Changeset a2ed79b for postlfs/security
- Timestamp:
- 07/13/2004 07:42:02 PM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 3b5a5cc
- Parents:
- d9384404
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/mitkrb.xml
rd9384404 ra2ed79b 8 8 <!ENTITY mitkrb-download-ftp " "> 9 9 <!ENTITY mitkrb-size "6.2 MB"> 10 <!ENTITY mitkrb-buildsize "13 7.4 MB">10 <!ENTITY mitkrb-buildsize "138.4 MB"> 11 11 <!ENTITY mitkrb-time "2.55 SBU"> 12 12 ]> … … 15 15 <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;"> 16 16 <?dbhtml filename="mitkrb.html"?> 17 <title> MITkrb5-&mitkrb-version;</title>17 <title><acronym>MIT</acronym> krb5-&mitkrb-version;</title> 18 18 19 19 <sect2> … … 21 21 22 22 <para> 23 <application>MIT krb5</application> is a free implementation of Kerberos 24 5. Kerberos is a network authentication protocol. It centralizes the 25 authentication database and uses kerberized applications to work with 26 servers or services that support Kerberos allowing single logins and 27 encrypted communication over internal networks or the Internet.</para> 23 <application><acronym>MIT</acronym> krb5</application> is a free 24 implementation of Kerberos 5. Kerberos is a network authentication 25 protocol. It centralizes the authentication database and uses kerberized 26 applications to work with servers or services that support Kerberos 27 allowing single logins and encrypted communication over internal 28 networks or the Internet. 29 </para> 28 30 29 31 <sect3><title>Package information</title> … … 56 58 57 59 <sect2> 58 <title>Installation of <application>MIT krb5</application></title> 59 60 <para>Install <application>MIT krb5</application> by running the following commands:</para> 61 62 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \ 60 <title>Installation of <application><acronym>MIT</acronym> krb5</application></title> 61 62 <para> 63 <application><acronym>MIT</acronym> krb5</application> is 64 distributed in an <acronym>TAR</acronym> file 65 containing a compressed <acronym>TAR</acronym> package and a 66 detached <acronym>PGP</acronym> <filename 67 class="extension">ASC</filename> file. 68 </para> 69 70 <para> 71 If you have installed <xref linkend="gnupg"/>, you can 72 authenticate the package with the following command: 73 </para> 74 75 <screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</command></userinput></screen> 76 77 <para> 78 Build <application><acronym>MIT</acronym> krb5</application> by running the following commands: 79 </para> 80 81 <screen><userinput><command>cd src && 82 ./configure --prefix=/usr --sysconfdir=/etc \ 63 83 --localstatedir=/var/lib --enable-dns --enable-shared --mandir=/usr/share/man && 64 make && 65 make install && 84 make</command></userinput></screen> 85 86 <para> 87 Install <application><acronym>MIT</acronym> krb5</application> by 88 running the following commands as root: 89 </para> 90 91 <screen><userinput><command>make install && 66 92 mv /bin/login /bin/login.shadow && 67 93 cp /usr/sbin/login.krb5 /bin/login && … … 84 110 <title>Command explanations</title> 85 111 86 <para><parameter>--enable-dns</parameter>: This switch allows realms to 87 be resolved using the <acronym>DNS</acronym> server.</para> 88 89 <para><screen><command>mv /bin/login /bin/login.shadow 112 <para> 113 <parameter>--enable-dns</parameter>: This switch allows realms to 114 be resolved using the <acronym>DNS</acronym> server. 115 </para> 116 117 <para> 118 <screen><command>mv /bin/login /bin/login.shadow 90 119 cp /usr/sbin/login.krb5 /bin/login 91 120 mv /usr/bin/ksu /bin</command></screen> 92 121 Preserves <application>Shadow</application>'s <command>login</command> 93 122 command, moves <command>ksu</command> and <command>login</command> to 94 the <filename class="directory">/bin</filename> directory.</para> 95 96 <para><screen><command>mv /usr/lib/libkrb5.so.3* /lib 123 the <filename class="directory">/bin</filename> directory. 