Changeset 93c27d5
- Timestamp:
- 05/14/2005 12:32:44 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 5a5bbbf
- Parents:
- 7f0fe5f
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/mitkrb.xml
r7f0fe5f r93c27d5 14 14 15 15 <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;"> 16 <sect1info> 17 <othername>$LastChangedBy$</othername> 18 <date>$Date$</date> 19 </sect1info> 20 <?dbhtml filename="mitkrb.html"?> 21 <title><acronym>MIT</acronym> krb5-&mitkrb-version;</title> 22 <indexterm zone="mitkrb"> 23 <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm> 24 25 <sect2> 26 <title>Introduction to <application><acronym>MIT</acronym> 27 krb5</application></title> 28 29 <para> 30 <application><acronym>MIT</acronym> krb5</application> is a free 31 implementation of Kerberos 5. Kerberos is a network authentication 32 protocol. It centralizes the authentication database and uses kerberized 33 applications to work with servers or services that support Kerberos 34 allowing single logins and encrypted communication over internal 35 networks or the Internet. 36 </para> 37 38 <sect3><title>Package information</title> 39 <itemizedlist spacing='compact'> 40 <listitem><para>Download (HTTP): 41 <ulink url="&mitkrb-download-http;"/></para></listitem> 42 <listitem><para>Download (FTP): 43 <ulink url="&mitkrb-download-ftp;"/></para></listitem> 44 <listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem> 45 <listitem><para>Download size: &mitkrb-size;</para></listitem> 46 <listitem><para>Estimated disk space required: 47 &mitkrb-buildsize;</para></listitem> 48 <listitem><para>Estimated build time: 49 &mitkrb-time;</para></listitem></itemizedlist> 50 </sect3> 51 52 <sect3><title><application><acronym>MIT</acronym> krb5</application> 53 dependencies</title> 54 <sect4><title>Optional</title> 55 <para> 56 <xref linkend="xinetd"/> (services servers only), 57 <xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and 58 <xref linkend="openldap"/> (alternative for <command>krb5kdc</command> 59 password database) 60 </para> 61 62 <note><para> 63 Some sort of time synchronization facility on your system (like 64 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if there 65 is a time difference between a kerberized client and the 66 <acronym>KDC</acronym> server.</para></note> 67 </sect4> 68 69 </sect3> 70 71 </sect2> 72 73 <sect2> 74 <title>Installation of <application><acronym>MIT</acronym> 75 krb5</application></title> 76 77 <para> 78 <application><acronym>MIT</acronym> krb5</application> is distributed in a 79 <acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym> 80 package and a detached <acronym>PGP</acronym> 81 <filename class="extension">ASC</filename> file. 82 </para> 83 84 <para> 85 If you have installed <xref linkend="gnupg"/>, you can 86 authenticate the package with the following command: 87 </para> 88 89 <screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen> 90 91 <para> 92 Build <application><acronym>MIT</acronym> krb5</application> by running the 93 following commands: 94 </para> 95 96 <screen><userinput><command>cd src && 16 <?dbhtml filename="mitkrb.html"?> 17 18 <sect1info> 19 <othername>$LastChangedBy$</othername> 20 <date>$Date$</date> 21 </sect1info> 22 23 <title>MIT Krb5-&mitkrb-version;</title> 24 25 <indexterm zone="mitkrb"> 26 <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary> 27 </indexterm> 28 29 <sect2 role="package"> 30 <title>Introduction to MIT Krb5</title> 31 32 <para><application>MIT krb5</application> is a free implementation of 33 Kerberos 5. Kerberos is a network authentication protocol. It 34 centralizes the authentication database and uses kerberized 35 applications to work with servers or services that support Kerberos 36 allowing single logins and encrypted communication over internal 37 networks or the Internet.</para> 38 39 <bridgehead renderas="sect3">Package Information</bridgehead> 40 <itemizedlist spacing="compact"> 41 <listitem> 42 <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para> 43 </listitem> 44 <listitem> 45 <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para> 46 </listitem> 47 <listitem> 48 <para>Download MD5 sum: &mitkrb-md5sum;</para> 49 </listitem> 50 <listitem> 51 <para>Download size: &mitkrb-size;</para> 52 </listitem> 53 <listitem> 54 <para>Estimated disk space required: &mitkrb-buildsize;</para> 55 </listitem> 56 <listitem> 57 <para>Estimated build time: &mitkrb-time;</para> 58 </listitem> 59 </itemizedlist> 60 61 <bridgehead renderas="sect3">MIT Krb5 Dependencies</bridgehead> 62 63 <bridgehead renderas="sect4">Optional</bridgehead> 64 <para><xref linkend="xinetd"/> (services servers only), 65 <xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and 66 <xref linkend="openldap"/> (alternative for <command>krb5kdc</command> 67 password database)</para> 68 69 <note> 70 <para>Some sort of time synchronization facility on your system (like 71 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if 72 there is a time difference between a kerberized client and the 73 KDC server.</para> 74 </note> 75 76 </sect2> 77 78 <sect2 role="installation"> 79 <title>Installation of MIT Krb5</title> 80 81 <para><application>MIT krb5</application> is distributed in a 82 TAR file containing a compressed TAR package and a detached PGP 83 <filename class="extension">ASC</filename> file.