>
+<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
+kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
+klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
+krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
+rsh, sclient, sim_client, sim_server, sserver,
+telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg>
+<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a],
+libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a],
+libkrb4.[so,a]</seg>
+<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
+</seglistitem>
+</segmentedlist>
+<variablelist>
+<bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
+<varlistentry id="compile_et">
+<term><command>compile_et</command></term>
+<listitem><para>converts the table listing
+error-code names into a <application>C</application> source file..</para>
+<indexterm zone="mitkrb compile_et">
+<primary sortas="b-compile_et">compile_et</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="ftp-mitkrb">
+<term><command>ftp</command></term>
+<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
+<indexterm zone="mitkrb ftp">
+<primary sortas="b-ftp">ftp</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="ftpd-mitkrb">
+<term><command>ftpd</command></term>
+<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
+<indexterm zone="mitkrb ftpd">
+<primary sortas="b-ftpd">ftpd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="k5srvutil">
+<term><command>k5srvutil</command></term>
+<listitem><para>is a host keytable manipulation utility.</para>
+<indexterm zone="mitkrb k5srvutil">
+<primary sortas="b-k5srvutil">k5srvutil</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kadmin-mitkrb">
+<term><command>kadmin</command></term>
+<listitem><para>is an utility used to make modifications
+to the Kerberos database.</para>
+<indexterm zone="mitkrb kadmin-mitkrb">
+<primary sortas="b-kadmin">kadmin</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kadmind-mitkrb">
+<term><command>kadmind</command></term>
+<listitem><para>is a server for administrative access
+to a Kerberos database.</para>
+<indexterm zone="mitkrb kadmind-mitkrb">
+<primary sortas="b-kadmind">kadmind</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kdb5_util">
+<term><command>kdb5_util</command></term>
+<listitem><para>is the <acronym>KDC</acronym> database utility.</para>
+<indexterm zone="mitkrb kdb5_util">
+<primary sortas="b-kdb5_util">kdb5_util</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kdestroy-mitkrb">
+<term><command>kdestroy</command></term>
+<listitem><para>removes the current set of tickets.</para>
+<indexterm zone="mitkrb kdestroy-mitkrb">
+<primary sortas="b-kdestroy">kdestroy</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kinit-mitkrb">
+<term><command>kinit</command></term>
+<listitem><para>is used to authenticate to the Kerberos server as
+a principal and acquire a ticket granting ticket that can later be used
+to obtain tickets for other services.</para>
+<indexterm zone="mitkrb kinit-mitkrb">
+<primary sortas="b-kinit">kinit</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="klist-mitkrb">
+<term><command>klist</command></term>
+<listitem><para>reads and displays the current tickets in
+the credential cache.</para>
+<indexterm zone="mitkrb klist-mitkrb">
+<primary sortas="b-klist">klist</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="klogind">
+<term><command>klogind</command></term>
+<listitem><para>is the server that responds to
+<command>rlogin</command> requests.</para>
+<indexterm zone="mitkrb klogind">
+<primary sortas="b-klogind">klogind</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kpasswd-mitkrb">
+<term><command>kpasswd</command></term>
+<listitem><para>is a program for changing Kerberos 5 passwords.</para>
+<indexterm zone="mitkrb kpasswd-mitkrb">
+<primary sortas="b-kpasswd">kpasswd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kprop">
+<term><command>kprop</command></term>
+<listitem><para>takes a principal database in a specified
+format and converts it into a stream of database
+records.</para>
+<indexterm zone="mitkrb kprop">
+<primary sortas="b-kprop">kprop</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kpropd">
+<term><command>kpropd</command></term>
+<listitem><para>receives a database sent by
+<command>kprop</command> and writes it as a local database.</para>
+<indexterm zone="mitkrb kpropd">
+<primary sortas="b-kpropd">kpropd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="krb5-config-1">
+<term><command>krb5-config</command></term>
+<listitem><para>gives information on how to link
+programs against libraries.</para>
+<indexterm zone="mitkrb krb5-config-prog">
+<primary sortas="b-krb5-config-1">krb5-config</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="krb5kdc">
+<term><command>krb5kdc</command></term>
+<listitem><para>is a Kerberos 5 server.</para>
+<indexterm zone="mitkrb krb5kdc">
+<primary sortas="b-krb5kdc">krb5kdc</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kshd">
+<term><command>kshd</command></term>
+<listitem><para>is the server that responds to
+<command>rsh</command> requests.</para>
+<indexterm zone="mitkrb kshd">
+<primary sortas="b-kshd">kshd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="ksu">
+<term><command>ksu</command></term>
+<listitem><para>is the super user program using Kerberos protocol.