124 </para> 125 126 <para> 127 <screen><command>mv /usr/lib/libkrb5.so.3* /lib 97 128 mv /usr/lib/libkrb4.so.2* /lib 98 129 mv /usr/lib/libdes425.so.3* /lib … … 106 137 The <command>login</command> and <command>ksu</command> programs 107 138 are linked against these libraries, therefore we move these libraries to 108 <filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>.</para> 139 <filename class="directory">/lib</filename> to allow logins without mounting <filename class="directory">/usr</filename>. 140 </para> 109 141 110 142 </sect2> … … 114 146 115 147 <sect3><title>Config files</title> 116 <para><filename>/etc/krb5.conf</filename> and 117 <filename>/var/lib/krb5kdc/kdc.conf</filename></para> 148 <para> 149 <filename>/etc/krb5.conf</filename> and 150 <filename>/var/lib/krb5kdc/kdc.conf</filename> 151 </para> 118 152 </sect3> 119 153 … … 267 301 </para> 268 302 269 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script 303 <para> 304 Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script 270 305 included in the <xref linkend="intro-important-bootscripts"/> 271 package.</para> 306 package. 307 </para> 272 308 273 309 <screen><userinput><command>make install-kerberos</command></userinput></screen> … … 291 327 <para> 292 328 The kerberized programs will connect to non kerberized daemons, warning 293 you that authentication is not encrypted.</para></sect4> 329 you that authentication is not encrypted. 330 </para> 331 </sect4> 294 332 295 333 296 334 <sect4><title>Using Kerberized Server Programs</title> 297 298 <para>Using kerberized server programs (<command>telnetd</command>,335 <para> 336 Using kerberized server programs (<command>telnetd</command>, 299 337 <command>kpropd</command>, 300 338 <command>klogind</command> and <command>kshd</command>) requires two additional configuration steps. … … 303 341 <filename>inetd.conf</filename> or <filename>xinetd.conf</filename> must 304 342 be modified for each server that will be activated, usually replacing 305 the server from <application>inetutils</application>.</para></sect4> 343 the server from <xref linkend="inetutils"/>. 344 </para> 345 </sect4> 306 346 307 347 <sect4><title>Additional Information</title> … … 321 361 <title>Contents</title> 322 362 323 <para>The <application>MIT krb5</application> package contains 363 <para> 364 The <application>MIT krb5</application> package contains 324 365 <command>compile-et</command>, 325 366 <command>ftp</command>, … … 375 416 <filename class="libraryfile">libkdb5</filename>, 376 417 <filename class="libraryfile">libkrb4</filename>, 377 <filename class="libraryfile">libkrb5</filename>.</para> 418 <filename class="libraryfile">libkrb5</filename>. 419 </para> 378 420 379 421 </sect2> … … 382 424 383 425 <sect3><title>compile_et</title> 384 <para><command>compile_et</command> converts the table listing 385 error-code names into a <application>C</application> source file.</para></sect3> 426 <para> 427 <command>compile_et</command> converts the table listing 428 error-code names into a <application>C</application> source file. 429 </para> 430 </sect3> 386 431 387 432 <sect3><title>k5srvutil</title> 388 <para><command>k5srvutil</command> is a host keytable manipulation 389 utility.</para></sect3> 433 <para> 434 <command>k5srvutil</command> is a host keytable manipulation 435 utility. 436 </para> 437 </sect3> 390 438 391 439 <sect3><title>kadmin</title> 392 <para><command>kadmin</command> is an utility used to make modifications 393 to the Kerberos database.</para></sect3> 440 <para> 441 <command>kadmin</command> is an utility used to make modifications 442 to the Kerberos database. 443 </para> 444 </sect3> 394 445 395 446 <sect3><title>kadmind</title> 396 <para><command>kadmind</command> is a server for administrative access 397 to Kerberos database.</para></sect3> 447 <para> 448 <command>kadmind</command> is a server for administrative access 449 to Kerberos database. 