</para> 84 85 <para>If you have installed <xref linkend="gnupg"/>, you can 86 authenticate the package with the following command:</para> 87 88 <screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen> 89 90 <para>Build <application>MIT krb5</application> by running the 91 following commands:</para> 92 93 <screen><userinput>cd src && 97 94 ./configure --prefix=/usr --sysconfdir=/etc \ 98 95 --localstatedir=/var/lib --enable-dns \ 99 96 --enable-static --mandir=/usr/share/man && 100 make</command></userinput></screen> 101 102 <para> 103 Install <application><acronym>MIT</acronym> krb5</application> by 104 running the following commands as root: 105 </para> 106 107 <screen><userinput role='root'><command>make install && 108 mv /bin/login /bin/login.shadow && 109 cp /usr/sbin/login.krb5 /bin/login && 110 mv /usr/bin/ksu /bin && 111 mv /usr/lib/libkrb5.so.3* /lib && 112 mv /usr/lib/libkrb4.so.2* /lib && 113 mv /usr/lib/libdes425.so.3* /lib && 114 mv /usr/lib/libk5crypto.so.3* /lib && 115 mv /usr/lib/libcom_err.so.3* /lib && 116 ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so && 117 ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so && 118 ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so && 119 ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so && 120 ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so && 121 ldconfig</command></userinput></screen> 122 123 </sect2> 124 125 <sect2> 126 <title>Command explanations</title> 127 128 <para> 129 <parameter>--enable-dns</parameter>: This switch allows realms to 130 be resolved using the <acronym>DNS</acronym> server. 131 </para> 132 133 <para> 134 <parameter>--enable-static</parameter>: This switch builds static 135 libraries in addition to the shared libraries. 136 </para> 137 138 <para> 139 <screen><command>mv /bin/login /bin/login.shadow 140 cp /usr/sbin/login.krb5 /bin/login 141 mv /usr/bin/ksu /bin</command></screen> 142 Preserves <application>Shadow</application>'s <command>login</command> 143 command, moves <command>ksu</command> and <command>login</command> to 144 the <filename class="directory">/bin</filename> directory. 145 </para> 146 147 <para> 148 <screen><command>mv /usr/lib/libkrb5.so.3* /lib 149 mv /usr/lib/libkrb4.so.2* /lib 150 mv /usr/lib/libdes425.so.3* /lib 151 mv /usr/lib/libk5crypto.so.3* /lib 152 mv /usr/lib/libcom_err.so.3* /lib 153 ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so 154 ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so 155 ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so 156 ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so 157 ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen> 158 The <command>login</command> and <command>ksu</command> programs 159 are linked against these libraries, therefore we move these libraries to 160 <filename class="directory">/lib</filename> to allow logins without mounting 161 <filename class="directory">/usr</filename>. 162 </para> 163 164 </sect2> 165 166 <sect2> 167 <title>Configuring <application><acronym>MIT</acronym> krb5</application></title> 168 169 <sect3 id="krb5-config"><title>Config files</title> 170 <para> 171 <filename>/etc/krb5.conf</filename> and 172 <filename>/var/lib/krb5kdc/kdc.conf</filename> 173 </para> 174 <indexterm zone="mitkrb krb5-config"> 175 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm> 176 <indexterm zone="mitkrb krb5-config"> 177 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary> 178 </indexterm> 179 </sect3> 180 181 <sect3><title>Configuration Information</title> 182 183 <sect4><title>Kerberos Configuration</title> 184 <para> 185 Create the Kerberos configuration file with the following command: 186 </para> 187 188 <screen><userinput role='root'><command>cat > /etc/krb5.conf << "EOF"</command> 189 # Begin /etc/krb5.conf 97 make</userinput></screen> 98 99 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 100 101 <screen role="root"><userinput>make install && 102 mv -v /bin/login /bin/login.shadow && 103 cp -v /usr/sbin/login.krb5 /bin/login && 104 mv -v /usr/bin/ksu /bin && 105 mv -v /usr/lib/libkrb5.so.3* /lib && 106 mv -v /usr/lib/libkrb4.so.2* /lib && 107 mv -v /usr/lib/libdes425.so.3* /lib && 108 mv -v /usr/lib/libk5crypto.so.3* /lib && 109 mv -v /usr/lib/libcom_err.so.3* /lib && 110 ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so && 111 ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so && 112 ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so && 113 ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so && 114 ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so && 115 ldconfig</userinput></screen> 116 117 </sect2> 118 119 <sect2 role="commands"> 120 <title>Command Explanations</title> 121 122 <para><parameter>--enable-dns</parameter>: This switch allows 123 realms to be resolved using the DNS server.</para> 124 125 <para><parameter>--enable-static</parameter>: This switch builds static 126 libraries in addition to the shared libraries.</para> 127 128 <para><command>mv -v /bin/login /bin/login.shadow && 129 cp -v /usr/sbin/login.krb5 /bin/login && 130 mv -v /usr/bin/ksu /bin</command>: Preserves 131 <application>Shadow</application>'s <command>login</command> 132 command, moves <command>ksu</command> and <command>login</command> to 133 the <filename class="directory">/bin</filename> directory.</para> 134 135 <para><command>mv -v ... /lib && ln -v -sf ...</command>: 136 The <command>login</command> and <command>ksu</command> programs 137 are linked against these libraries, therefore we move these libraries 138 to <filename class="directory">/lib</filename> to allow logins without 139 mounting <filename class="directory">/usr</filename>.</para> 140 141 </sect2> 142 143 <sect2 role="configuration"> 144 <title>Configuring MIT Krb5</title> 145 146 <sect3 id="krb5-config"> 147 <title>Config Files</title> 148 149 <para><filename>/etc/krb5.conf</filename> and 150 <filename>/var/lib/krb5kdc/kdc.conf</filename></para> 151 152 <indexterm zone="mitkrb krb5-config"> 153 <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary> 154 </indexterm> 155 156 <indexterm zone="mitkrb krb5-config"> 157 <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary> 158 </indexterm> 159 160 </sect3> 161 162 <sect3> 163 <title>Configuration Information</title> 164 165 <sect4> 166 <title>Kerberos Configuration</title> 167 168 <para>Create the Kerberos configuration file with the following 169 command:</para> 170 171 <screen role="root"><userinput>cat > /etc/krb5.conf << "EOF" 172 <literal># Begin /etc/krb5.conf 190 173 191 174 [libdefaults] … … 207 190 default = SYSLOG[[:SYS]] 208 191 209 # End /etc/krb5.conf 210 <command>EOF</command></userinput></screen> 211 212 <para> 213 You will need to substitute your domain and proper hostname for the 214 occurances of the <replaceable>[belgarath]</replaceable> and 215 <replaceable>[lfs.org]</replaceable> names. 