+Requires a properly configured
+<filename class="directory">/etc/shells</filename> and
+<filename>~/.k5login</filename> containing principals authorized to
+become super users.</para>
+<indexterm zone="mitkrb ksu">
+<primary sortas="b-ksu">ksu</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="ktutil-mitkrb">
+<term><command>ktutil</command></term>
+<listitem><para>is a program for managing Kerberos keytabs.</para>
+<indexterm zone="mitkrb ktutil-mitkrb">
+<primary sortas="b-ktutil">ktutil</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="kvno">
+<term><command>kvno</command></term>
+<listitem><para>prints keyversion numbers of Kerberos principals.</para>
+<indexterm zone="mitkrb kvno">
+<primary sortas="b-kvno">kvno</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="login.krb5">
+<term><command>login.krb5</command></term>
+<listitem><para>is a kerberized login program.</para>
+<indexterm zone="mitkrb login">
+<primary sortas="b-login.krb5">login.krb5</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="rcp-mitkrb">
+<term><command>rcp</command></term>
+<listitem><para>is a kerberized rcp client program.</para>
+<indexterm zone="mitkrb rcp">
+<primary sortas="b-rcp">rcp</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="rlogin">
+<term><command>rlogin</command></term>
+<listitem><para>is a kerberized rlogin client program.</para>
+<indexterm zone="mitkrb rlogin">
+<primary sortas="b-rlogin">rlogin</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="rsh-mitkrb">
+<term><command>rsh</command></term>
+<listitem><para>is a kerberized rsh client program.</para>
+<indexterm zone="mitkrb rsh">
+<primary sortas="b-rsh">rsh</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="telnet-mitkrb">
+<term><command>telnet</command></term>
+<listitem><para>is a kerberized telnet client program.</para>
+<indexterm zone="mitkrb telnet">
+<primary sortas="b-telnet">telnet</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="telnetd-mitkrb">
+<term><command>telnetd</command></term>
+<listitem><para>is a kerberized telnet server.</para>
+<indexterm zone="mitkrb telnetd">
+<primary sortas="b-telnetd">telnetd</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libcom_err">
+<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
+<listitem><para>implements the Kerberos library error code.</para>
+<indexterm zone="mitkrb libcom_err">
+<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libgssapi-mitkrb">
+<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
+<listitem><para>contain the Generic Security Service Application
+Programming
+Interface (<acronym>GSSAPI</acronym>) functions which provides security
+services to callers in a generic fashion, supportable with a range of
+underlying mechanisms and technologies and hence allowing source-level
+portability of applications to different environments.</para>
+<indexterm zone="mitkrb libgssapi">
+<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libkadm5clnt-mitkrb">
+<term><filename
+class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
+<listitem><para>contains the administrative authentication and password
+checking functions required by Kerberos 5 client-side programs.</para>
+<indexterm zone="mitkrb libkadm5clnt">
+<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libkadm5srv-mitkrb">
+<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
+<listitem><para>contain the administrative authentication and password
+checking functions required by Kerberos 5 servers.</para>
+<indexterm zone="mitkrb libkadm5srv">
+<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libkdb5">
+<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
+<listitem><para>is a Kerberos 5
+authentication/authorization database access library.</para>
+<indexterm zone="mitkrb libkdb5">
+<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+<varlistentry id="libkrb5-mitkrb">
+<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
+<listitem><para>is an all-purpose Kerberos 5 library.</para>
+<indexterm zone="mitkrb libkrb5">
+<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
+</indexterm></listitem>
+</varlistentry>
+</variablelist>
+</sect2>
+# End /etc/krb5.conf</literal>
+EOF</userinput></screen>
+        <para>You will need to substitute your domain and proper hostname
+        for the occurances of the <replaceable>[belgarath]</replaceable> and
+        <replaceable>[lfs.org]</replaceable> names.</para>
+        <para><option>default_realm</option> should be the name of your
+        domain changed to ALL CAPS. This isn't required, but both
+        <application>Heimdal</application> and MIT recommend it.</para>
+        <para><option>encrypt = true</option> provides encryption of all
+        traffic between kerberized clients and servers. It's not necessary