450 </para> 451 </sect3> 398 452 399 453 <sect3><title>kinit</title> 400 <para><command>kinit</command> is used to 454 <para> 455 <command>kinit</command> is used to 401 456 authenticate to the Kerberos server as principal and acquire a ticket 402 457 granting ticket that can later be used to obtain tickets for other 403 services.</para></sect3> 458 services. 459 </para> 460 </sect3> 404 461 405 462 <sect3><title>krb5kdc</title> 406 <para><command>kdc</command> is a Kerberos 5 server.</para></sect3> 463 <para> 464 <command>kdc</command> is a Kerberos 5 server. 465 </para> 466 </sect3> 407 467 408 468 <sect3><title>kdestroy</title> 409 <para><command>kdestroy</command> removes the current set of 410 tickets.</para></sect3> 469 <para> 470 <command>kdestroy</command> removes the current set of 471 tickets. 472 </para> 473 </sect3> 411 474 412 475 <sect3><title>kdb5_util</title> 413 <para><command>kdb5_util</command> is the <acronym>KDC</acronym> 414 database utility.</para></sect3> 476 <para> 477 <command>kdb5_util</command> is the <acronym>KDC</acronym> 478 database utility. 479 </para> 480 </sect3> 415 481 416 482 <sect3><title>klist</title> 417 <para><command>klist</command> reads and displays the current tickets in 418 the credential cache.</para></sect3> 483 <para> 484 <command>klist</command> reads and displays the current tickets in 485 the credential cache. 486 </para> 487 </sect3> 419 488 420 489 <sect3><title>klogind</title> 421 <para><command>klogind</command> is the server that responds to rlogin 422 requests.</para></sect3> 490 <para> 491 <command>klogind</command> is the server that responds to rlogin 492 requests. 493 </para> 494 </sect3> 423 495 424 496 <sect3><title>kpasswd</title> 425 <para><command>kpasswd</command> is a program for changing Kerberos 5 426 passwords.</para></sect3> 497 <para> 498 <command>kpasswd</command> is a program for changing Kerberos 5 499 passwords. 500 </para> 501 </sect3> 427 502 428 503 <sect3><title>kprop</title> 429 <para><command>kprop</command> takes a principal database in a specified 504 <para> 505 <command>kprop</command> takes a principal database in a specified 430 506 format and converts it into a stream of database 431 records.</para></sect3> 507 records. 508 </para> 509 </sect3> 432 510 433 511 <sect3><title>kpropd</title> 434 <para><command>kpropd</command> receives a database sent by 512 <para> 513 <command>kpropd</command> receives a database sent by 435 514 <command>hprop</command> and writes it as a local 436 database.</para></sect3> 515 database. 516 </para> 517 </sect3> 437 518 438 519 <sect3><title>krb5-config</title> 439 <para><command>krb5-config</command> gives information on how to link 440 programs against libraries.</para></sect3> 520 <para> 521 <command>krb5-config</command> gives information on how to link 522 programs against libraries. 523 </para> 524 </sect3> 441 525 442 526 <sect3><title>ksu</title> 443 <para><command>ksu</command> is the super user program using Kerberos 444 protocol. Requires a properly configured 445 <filename>/etc/shells</filename> and <filename>~/.k5login</filename> 446 containing principals authorized to become super users.</para></sect3> 527 <para> 528 <command>ksu</command> is the super user program using Kerberos 529 protocol. Requires a properly configured <filename class="directory">/etc/shells</filename> 530 and <filename>~/.k5login</filename> containing principals authorized to 531 become super users. 532 </para> 533 </sect3> 447 534 448 535 <sect3><title>ktutil</title> 449 <para><command>ktutil</command> is a program for managing Kerberos 450 keytabs.</para></sect3> 536 <para> 537 <command>ktutil</command> is a program for managing Kerberos 538 keytabs. 539 </para> 540 </sect3> 451 541 452 542 <sect3><title>kvno</title> 453 <para><command>kvno</command> prints keyversion numbers of Kerberos 454 principals.</para></sect3> 543 <para> 544 <command>kvno</command> prints keyversion numbers of Kerberos 545 principals. 546 </para> 547 </sect3> 455 548 456 549
Note:
See TracChangeset
for help on using the changeset viewer.