216 </para> 217 218 <para> 219 <userinput>default_realm</userinput> should be the name of your domain changed 220 to ALL CAPS. This isn't required, but both <application>Heimdal</application> 221 and <acronym>MIT</acronym> recommend it. 222 </para> 223 224 <para> 225 <userinput>encrypt = true</userinput> provides encryption of all traffic 226 between kerberized clients and servers. It's not necessary and can be left 227 off. If you leave it off, you can encrypt all traffic from the client to the 228 server using a switch on the client program instead. 229 </para> 230 231 <para> 232 The <userinput>[realms]</userinput> parameters tell the client programs where 233 to look for the <acronym>KDC</acronym> authentication services. 234 </para> 235 236 <para> 237 The <userinput>[domain_realm]</userinput> section maps a domain to a realm. 238 </para> 239 240 <para> 241 Create the <acronym>KDC</acronym> database: 242 </para> 243 244 <screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen> 245 246 <para> 247 Now you should populate the database with principles (users). For now, 248 just use your regular login name or root. 249 </para> 250 251 <screen><userinput role='root'><command>kadmin.local</command></userinput> 252 <prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen> 253 254 <para> 255 The <acronym>KDC</acronym> server and any machine running kerberized 256 server daemons must have a host key installed: 257 </para> 258 259 <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 260 261 <para> 262 After choosing the defaults when prompted, you will have to export the 263 data to a keytab file: 264 </para> 265 266 <screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 267 268 <para> 269 This should have created a file in <filename class="directory">/etc</filename> 270 named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600 271 (root rw only) permissions. Keeping the keytab files from public access 272 is crucial to the overall security of the Kerberos installation. 273 </para> 274 275 <para> 276 Eventually, you'll want to add server daemon principles to the database 277 and extract them to the keytab file. You do this in the same way you 278 created the host principles. Below is an example: 279 </para> 280 281 <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput> 282 <prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 283 284 <para> 285 Exit the <command>kadmin</command> program (use <command>quit</command> 286 or <command>exit</command>) and return back to the shell prompt. Start 287 the <acronym>KDC</acronym> daemon manually, just to test out the 288 installation: 289 </para> 290 291 <screen><userinput role='root'><command>/usr/sbin/krb5kdc &</command></userinput></screen> 292 293 <para> 294 Attempt to get a ticket with the following command: 295 </para> 296 297 <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen> 298 299 <para> 300 You will be prompted for the password you created. After you get your 301 ticket, you can list it with the following command: 302 </para> 303 304 <screen><userinput><command>klist</command></userinput></screen> 305 306 <para> 307 Information about the ticket should be displayed on the screen. 308 </para> 309 310 <para> 311 To test the functionality of the keytab file, issue the following 312 command: 313 </para> 314 315 <screen><userinput><command>ktutil</command></userinput> 316 <prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput> 317 <prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen> 318 319 <para> 320 This should dump a list of the host principal, along with the encryption 321 methods used to access the principal. 322 </para> 323 324 <para> 325 At this point, if everything has been successful so far, you can feel 326 fairly confident in the installation and configuration of the package. 327 </para> 328 329 <para> 330 Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script 331 included in the <xref linkend="intro-important-bootscripts"/> package. 332 </para> 333 334 <screen><userinput role='root'><command>make install-kerberos</command></userinput></screen> 335 336 </sect4> 337 338 <sect4><title>Using Kerberized Client Programs</title> 339 340 <para> 341 To use the kerberized client programs (<command>telnet</command>, 342 <command>ftp</command>, <command>rsh</command>, 343 <command>rcp</command>, <command>rlogin</command>), you first must get 344 an authentication ticket. Use the <command>kinit</command> program to 345 get the ticket. After you've acquired the ticket, you can use the 346 kerberized programs to connect to any kerberized server on the network. 347 You will not be prompted for authentication until your ticket expires 348 (default is one day), unless you specify a different user as a command 349 line argument to the program. 350 </para> 351 352 <para> 353 The kerberized programs will connect to non kerberized daemons, warning 354 you that authentication is not encrypted. 355 </para> 356 </sect4> 357 358 <sect4><title>Using Kerberized Server Programs</title> 359 <para> 360 Using kerberized server programs (<command>telnetd</command>, 361 <command>kpropd</command>, <command>klogind</command> and 362 <command>kshd</command>) requires two additional configuration steps. 363 First the <filename>/etc/services</filename> file must be updated to 364 include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename> 365 or <filename>xinetd.conf</filename> must be modified for each server that will 366 be activated, usually replacing the server from <xref linkend="inetutils"/>. 