+        and can be left off. If you leave it off, you can encrypt all traffic
+        from the client to the server using a switch on the client program
+        instead.</para>
+        <para>The <option>[realms]</option> parameters tell the client
+        programs where to look for the KDC authentication services.</para>
+        <para>The <option>[domain_realm]</option> section maps a domain to
+        a realm.</para>
+        <para>Create the KDC database:</para>
+<screen role="root"><userinput>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s</userinput></screen>
+        <para>Now you should populate the database with principles
+        (users). For now, just use your regular login name or
+        <systemitem class="username">root</systemitem>.</para>
+<screen role="root"><userinput>kadmin.local
+<prompt>kadmin:</prompt> addprinc <replaceable>[loginname]</replaceable></userinput></screen>
+        <para>The KDC server and any machine running kerberized
+        server daemons must have a host key installed:</para>
+<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
+        <para>After choosing the defaults when prompted, you will have to
+        export the data to a keytab file:</para>
+<screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
+        <para>This should have created a file in
+        <filename class="directory">/etc</filename> named
+        <filename>krb5.keytab</filename> (Kerberos 5). This file should
+        have 600 (<systemitem class="username">root</systemitem> rw only)
+        permissions. Keeping the keytab files from public access is crucial
+        to the overall security of the Kerberos installation.</para>
+        <para>Eventually, you'll want to add server daemon principles to the
+        database and extract them to the keytab file. You do this in the same
+        way you created the host principles. Below is an example:</para>
+<screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable>
+<prompt>kadmin:</prompt> ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen>
+        <para>Exit the <command>kadmin</command> program (use
+        <command>quit</command> or <command>exit</command>) and return
+        back to the shell prompt. Start the KDC daemon manually, just to
+        test out the installation:</para>
+<screen role='root'><userinput>/usr/sbin/krb5kdc &amp;</userinput></screen>
+        <para>Attempt to get a ticket with the following command:</para>
+<screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen>
+        <para>You will be prompted for the password you created. After you
+        get your ticket, you can list it with the following command:</para>
+<screen><userinput>klist</userinput></screen>
+        <para>Information about the ticket should be displayed on the
+        screen.</para>
+        <para>To test the functionality of the keytab file, issue the
+        following command:</para>
+<screen><userinput>ktutil
+<prompt>ktutil:</prompt> rkt /etc/krb5.keytab
+<prompt>ktutil:</prompt> l</userinput></screen>
+        <para>This should dump a list of the host principal, along with
+        the encryption methods used to access the principal.</para>
+        <para>At this point, if everything has been successful so far, you
+        can feel fairly confident in the installation and configuration of
+        the package.</para>
+        <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init
+        script included in the <xref linkend="intro-important-bootscripts"/>
+        package.</para>
+<screen role="root"><userinput>make install-kerberos</userinput></screen>
+      </sect4>
+      <sect4>
+        <title>Using Kerberized Client Programs</title>
+        <para>To use the kerberized client programs (<command>telnet</command>,
+        <command>ftp</command>, <command>rsh</command>, <command>rcp</command>,
+        <command>rlogin</command>), you first must get an authentication ticket.
+        Use the <command>kinit</command> program to get the ticket. After you've
+        acquired the ticket, you can use the kerberized programs to connect to
+        any kerberized server on the network. You will not be prompted for
+        authentication until your ticket expires (default is one day), unless
+        you specify a different user as a command line argument to the
+        program.</para>
+        <para>The kerberized programs will connect to non kerberized daemons,
+        warning you that authentication is not encrypted.</para>
+      </sect4>
+      <sect4>
+        <title>Using Kerberized Server Programs</title>
+        <para>Using kerberized server programs (<command>telnetd</command>,
+        <command>kpropd</command>, <command>klogind</command> and
+        <command>kshd</command>) requires two additional configuration steps.
+        First the <filename>/etc/services</filename> file must be updated to
+        include eklogin and krb5_prop. Second, the
+        <filename>inetd.conf</filename> or <filename>xinetd.conf</filename>
+        must be modified for each server that will be activated, usually
+        replacing the server from <xref linkend="inetutils"/>.</para>
+      </sect4>
+      <sect4>
+        <title>Additional Information</title>
+        <para>For additional information consult <ulink
+        url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">
+        Documentation for krb-&mitkrb-version;</ulink> on which the above
+        instructions are based.</para>
+      </sect4>
+    </sect3>
+  </sect2>
+  <sect2 role="content">
+    <title>Contents</title>
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directories</segtitle>
+      <seglistitem>
+        <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
+        kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
+        klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
+        krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
+        rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd,
+        uuclient, uuserver, v5passwd, and v5passwdd</seg>
+        <seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a],
+        libgssrpc.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a],
+        libkdb5.[so,a], libkrb5.[so,a], and libkrb4.[so,a]</seg>
+        <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
+      </seglistitem>
+    </segmentedlist>
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+      <varlistentry id="compile_et">
+        <term><command>compile_et</command></term>
+        <listitem>
+          <para>converts the table listing error-code names into a
+          C source file.</para>
+          <indexterm zone="mitkrb compile_et">
+            <primary sortas="b-compile_et">compile_et</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="ftp-mitkrb">
+        <term><command>ftp</command></term>
+        <listitem>
+          <para>is a kerberized FTP client.</para>
+          <indexterm zone="mitkrb ftp">
+            <primary sortas="b-ftp">ftp</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="ftpd-mitkrb">
+        <term><command>ftpd</command></term>
+        <listitem>
+          <para>is a kerberized FTP daemon.</para>
+          <indexterm zone="mitkrb ftpd">
+            <primary sortas="b-ftpd">ftpd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="k5srvutil">
+        <term><command>k5srvutil</command></term>
+        <listitem>
+          <para>is a host keytable manipulation utility.</para>
+          <indexterm zone="mitkrb k5srvutil">
+            <primary sortas="b-k5srvutil">k5srvutil</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kadmin-mitkrb">
+        <term><command>kadmin</command></term>
+        <listitem>
+          <para>is an utility used to make modifications
+          to the Kerberos database.</para>
+          <indexterm zone="mitkrb kadmin-mitkrb">
+            <primary sortas="b-kadmin">kadmin</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kadmind-mitkrb">
+        <term><command>kadmind</command></term>
+        <listitem>
+          <para>is a server for administrative access
+          to a Kerberos database.</para>
+          <indexterm zone="mitkrb kadmind-mitkrb">
+            <primary sortas="b-kadmind">kadmind</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kdb5_util">
+        <term><command>kdb5_util</command></term>
+        <listitem>
+          <para>is the KDC database utility.</para>
+          <indexterm zone="mitkrb kdb5_util">
+            <primary sortas="b-kdb5_util">kdb5_util</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kdestroy-mitkrb">
+        <term><command>kdestroy</command></term>
+        <listitem>
+          <para>removes the current set of tickets.</para>
+          <indexterm zone="mitkrb kdestroy-mitkrb">
+            <primary sortas="b-kdestroy">kdestroy</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kinit-mitkrb">
+        <term><command>kinit</command></term>
+        <listitem>
+          <para>is used to authenticate to the Kerberos server as a
+          principal and acquire a ticket granting ticket that can
+          later be used to obtain tickets for other services.</para>
+          <indexterm zone="mitkrb kinit-mitkrb">
+            <primary sortas="b-kinit">kinit</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="klist-mitkrb">
+        <term><command>klist</command></term>
+        <listitem>
+          <para>reads and displays the current tickets in
+          the credential cache.</para>
+          <indexterm zone="mitkrb klist-mitkrb">
+            <primary sortas="b-klist">klist</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="klogind">
+        <term><command>klogind</command></term>
+        <listitem>
+          <para>is the server that responds to <command>rlogin</command>
+          requests.</para>
+          <indexterm zone="mitkrb klogind">
+            <primary sortas="b-klogind">klogind</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kpasswd-mitkrb">
+        <term><command>kpasswd</command></term>
+        <listitem>
+          <para>is a program for changing Kerberos 5 passwords.</para>
+          <indexterm zone="mitkrb kpasswd-mitkrb">
+            <primary sortas="b-kpasswd">kpasswd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kprop">
+        <term><command>kprop</command></term>
+        <listitem>
+          <para>takes a principal database in a specified format and
+          converts it into a stream of database records.</para>
+          <indexterm zone="mitkrb kprop">
+            <primary sortas="b-kprop">kprop</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kpropd">
+        <term><command>kpropd</command></term>
+        <listitem>
+          <para>receives a database sent by <command>kprop</command>
+          and writes it as a local database.</para>
+          <indexterm zone="mitkrb kpropd">
+            <primary sortas="b-kpropd">kpropd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="krb5-config-1">
+        <term><command>krb5-config</command></term>
+        <listitem>
+          <para>gives information on how to link programs against
+          libraries.</para>
+          <indexterm zone="mitkrb krb5-config-prog">
+            <primary sortas="b-krb5-config-1">krb5-config</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="krb5kdc">
+        <term><command>krb5kdc</command></term>
+        <listitem>
+          <para>is a Kerberos 5 server.</para>
+          <indexterm zone="mitkrb krb5kdc">
+            <primary sortas="b-krb5kdc">krb5kdc</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kshd">
+        <term><command>kshd</command></term>
+        <listitem>
+          <para>is the server that responds to <command>rsh</command>
+          requests.</para>
+          <indexterm zone="mitkrb kshd">
+            <primary sortas="b-kshd">kshd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="ksu">
+        <term><command>ksu</command></term>
+        <listitem>
+          <para>is the super user program using Kerberos protocol.