367 </para> 368 </sect4> 369 370 <sect4><title>Additional Information</title> 371 <para> 372 For additional information consult <ulink 373 url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation 374 for krb-&mitkrb-version;</ulink> on which the above instructions are based. 375 </para> 376 377 </sect4> 378 379 </sect3> 380 381 </sect2> 382 383 <sect2> 384 <title>Contents</title> 385 386 <segmentedlist> 387 <segtitle>Installed Programs</segtitle> 388 <segtitle>Installed Libraries</segtitle> 389 <segtitle>Installed Directories</segtitle> 390 391 <seglistitem> 392 <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin, 393 kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist, 394 klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d, 395 krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin, 396 rsh, sclient, sim_client, sim_server, sserver, 397 telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg> 398 <seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a], 399 libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a], 400 libkrb4.[so,a]</seg> 401 <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg> 402 </seglistitem> 403 </segmentedlist> 404 405 <variablelist> 406 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 407 <?dbfo list-presentation="list"?> 408 409 <varlistentry id="compile_et"> 410 <term><command>compile_et</command></term> 411 <listitem><para>converts the table listing 412 error-code names into a <application>C</application> source file..</para> 413 <indexterm zone="mitkrb compile_et"> 414 <primary sortas="b-compile_et">compile_et</primary> 415 </indexterm></listitem> 416 </varlistentry> 417 418 <varlistentry id="ftp-mitkrb"> 419 <term><command>ftp</command></term> 420 <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para> 421 <indexterm zone="mitkrb ftp"> 422 <primary sortas="b-ftp">ftp</primary> 423 </indexterm></listitem> 424 </varlistentry> 425 426 <varlistentry id="ftpd-mitkrb"> 427 <term><command>ftpd</command></term> 428 <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para> 429 <indexterm zone="mitkrb ftpd"> 430 <primary sortas="b-ftpd">ftpd</primary> 431 </indexterm></listitem> 432 </varlistentry> 433 434 <varlistentry id="k5srvutil"> 435 <term><command>k5srvutil</command></term> 436 <listitem><para>is a host keytable manipulation utility.</para> 437 <indexterm zone="mitkrb k5srvutil"> 438 <primary sortas="b-k5srvutil">k5srvutil</primary> 439 </indexterm></listitem> 440 </varlistentry> 441 442 <varlistentry id="kadmin-mitkrb"> 443 <term><command>kadmin</command></term> 444 <listitem><para>is an utility used to make modifications 445 to the Kerberos database.</para> 446 <indexterm zone="mitkrb kadmin-mitkrb"> 447 <primary sortas="b-kadmin">kadmin</primary> 448 </indexterm></listitem> 449 </varlistentry> 450 451 <varlistentry id="kadmind-mitkrb"> 452 <term><command>kadmind</command></term> 453 <listitem><para>is a server for administrative access 454 to a Kerberos database.</para> 455 <indexterm zone="mitkrb kadmind-mitkrb"> 456 <primary sortas="b-kadmind">kadmind</primary> 457 </indexterm></listitem> 458 </varlistentry> 459 460 <varlistentry id="kdb5_util"> 461 <term><command>kdb5_util</command></term> 462 <listitem><para>is the <acronym>KDC</acronym> database utility.</para> 463 <indexterm zone="mitkrb kdb5_util"> 464 <primary sortas="b-kdb5_util">kdb5_util</primary> 465 </indexterm></listitem> 466 </varlistentry> 467 468 <varlistentry id="kdestroy-mitkrb"> 469 <term><command>kdestroy</command></term> 470 <listitem><para>removes the current set of tickets.</para> 471 <indexterm zone="mitkrb kdestroy-mitkrb"> 472 <primary sortas="b-kdestroy">kdestroy</primary> 473 </indexterm></listitem> 474 </varlistentry> 475 476 <varlistentry id="kinit-mitkrb"> 477 <term><command>kinit</command></term> 478 <listitem><para>is used to authenticate to the Kerberos server as 479 a principal and acquire a ticket granting ticket that can later be used 480 to obtain tickets for other services.</para> 481 <indexterm zone="mitkrb kinit-mitkrb"> 482 <primary sortas="b-kinit">kinit</primary> 483 </indexterm></listitem> 484 </varlistentry> 485 486 <varlistentry id="klist-mitkrb"> 487 <term><command>klist</command></term> 488 <listitem><para>reads and displays the current tickets in 489 the credential cache.</para> 490 <indexterm zone="mitkrb klist-mitkrb"> 491 <primary sortas="b-klist">klist</primary> 492 </indexterm></listitem> 493 </varlistentry> 494 495 <varlistentry id="klogind"> 496 <term><command>klogind</command></term> 497 <listitem><para>is the server that responds to 498 <command>rlogin</command> requests.</para> 499 <indexterm zone="mitkrb klogind"> 500 <primary sortas="b-klogind">klogind</primary> 501 </indexterm></listitem> 502 </varlistentry> 503 504 <varlistentry id="kpasswd-mitkrb"> 505 <term><command>kpasswd</command></term> 506 <listitem><para>is a program for changing Kerberos 5 passwords.</para> 507 <indexterm zone="mitkrb kpasswd-mitkrb"> 508 <primary sortas="b-kpasswd">kpasswd</primary> 509 </indexterm></listitem> 510 </varlistentry> 511 512 <varlistentry id="kprop"> 513 <term><command>kprop</command></term> 514 <listitem><para>takes a principal database in a specified 515 format and converts it into a stream of database 516 records.</para> 517 <indexterm zone="mitkrb kprop"> 518 <primary sortas="b-kprop">kprop</primary> 519 </indexterm></listitem> 520 </varlistentry> 521 522 <varlistentry id="kpropd"> 523 <term><command>kpropd</command></term> 524 <listitem><para>receives a database sent by 525 <command>kprop</command> and writes it as a local database.</para> 526 <indexterm zone="mitkrb kpropd"> 527 <primary sortas="b-kpropd">kpropd</primary> 528 </indexterm></listitem> 529 </varlistentry> 530 531 <varlistentry id="krb5-config-1"> 532 <term><command>krb5-config</command></term> 533 <listitem><para>gives information on how to link 534 programs against libraries.</para> 535 <indexterm zone="mitkrb krb5-config-prog"> 536 <primary sortas="b-krb5-config-1">krb5-config</primary> 537 </indexterm></listitem> 538 </varlistentry> 539 540 <varlistentry id="krb5kdc"> 541 <term><command>krb5kdc</command></term> 542 <listitem><para>is a Kerberos 5 server.</para> 543 <indexterm zone="mitkrb krb5kdc"> 544 <primary sortas="b-krb5kdc">krb5kdc</primary> 545 </indexterm></listitem> 546 </varlistentry> 547 548 <varlistentry id="kshd"> 549 <term><command>kshd</command></term> 550 <listitem><para>is the server that responds to 551 <command>rsh</command> requests.</para> 552 <indexterm zone="mitkrb kshd"> 553 <primary sortas="b-kshd">kshd</primary> 554 </indexterm></listitem> 555 </varlistentry> 556 557 <varlistentry id="ksu"> 558 <term><command>ksu</command></term> 559 <listitem><para>is the super user program using Kerberos protocol. 560 Requires a properly configured 561 <filename class="directory">/etc/shells</filename> and 562 <filename>~/.k5login</filename> containing principals authorized to 563 become super users.</para> 564 <indexterm zone="mitkrb ksu"> 565 <primary sortas="b-ksu">ksu</primary> 566 </indexterm></listitem> 567 </varlistentry> 568 569 <varlistentry id="ktutil-mitkrb"> 570 <term><command>ktutil</command></term> 571 <listitem><para>is a program for managing Kerberos keytabs.</para> 572 <indexterm zone="mitkrb ktutil-mitkrb"> 573 <primary sortas="b-ktutil">ktutil</primary> 574 </indexterm></listitem> 575 </varlistentry> 576 577 <varlistentry id="kvno"> 578 <term><command>kvno</command></term> 579 <listitem><para>prints keyversion numbers of Kerberos principals.</para> 580 <indexterm zone="mitkrb kvno"> 581 <primary sortas="b-kvno">kvno</primary> 582 </indexterm></listitem> 583 </varlistentry> 584 585 <varlistentry id="login.krb5"> 586 <term><command>login.krb5</command></term> 587 <listitem><para>is a kerberized login program.</para> 588 <indexterm zone="mitkrb login"> 589 <primary sortas="b-login.krb5">login.krb5</primary> 590 </indexterm></listitem> 591 </varlistentry> 592 593 <varlistentry id="rcp-mitkrb"> 594 <term><command>rcp</command></term> 595 <listitem><para>is a kerberized rcp client program.</para> 596 <indexterm zone="mitkrb rcp"> 597 <primary sortas="b-rcp">rcp</primary> 598 </indexterm></listitem> 599 </varlistentry> 600 601 <varlistentry id="rlogin"> 602 <term><command>rlogin</command></term> 603 <listitem><para>is a kerberized rlogin client program.</para> 604 <indexterm zone="mitkrb rlogin"> 605 <primary sortas="b-rlogin">rlogin</primary> 606 </indexterm></listitem> 607 </varlistentry> 608 609 <varlistentry id="rsh-mitkrb"> 610 <term><command>rsh</command></term> 611 <listitem><para>is a kerberized rsh client program.</para> 612 <indexterm zone="mitkrb rsh"> 613 <primary sortas="b-rsh">rsh</primary> 614 </indexterm></listitem> 615 </varlistentry> 616 617 <varlistentry id="telnet-mitkrb"> 618 <term><command>telnet</command></term> 619 <listitem><para>is a kerberized telnet client program.</para> 620 <indexterm zone="mitkrb telnet"> 621 <primary sortas="b-telnet">telnet</primary> 622 </indexterm></listitem> 623 </varlistentry> 624 625 <varlistentry id="telnetd-mitkrb"> 626 <term><command>telnetd</command></term> 627 <listitem><para>is a kerberized telnet server.</para> 628 <indexterm zone="mitkrb telnetd"> 629 <primary sortas="b-telnetd">telnetd</primary> 630 </indexterm></listitem> 631 </varlistentry> 632 633 <varlistentry id="libcom_err"> 634 <term><filename class='libraryfile'>libcom_err.[so,a]</filename></term> 635 <listitem><para>implements the Kerberos library error code.</para> 636 <indexterm zone="mitkrb libcom_err"> 637 <primary sortas="c-libcom_err">libcom_err.[so,a]</primary> 638 </indexterm></listitem> 639 </varlistentry> 640 641 <varlistentry id="libgssapi-mitkrb"> 642 <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term> 643 <listitem><para>contain the Generic Security Service Application 644 Programming 645 Interface (<acronym>GSSAPI</acronym>) functions which provides security 646 services to callers in a generic fashion, supportable with a range of 647 underlying mechanisms and technologies and hence allowing source-level 648 portability of applications to different environments.</para> 649 <indexterm zone="mitkrb libgssapi"> 650 <primary sortas="c-libgssapi">libgssapi.[so,a]</primary> 651 </indexterm></listitem> 652 </varlistentry> 653 654 <varlistentry id="libkadm5clnt-mitkrb"> 655 <term><filename 656 class='libraryfile'>libkadm5clnt.[so,a]</filename></term> 657 <listitem><para>contains the administrative authentication and password 658 checking functions required by Kerberos 5 client-side programs.</para> 659 <indexterm zone="mitkrb libkadm5clnt"> 660 <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary> 661 </indexterm></listitem> 662 </varlistentry> 663 664 <varlistentry id="libkadm5srv-mitkrb"> 665 <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term> 666 <listitem><para>contain the administrative authentication and password 667 checking functions required by Kerberos 5 servers.</para> 668 <indexterm zone="mitkrb libkadm5srv"> 669 <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary> 670 </indexterm></listitem> 671 </varlistentry> 672 673 <varlistentry id="libkdb5"> 674 <term><filename class='libraryfile'>libkdb5.[so,a]</filename></term> 675 <listitem><para>is a Kerberos 5 676 authentication/authorization database access library.</para> 677 <indexterm zone="mitkrb libkdb5"> 678 <primary sortas="c-libkdb5">libkdb5.[so,a]</primary> 679 </indexterm></listitem> 680 </varlistentry> 681 682 <varlistentry id="libkrb5-mitkrb"> 683 <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term> 684 <listitem><para>is an all-purpose Kerberos 5 library.</para> 685 <indexterm zone="mitkrb libkrb5"> 686 <primary sortas="c-libkrb5">libkrb5.[so,a]</primary> 687 </indexterm></listitem> 688 </varlistentry> 689 690 </variablelist> 691 692 </sect2> 192 # End /etc/krb5.conf</literal> 193 EOF</userinput></screen> 194 195 <para>You will need to substitute your domain and proper hostname 196 for the occurances of the <replaceable>[belgarath]</replaceable> and 197 <replaceable>[lfs.org]</replaceable> names.</para> 198 199 <para><option>default_realm</option> should be the name of your 200 domain changed to ALL CAPS. This isn't required, but both 201 <application>Heimdal</application> and MIT recommend it.</para> 202 203 <para><option>encrypt = true</option> provides encryption of all 204 traffic between kerberized clients and servers. It's not necessary 205 and can be left off. If you leave it off, you can encrypt all traffic 206 from the client to the server using a switch on the client program 207 instead.</para> 208 209 <para>The <option>[realms]</option> parameters tell the client 210 programs where to look for the KDC authentication services.</para> 211 212 <para>The <option>[domain_realm]</option> section maps a domain to 213 a realm.</para> 214 215 <para>Create the KDC database:</para> 216 217 <screen role="root"><userinput>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s</userinput></screen> 218 219 <para>Now you should populate the database with principles 220 (users). For now, just use your regular login name or 221 <systemitem class="username">root</systemitem>.</para> 222 223 <screen role="root"><userinput>kadmin.local 224 <prompt>kadmin:</prompt> addprinc <replaceable>[loginname]</replaceable></userinput></screen> 225 226 <para>The KDC server and any machine running kerberized 227 server daemons must have a host key installed:</para> 228 229 <screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen> 230 231 <para>After choosing the defaults when prompted, you will have to 232 export the data to a keytab file:</para> 233 234 <screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen> 235 236 <para>This should have created a file in 237 <filename class="directory">/etc</filename> named 238 <filename>krb5.keytab</filename> (Kerberos 5). This file should 239 have 600 (<systemitem class="username">root</systemitem> rw only) 240 permissions. Keeping the keytab files from public access is crucial 241 to the overall security of the Kerberos installation.</para> 242 243 <para>Eventually, you'll want to add server daemon principles to the 244 database and extract them to the keytab file. You do this in the same 245 way you created the host principles. Below is an example:</para> 246 247 <screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable> 248 <prompt>kadmin:</prompt> ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></userinput></screen> 249 250 <para>Exit the <command>kadmin</command> program (use 251 <command>quit</command> or <command>exit</command>) and return 252 back to the shell prompt. Start the KDC daemon manually, just to 253 test out the installation:</para> 254 255 <screen role='root'><userinput>/usr/sbin/krb5kdc &</userinput></screen> 256 257 <para>Attempt to get a ticket with the following command:</para> 258 259 <screen><userinput>kinit <replaceable>[loginname]</replaceable></userinput></screen> 260 261 <para>You will be prompted for the password you created. After you 262 get your ticket, you can list it with the following command:</para> 263 264 <screen><userinput>klist</userinput></screen> 265 266 <para>Information about the ticket should be displayed on the 267 screen.</para> 268 269 <para>To test the functionality of the keytab file, issue the 270 following command:</para> 271 272 <screen><userinput>ktutil 273 <prompt>ktutil:</prompt> rkt /etc/krb5.keytab 274 <prompt>ktutil:</prompt> l</userinput></screen> 275 276 <para>This should dump a list of the host principal, along with 277 the encryption methods used to access the principal.</para> 278 279 <para>At this point, if everything has been successful so far, you 280 can feel fairly confident in the installation and configuration of 281 the package.</para> 282 283 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init 284 script included in the <xref linkend="intro-important-bootscripts"/> 285 package.</para> 286 287 <screen role="root"><userinput>make install-kerberos</userinput></screen> 288 289 </sect4> 290 291 <sect4> 292 <title>Using Kerberized Client Programs</title> 293 294 <para>To use the kerberized client programs (<command>telnet</command>, 295 <command>ftp</command>, <command>rsh</command>, <command>rcp</command>, 296 <command>rlogin</command>), you first must get an authentication ticket. 297 Use the <command>kinit</command> program to get the ticket. After you've 298 acquired the ticket, you can use the kerberized programs to connect to 299 any kerberized server on the network. You will not be prompted for 300 authentication until your ticket expires (default is one day), unless 301 you specify a different user as a command line argument to the 302 program.</para> 303 304 <para>The kerberized programs will connect to non kerberized daemons, 305 warning you that authentication is not encrypted.</para> 306 307 </sect4> 308 309 <sect4> 310 <title>Using Kerberized Server Programs</title> 311 312 <para>Using kerberized server programs (<command>telnetd</command>, 313 <command>kpropd</command>, <command>klogind</command> and 314 <command>kshd</command>) requires two additional configuration steps. 315 First the <filename>/etc/services</filename> file must be updated to 316 include eklogin and krb5_prop. Second, the 317 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename> 318 must be modified for each server that will be activated, usually 319 replacing the server from <xref linkend="inetutils"/>.</para> 320 321 </sect4> 322 323 <sect4> 324 <title>Additional Information</title> 325 326 <para>For additional information consult <ulink 327 url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation"> 328 Documentation for krb-&mitkrb-version;</ulink> on which the above 329 instructions are based.</para> 330 331 </sect4> 332 333 </sect3> 334 335 </sect2> 336 337 <sect2 role="content"> 338 <title>Contents</title> 339 340 <segmentedlist> 341 <segtitle>Installed Programs</segtitle> 342 <segtitle>Installed Libraries</segtitle> 343 <segtitle>Installed Directories</segtitle> 344 345 <seglistitem> 346 <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin, 347 kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist, 348 klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d, 349 krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin, 350 rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd, 351 uuclient, uuserver, v5passwd, and v5passwdd</seg> 352 <seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], 353 libgssrpc.[so,a], libkadm5clnt.[so,a], libkadm5srv.[so,a], 354 libkdb5.[so,a], libkrb5.[so,a], and libkrb4.[so,a]</seg> 355 <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg> 356 </seglistitem> 357 </segmentedlist> 358 359 <variablelist> 360 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 361 <?dbfo list-presentation="list"?> 362 <?dbhtml list-presentation="table"?> 363 364 <varlistentry id="compile_et"> 365 <term><command>compile_et</command></term> 366 <listitem> 367 <para>converts the table listing error-code names into a 368 C source file.</para> 369 <indexterm zone="mitkrb compile_et"> 370 <primary sortas="b-compile_et">compile_et</primary> 371 </indexterm> 372 </listitem> 373 </varlistentry> 374 375 <varlistentry id="ftp-mitkrb"> 376 <term><command>ftp</command></term> 377 <listitem> 378 <para>is a kerberized FTP client.</para> 379 <indexterm zone="mitkrb ftp"> 380 <primary sortas="b-ftp">ftp</primary> 381 </indexterm> 382 </listitem> 383 </varlistentry> 384 385 <varlistentry id="ftpd-mitkrb"> 386 <term><command>ftpd</command></term> 387 <listitem> 388 <para>is a kerberized FTP daemon.</para> 389 <indexterm zone="mitkrb ftpd"> 390 <primary sortas="b-ftpd">ftpd</primary> 391 </indexterm> 392 </listitem> 393 </varlistentry> 394 395 <varlistentry id="k5srvutil"> 396 <term><command>k5srvutil</command></term> 397 <listitem> 398 <para>is a host keytable manipulation utility.</para> 399 <indexterm zone="mitkrb k5srvutil"> 400 <primary sortas="b-k5srvutil">k5srvutil</primary> 401 </indexterm> 402 </listitem> 403 </varlistentry> 404 405 <varlistentry id="kadmin-mitkrb"> 406 <term><command>kadmin</command></term> 407 <listitem> 408 <para>is an utility used to make modifications 409 to the Kerberos database.</para> 410 <indexterm zone="mitkrb kadmin-mitkrb"> 411 <primary sortas="b-kadmin">kadmin</primary> 412 </indexterm> 413 </listitem> 414 </varlistentry> 415 416 <varlistentry id="kadmind-mitkrb"> 417 <term><command>kadmind</command></term> 418 <listitem> 419 <para>is a server for administrative access 420 to a Kerberos database.</para> 421 <indexterm zone="mitkrb kadmind-mitkrb"> 422 <primary sortas="b-kadmind">kadmind</primary> 423 </indexterm> 424 </listitem> 425 </varlistentry> 426 427 <varlistentry id="kdb5_util"> 428 <term><command>kdb5_util</command></term> 429 <listitem> 430 <para>is the KDC database utility.</para> 431 <indexterm zone="mitkrb kdb5_util"> 432 <primary sortas="b-kdb5_util">kdb5_util</primary> 433 </indexterm> 434 </listitem> 435 </varlistentry> 436 437 <varlistentry id="kdestroy-mitkrb"> 438 <term><command>kdestroy</command></term> 439 <listitem> 440 <para>removes the current set of tickets.</para> 441 <indexterm zone="mitkrb kdestroy-mitkrb"> 442 <primary sortas="b-kdestroy">kdestroy</primary> 443 </indexterm> 444 </listitem> 445 </varlistentry> 446 447 <varlistentry id="kinit-mitkrb"> 448 <term><command>kinit</command></term> 449 <listitem> 450 <para>is used to authenticate to the Kerberos server as a 451 principal and acquire a ticket granting ticket that can 452 later be used to obtain tickets for other services.</para> 453 <indexterm zone="mitkrb kinit-mitkrb"> 454 <primary sortas="b-kinit">kinit</primary> 455 </indexterm> 456 </listitem> 457 </varlistentry> 458 459 <varlistentry id="klist-mitkrb"> 460 <term><command>klist</command></term> 461 <listitem> 462 <para>reads and displays the current tickets in 463 the credential cache.</para> 464 <indexterm zone="mitkrb klist-mitkrb"> 465 <primary sortas="b-klist">klist</primary> 466 </indexterm> 467 </listitem> 468 </varlistentry> 469 470 <varlistentry id="klogind"> 471 <term><command>klogind</command></term> 472 <listitem> 473 <para>is the server that responds to <command>rlogin</command> 474 requests.</para> 475 <indexterm zone="mitkrb klogind"> 476 <primary sortas="b-klogind">klogind</primary> 477 </indexterm> 478 </listitem> 479 </varlistentry> 480 481 <varlistentry id="kpasswd-mitkrb"> 482 <term><command>kpasswd</command></term> 483 <listitem> 484 <para>is a program for changing Kerberos 5 passwords.</para> 485 <indexterm zone="mitkrb kpasswd-mitkrb"> 486 <primary sortas="b-kpasswd">kpasswd</primary> 487 </indexterm> 488 </listitem> 489 </varlistentry> 490 491 <varlistentry id="kprop"> 492 <term><command>kprop</command></term> 493 <listitem> 494 <para>takes a principal database in a specified format and 495 converts it into a stream of database records.</para> 496 <indexterm zone="mitkrb kprop"> 497 <primary sortas="b-kprop">kprop</primary> 498 </indexterm> 499 </listitem> 500 </varlistentry> 501 502 <varlistentry id="kpropd"> 503 <term><command>kpropd</command></term> 504 <listitem> 505 <para>receives a database sent by <command>kprop</command> 506 and writes it as a local database.</para> 507 <indexterm zone="mitkrb kpropd"> 508 <primary sortas="b-kpropd">kpropd</primary> 509 </indexterm> 510 </listitem> 511 </varlistentry> 512 513 <varlistentry id="krb5-config-1"> 514 <term><command>krb5-config</command></term> 515 <listitem> 516 <para>gives information on how to link programs against 517 libraries.</para> 518 <indexterm zone="mitkrb krb5-config-prog"> 519 <primary sortas="b-krb5-config-1">krb5-config</primary> 520 </indexterm> 521 </listitem> 522 </varlistentry> 523 524 <varlistentry id="krb5kdc"> 525 <term><command>krb5kdc</command></term> 526 <listitem> 527 <para>is a Kerberos 5 server.</para> 528 <indexterm zone="mitkrb krb5kdc"> 529 <primary sortas="b-krb5kdc">krb5kdc</primary> 530 </indexterm> 531 </listitem> 532 </varlistentry> 533 534 <varlistentry id="kshd"> 535 <term><command>kshd</command></term> 536 <listitem> 537 <para>is the server that responds to <command>rsh</command> 538 requests.</para> 539 <indexterm zone="mitkrb kshd"> 540 <primary sortas="b-kshd">kshd</primary> 541 </indexterm> 542 </listitem> 543 </varlistentry> 544 545 <varlistentry id="ksu"> 546 <term><command>ksu</command></term> 547 <listitem> 548 <para>is the super user program using Kerberos protocol. 549 Requires a properly configured 550 <filename class="directory">/etc/shells</filename> and 551 <filename>~/.k5login</filename> containing principals 552 authorized to become super users.</para> 553 <indexterm zone="mitkrb ksu"> 554 <primary sortas="b-ksu">ksu</primary> 555 </indexterm> 556 </listitem> 557 </varlistentry> 558 559 <varlistentry id="ktutil-mitkrb"> 560 <term><command>ktutil</command></term> 561 <listitem> 562 <para>is a program for managing Kerberos keytabs.</para> 563 <indexterm zone="mitkrb ktutil-mitkrb"> 564 <primary sortas="b-ktutil">ktutil</primary> 565 </indexterm> 566 </listitem> 567 </varlistentry> 568 569 <varlistentry id="kvno"> 570 <term><command>kvno</command></term> 571 <listitem> 572 <para>prints keyversion numbers of Kerberos principals.</para> 573 <indexterm zone="mitkrb kvno"> 574 <primary sortas="b-kvno">kvno</primary> 575 </indexterm> 576 </listitem> 577 </varlistentry> 578 579 <varlistentry id="login.krb5"> 580 <term><command>login.krb5</command></term> 581 <listitem> 582 <para>is a kerberized login program.</para> 583 <indexterm zone="mitkrb login"> 584 <primary sortas="b-login.krb5">login.krb5</primary> 585 </indexterm> 586 </listitem> 587 </varlistentry> 588 589 <varlistentry id="rcp-mitkrb"> 590 <term><command>rcp</command></term> 591 <listitem> 592 <para>is a kerberized rcp client program.</para> 593 <indexterm zone="mitkrb rcp"> 594 <primary sortas="b-rcp">rcp</primary> 595 </indexterm> 596 </listitem> 597 </varlistentry> 598 599 <varlistentry id="rlogin"> 600 <term><command>rlogin</command></term> 601 <listitem> 602 <para>is a kerberized rlogin client program.</para> 603 <indexterm zone="mitkrb rlogin"> 604 <primary sortas="b-rlogin">rlogin</primary> 605 </indexterm> 606 </listitem> 607 </varlistentry> 608 609 <varlistentry id="rsh-mitkrb"> 610 <term><command>rsh</command></term> 611 <listitem> 612 <para>is a kerberized rsh client program.</para> 613 <indexterm zone="mitkrb rsh"> 614 <primary sortas="b-rsh">rsh</primary> 615 </indexterm> 616 </listitem> 617 </varlistentry> 618 619 <varlistentry id="telnet-mitkrb"> 620 <term><command>telnet</command></term> 621 <listitem> 622 <para>is a kerberized telnet client program.</para> 623 <indexterm zone="mitkrb telnet"> 624 <primary sortas="b-telnet">telnet</primary> 625 </indexterm> 626 </listitem> 627 </varlistentry> 628 629 <varlistentry id="telnetd-mitkrb"> 630 <term><command>telnetd</command></term> 631 <listitem> 632 <para>is a kerberized telnet server.</para> 633 <indexterm zone="mitkrb telnetd"> 634 <primary sortas="b-telnetd">telnetd</primary> 635 </indexterm> 636 </listitem> 637 </varlistentry> 638 639 <varlistentry id="libcom_err"> 640 <term><filename class='libraryfile'>libcom_err.[so,a]</filename></term> 641 <listitem> 642 <para>implements the Kerberos library error code.</para> 643 <indexterm zone="mitkrb libcom_err"> 644 <primary sortas="c-libcom_err">libcom_err.[so,a]</primary> 645 </indexterm> 646 </listitem> 647 </varlistentry> 648 649 <varlistentry id="libgssapi-mitkrb"> 650 <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term> 651 <listitem> 652 <para>contain the Generic Security Service Application 653 Programming Interface (GSSAPI) functions which provides security 654 services to callers in a generic fashion, supportable with a range of 655 underlying mechanisms and technologies and hence allowing source-level 656 portability of applications to different environments.</para> 657 <indexterm zone="mitkrb libgssapi"> 658 <primary sortas="c-libgssapi">libgssapi.[so,a]</primary> 659 </indexterm> 660 </listitem> 661 </varlistentry> 662 663 <varlistentry id="libkadm5clnt-mitkrb"> 664 <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term> 665 <listitem> 666 <para>contains the administrative authentication and password 667 checking functions required by Kerberos 5 client-side programs.</para> 668 <indexterm zone="mitkrb libkadm5clnt"> 669 <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary> 670 </indexterm> 671 </listitem> 672 </varlistentry> 673 674 <varlistentry id="libkadm5srv-mitkrb"> 675 <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term> 676 <listitem> 677 <para>contain the administrative authentication and password 678 checking functions required by Kerberos 5 servers.</para> 679 <indexterm zone="mitkrb libkadm5srv"> 680 <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary> 681 </indexterm> 682 </listitem> 683 </varlistentry> 684 685 <varlistentry id="libkdb5"> 686 <term><filename class='libraryfile'>libkdb5.[so,a]</filename></term> 687 <listitem> 688 <para>is a Kerberos 5 authentication/authorization database 689 access library.</para> 690 <indexterm zone="mitkrb libkdb5"> 691 <primary sortas="c-libkdb5">libkdb5.[so,a]</primary> 692 </indexterm> 693 </listitem> 694 </varlistentry> 695 696 <varlistentry id="libkrb5-mitkrb"> 697 <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term> 698 <listitem> 699 <para>is an all-purpose Kerberos 5 library.</para> 700 <indexterm zone="mitkrb libkrb5"> 701 <primary sortas="c-libkrb5">libkrb5.[so,a]</primary> 702 </indexterm> 703 </listitem> 704 </varlistentry> 705 706 </variablelist> 707 708 </sect2> 693 709 694 710 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.