+          Requires a properly configured
+          <filename class="directory">/etc/shells</filename> and
+          <filename>~/.k5login</filename> containing principals
+          authorized to become super users.</para>
+          <indexterm zone="mitkrb ksu">
+            <primary sortas="b-ksu">ksu</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="ktutil-mitkrb">
+        <term><command>ktutil</command></term>
+        <listitem>
+          <para>is a program for managing Kerberos keytabs.</para>
+          <indexterm zone="mitkrb ktutil-mitkrb">
+            <primary sortas="b-ktutil">ktutil</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="kvno">
+        <term><command>kvno</command></term>
+        <listitem>
+          <para>prints keyversion numbers of Kerberos principals.</para>
+          <indexterm zone="mitkrb kvno">
+            <primary sortas="b-kvno">kvno</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="login.krb5">
+        <term><command>login.krb5</command></term>
+        <listitem>
+        <para>is a kerberized login program.</para>
+        <indexterm zone="mitkrb login">
+        <primary sortas="b-login.krb5">login.krb5</primary>
+        </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="rcp-mitkrb">
+        <term><command>rcp</command></term>
+        <listitem>
+          <para>is a kerberized rcp client program.</para>
+          <indexterm zone="mitkrb rcp">
+            <primary sortas="b-rcp">rcp</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="rlogin">
+        <term><command>rlogin</command></term>
+        <listitem>
+          <para>is a kerberized rlogin client program.</para>
+          <indexterm zone="mitkrb rlogin">
+            <primary sortas="b-rlogin">rlogin</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="rsh-mitkrb">
+        <term><command>rsh</command></term>
+        <listitem>
+          <para>is a kerberized rsh client program.</para>
+          <indexterm zone="mitkrb rsh">
+            <primary sortas="b-rsh">rsh</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="telnet-mitkrb">
+        <term><command>telnet</command></term>
+        <listitem>
+          <para>is a kerberized telnet client program.</para>
+          <indexterm zone="mitkrb telnet">
+            <primary sortas="b-telnet">telnet</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="telnetd-mitkrb">
+        <term><command>telnetd</command></term>
+        <listitem>
+          <para>is a kerberized telnet server.</para>
+          <indexterm zone="mitkrb telnetd">
+            <primary sortas="b-telnetd">telnetd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libcom_err">
+        <term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
+        <listitem>
+          <para>implements the Kerberos library error code.</para>
+          <indexterm zone="mitkrb libcom_err">
+            <primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libgssapi-mitkrb">
+        <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
+        <listitem>
+          <para>contain the Generic Security Service Application
+          Programming Interface (GSSAPI) functions which provides security
+          services to callers in a generic fashion, supportable with a range of
+          underlying mechanisms and technologies and hence allowing source-level
+          portability of applications to different environments.</para>
+          <indexterm zone="mitkrb libgssapi">
+            <primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libkadm5clnt-mitkrb">
+        <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
+        <listitem>
+          <para>contains the administrative authentication and password
+          checking functions required by Kerberos 5 client-side programs.</para>
+          <indexterm zone="mitkrb libkadm5clnt">
+            <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libkadm5srv-mitkrb">
+        <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
+        <listitem>
+          <para>contain the administrative authentication and password
+          checking functions required by Kerberos 5 servers.</para>
+          <indexterm zone="mitkrb libkadm5srv">
+            <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libkdb5">
+        <term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
+        <listitem>
+          <para>is a Kerberos 5 authentication/authorization database
+          access library.</para>
+          <indexterm zone="mitkrb libkdb5">
+            <primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="libkrb5-mitkrb">
+        <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
+        <listitem>
+          <para>is an all-purpose Kerberos 5 library.</para>
+          <indexterm zone="mitkrb libkrb5">
+            <primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 93c27d5

Legend:

postlfs/security/mitkrb.xml

Download in other formats: