Changeset b4b71892 for postlfs/security/heimdal.xml
- Timestamp:
- 06/10/2004 05:47:11 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- cf43c83
- Parents:
- f8d632a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/heimdal.xml
rf8d632a rb4b71892 1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" 3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ 4 <!ENTITY % general-entities SYSTEM "../../general.ent"> 5 %general-entities; 6 7 <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz"> 8 <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz"> 9 <!ENTITY heimdal-size "3.2 MB"> 10 <!ENTITY heimdal-buildsize "142 MB"> 11 <!ENTITY heimdal-time "2.55 SBU"> 12 ]> 13 1 14 <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;"> 2 15 <?dbhtml filename="heimdal.html"?> 3 16 <title>Heimdal-&heimdal-version;</title> 4 17 5 &heimdal-intro; 6 &heimdal-inst; 7 &heimdal-exp; 8 &heimdal-config; 9 &heimdal-desc; 18 <sect2> 19 <title>Introduction to <application>Heimdal</application></title> 20 21 <para> <application>Heimdal</application> is a free implementation of Kerberos 22 5, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards 23 compatible with krb4. Kerberos is a network authentication protocol. Basically 24 it preserves the integrity of passwords in any untrusted network (like the 25 Internet). Kerberized applications work hand-in-hand with sites that support 26 Kerberos to ensure that passwords cannot be stolen. A Kerberos installation 27 will make changes to the authentication mechanisms on your network and will 28 overwrite several programs and daemons from the Coreutils, Inetutils, Qpopper 29 and Shadow packages. </para> 30 31 <sect3><title>Package information</title> 32 <itemizedlist spacing='compact'> 33 <listitem><para>Download (HTTP): <ulink url="&heimdal-download-http;"/></para></listitem> 34 <listitem><para>Download (FTP): <ulink url="&heimdal-download-ftp;"/></para></listitem> 35 <listitem><para>Download size: &heimdal-size;</para></listitem> 36 <listitem><para>Estimated Disk space required: &heimdal-buildsize;</para></listitem> 37 <listitem><para>Estimated build time: &heimdal-time;</para></listitem></itemizedlist> 38 </sect3> 39 40 <sect3><title>Additional downloads</title> 41 <itemizedlist spacing='compact'> 42 <listitem><para>Required patch: <ulink 43 url="&patch-root;/heimdal-&heimdal-version;-fhs-compliance-1.patch"/></para> 44 </listitem> 45 <listitem><para>Required patch for cracklib: <ulink 46 url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para> 47 </listitem> 48 </itemizedlist> 49 50 </sect3> 51 52 <sect3><title><application>Heimdal</application> dependencies</title> 53 <sect4><title>Required</title> 54 <para> 55 <xref linkend="openssl"/> and 56 <xref linkend="db"/> 57 </para></sect4> 58 <sect4><title>Optional</title> 59 <para> 60 <xref linkend="readline"/>, 61 <xref linkend="Linux_PAM"/>, 62 <xref linkend="openldap"/>, 63 X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), 64 <xref linkend="cracklib"/> and 65 <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink> 66 </para> 67 68 <note><para> 69 Some sort of time synchronization facility on your system (like <xref 70 linkend="ntp"/>) is required since Kerberos won't authenticate if the 71 time differential between a kerberized client and the 72 <acronym>KDC</acronym> server is more than 5 minutes.</para></note> 73 </sect4> 74 75 </sect3> 76 77 </sect2> 78 79 <sect2> 80 <title>Installation of <application>Heimdal</application></title> 81 82 <para> 83 Before installing the package, you may want to preserve the 84 <command>ftp</command> program from the Inetutils package. This is 85 because using the Heimdal <command>ftp</command> program to connect to 86 non kerberized ftp servers may not work properly. It will allow you to 87 connect (letting you know that transmission of the password is clear 88 text) but will have problems doing puts and gets. 89 </para> 90 91 <screen><userinput><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen> 92 93 <para> 94 If you wish the Heimdal package to link against the cracklib library, 95 you must apply a patch: 96 </para> 97 98 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen> 99 100 <para>Install <application>Heimdal</application> by running the following commands:</para> 101 102 <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs-compliance-1.patch && 103 ./configure --prefix=/usr --sysconfdir=/etc/heimdal \ 104 --datadir=/var/lib/heimdal --libexecdir=/usr/sbin \ 105 --sharedstatedir=/usr/share --localstatedir=/var/lib/heimdal \ 106 --enable-shared --with-openssl=/usr && 107 make && 108 make install && 109 mv /bin/login /bin/login.shadow && 110 mv /bin/su /bin/su.coreutils && 111 mv /usr/bin/{login,su} /bin && 112 ln -sf ../../bin/login /usr/bin && 113 mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib && 114 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib && 115 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib && 116 mv /usr/lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /lib && 117 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib && 118 ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib && 119 ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib && 120 ln -sf ../../lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /usr/lib && 121 ldconfig</command></userinput></screen> 122 123 </sect2> 124 125 <sect2> 126 <title>Command explanations</title> 127 128 <para><parameter>--libexecdir=/usr/sbin</parameter>: 129 This switch puts the daemon programs into <filename 130 class="directory">/usr/sbin</filename>. 131 </para> 132 133 <note><para> 134 If you want to preserve all your existing Inetutils package daemons, 135 install the Heimdal daemons into <filename 136 class="directory">/usr/sbin/heimdal</filename> (or wherever you want). 137 Since these programs will be called from <command>(x)inetd</command> or 138 <command>rc</command> scripts, it really doesn't matter where they live, 139 as long as they are correctly specified in the 140 <filename>/etc/(x)inetd.conf</filename> file and <command>rc</command> 141 scripts. If you choose something other than <filename 142 class="directory">/usr/sbin</filename>, you may want to move some of the 143 user programs (such as <command>kadmin</command>) to <filename 144 class="directory">/usr/sbin</filename> manually. 145 </para></note> 146 147 <para> 148 <screen><command>mv /bin/login /bin/login.shadow 149 mv /bin/su /bin/su.coreutils 150 mv /usr/bin/{login,su} /bin 151 ln -sf ../../bin/login /usr/bin</command></screen> 152 The <command>login</command> and <command>su</command> programs 153 installed by Heimdal belong in the <filename 154 class="directory">/bin</filename> directory. The 155 <command>login</command> program is symlinked because Heimdal is expecting 156 to find it in <filename class="directory">/usr/bin</filename>. We 157 preserve the old executables before the move to keep things sane should 158 breaks occur. 159 </para> 160 161 <para> 162 <screen><command>mv /usr/lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /lib 163 mv /usr/lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /lib 164 mv /usr/lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /lib 165 mv /usr/lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /lib 166 ln -sf ../../lib/lib{otp.so.0,otp.so.0.1.4,kafs.so.0,kafs.so.0.4.0} /usr/lib 167 ln -sf ../../lib/lib{krb5.so.17,krb5.so.17.3.0,asn1.so.6,asn1.so.6.0.2} /usr/lib 168 ln -sf ../../lib/lib{roken.so.16,roken.so.16.0.3,crypto.so.0.9.7} /usr/lib 169 ln -sf ../../lib/lib{com_err.so.2,com_err.so.2.1,db-4.1.so} /usr/lib</command></screen> 170 The <command>login</command> and <command>su</command> programs 171 installed by Heimdal link against Heimdal libraries as well as crypto 172 and db libraries. We move these libraries to <filename 173 class="directory">/lib</filename> to be <acronym>FHS</acronym> 174 compliant and in case when <filename 175 class="directory">/usr</filename> is located on a separate partition which 176 may not always be mounted. 177 </para> 178 179 </sect2> 180 181 <sect2> 182 <title>Configuring Heimdal</title> 183 184 <sect3><title>Config files</title> 185 <para><filename>/etc/heimdal/*</filename></para> 186 </sect3> 187 188 <sect3><title>Configuration Information</title> 189 190 <sect4><title>Master KDC Server Configuration</title> 191 192 <para> 193 Create the Kerberos configuration file with the following command: 194 </para> 195 196 <screen><userinput><command>install -d /etc/heimdal && 197 cat > /etc/heimdal/krb5.conf << "EOF"</command> 198 # Begin /etc/heimdal/krb5.conf 199 200 [libdefaults] 201 default_realm = <replaceable>[LFS.ORG]</replaceable> 202 encrypt = true 203 204 [realms] 205 <replaceable>[LFS.ORG]</replaceable> = { 206 kdc = <replaceable>[belgarath.lfs.org]</replaceable> 207 admin_server = <replaceable>[belgarath.lfs.org]</replaceable> 208 kpasswd_server = <replaceable>[belgarath.lfs.org]</replaceable> 209 } 210 211 [domain_realm] 212 .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable> 213 214 [logging] 215 kdc = FILE:/var/log/kdc.log 216 admin_server = FILE:/var/log/kadmin.log 217 default = FILE:/var/log/krb.log 218 219 # End /etc/heimdal/krb5.conf 220 <command>EOF</command></userinput></screen> 221 222 <para> 223 You will need to substitute your domain and proper hostname for the 224 occurances of the belgarath and lfs.org names. 225 </para> 226 227 <para> 228 <userinput>default_realm</userinput> should be the name of your domain changed to ALL CAPS. 229 This isn't required, but both Heimdal and <acronym>MIT</acronym> 230 recommend it. 231 </para> 232 233 <para> 234 <userinput>encrypt = true</userinput> provides encryption of all traffic between kerberized 235 clients and servers. It's not necessary and can be left off. If you 236 leave it off, you can encrypt all traffic from the client to the server 237 using a switch on the client program instead. 238 </para> 239 240 <para> 241 The <userinput>[realms]</userinput> parameters tell the client programs where to look for the 242 <acronym>KDC</acronym> authentication services. 243 </para> 244 245 <para> 246 The <userinput>[domain_realm]</userinput> section maps a domain to a realm. 247 </para> 248 249 <para> 250 Store the master password in a key file using the following commands: 251 </para> 252 253 <screen><userinput><command>install -d -m 755 /var/lib/heimdal && 254 kstash</command></userinput></screen> 255 256 <para> 257 Create the <acronym>KDC</acronym> database: 258 </para> 259 260 <screen><userinput><command>kadmin -l</command></userinput></screen> 261 262 <para> 263 Choose the defaults for now. You can go in later and change the 264 defaults, should you feel the need. At the 265 <userinput>kadmin></userinput> prompt, issue the following statement: 266 </para> 267 268 <screen><userinput><command>init <replaceable>[LFS.ORG]</replaceable></command></userinput></screen> 269 270 <para> 271 Now we need to populate the database with principles (users). For now, 272 just use your regular login name or root. 273 </para> 274 275 <screen><userinput><command>add <replaceable>[loginname]</replaceable></command></userinput></screen> 276 277 <para> 278 The <acronym>KDC</acronym> server and any machine running kerberized 279 server daemons must have a host key installed: 280 </para> 281 282 <screen><userinput><command>add --random-key host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 283 284 <para> 285 After choosing the defaults when prompted, you will have to export the 286 data to a keytab file: 287 </para> 288 289 <screen><userinput><command>ext host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 290 291 <para> 292 This should have created two files in 293 <filename class="directory">/etc/heimdal</filename>; 294 <filename>krb5.keytab</filename> (Kerberos 5) and 295 <filename>srvtab</filename> (Kerberos 4). Both files should have 600 296 (root rw only) permissions. Keeping the keytab files from public access 297 is crucial to the overall security of the Kerberos installation. 298 </para> 299 300 <para> 301 Eventually, you'll want to add server daemon principles to the database 302 and extract them to the keytab file. You do this in the same way you 303 created the host principles. Below is an example: 304 </para> 305 306 <screen><userinput><command>add --random-key ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 307 308 <para> 309 (choose the defaults) 310 </para> 311 312 <screen><userinput><command>ext ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> 313 314 <para> 315 Exit the <command>kadmin</command> program (use <command>quit</command> 316 or <command>exit</command>) and return back to the shell prompt. Start 317 the <acronym>KDC</acronym> daemon manually, just to test out the 318 installation: 319 </para> 320 321 <screen><userinput><command>/usr/sbin/kdc &</command></userinput></screen> 322 323 <para> 324 Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with the 325 following command: 326 </para> 327 328 <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen> 329 330 <para> 331 You will be prompted for the password you created. After you get your 332 ticket, you should list it with the following command: 333 </para> 334 335 <screen><userinput><command>klist</command></userinput></screen> 336 337 <para> 338 Information about the ticket should be displayed on the screen. 339 </para> 340 341 <para> 342 To test the functionality of the keytab file, issue the following 343 command: 344 </para> 345 346 <screen><userinput><command>ktutil list</command></userinput></screen> 347 348 <para> 349 This should dump a list of the host principals, along with the encryption 350 methods used to access the principals. 351 </para> 352 353 <para> 354 At this point, if everything has been successful so far, you can feel 355 fairly confident in the installation and configuration of the package. 356 </para> 357 358 <para>Install the <filename>/etc/rc.d/init.d/heimdal</filename> init script 359 included in the <xref linkend="intro-important-bootscripts"/> 360 package.</para> 361 362 <screen><userinput><command>make install-heimdal</command></userinput></screen> 363 364 </sect4> 365 366 <sect4><title>Using Kerberized Client Programs</title> 367 368 <para> 369 To use the kerberized client programs (<command>telnet</command>, 370 <command>ftp</command>, <command>rsh</command>, 371 <command>rxterm</command>, <command>rxtelnet</command>, 372 <command>rcp</command>, <command>xnlock</command>), you first must get 373 a <acronym>TGT</acronym>. Use the <command>kinit</command> program to 374 get the ticket. After you've acquired the ticket, you can use the 375 kerberized programs to connect to any kerberized server on the network. 376 You will not be prompted for authentication until your ticket expires 377 (default is one day), unless you specify a different user as a command 378 line argument to the program. 379 </para> 380 381 <para> 382 The kerberized programs will connect to non kerberized daemons, warning 383 you that authentication is not encrypted. As mentioned earlier, only the 384 <command>ftp</command> program gives any trouble connecting to non 385 kerberized daemons. 386 </para> 387 388 <para> 389 For additional information consult <ulink 390 url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the 391 Heimdal hint</ulink> on which the above instructions are based. 392 </para> 393 394 </sect4> 395 396 </sect3> 397 398 </sect2> 399 400 <sect2> 401 <title>Contents</title> 402 403 <para>The <application>Heimdal</application> package contains 404 <command>afslog</command>, 405 <command>dump_log</command>, 406 <command>ftp</command>, 407 <command>ftpd</command>, 408 <command>hprop</command>, 409 <command>hpropd</command>, 410 <command>ipropd-master</command>, 411 <command>ipropd-slave</command>, 412 <command>kadmin</command>, 413 <command>kadmind</command>, 414 <command>kauth</command>, 415 <command>kdc</command>, 416 <command>kdestroy</command>, 417 <command>kf</command>, 418 <command>kfd</command>, 419 <command>kgetcred</command>, 420 <command>kinit</command>, 421 <command>klist</command>, 422 <command>kpasswd</command>, 423 <command>kpasswdd</command>, 424 <command>krb5-config</command>, 425 <command>kstash</command>, 426 <command>ktutil</command>, 427 <command>kx</command>, 428 <command>kxd</command>, 429 <command>login</command>, 430 <command>mk_cmds</command>, 431 <command>otp</command>, 432 <command>otpprint</command>, 433 <command>pagsh</command>, 434 <command>pfrom</command>, 435 <command>popper</command>, 436 <command>push</command>, 437 <command>rcp</command>, 438 <command>replay_log</command>, 439 <command>rsh</command>, 440 <command>rshd</command>, 441 <command>rxtelnet</command>, 442 <command>rxterm</command>, 443 <command>string2key</command>, 444 <command>su</command>, 445 <command>telnet</command>, 446 <command>telnetd</command>, 447 <command>tenletxr</command>, 448 <command>truncate_log</command>, 449 <command>verify_krb5_conf</command>, 450 <command>xnlock</command>, 451 <filename class="libraryfile">libasn1</filename>, 452 <filename class="libraryfile">libeditline</filename>, 453 <filename class="libraryfile">libgssapi</filename>, 454 <filename class="libraryfile">libhdb</filename>, 455 <filename class="libraryfile">libkadm5clnt</filename>, 456 <filename class="libraryfile">libkadm5srv</filename>, 457 <filename class="libraryfile">libkafs</filename>, 458 <filename class="libraryfile">libkrb5</filename>, 459 <filename class="libraryfile">libotp</filename>, 460 <filename class="libraryfile">libroken</filename>, 461 <filename class="libraryfile">libsl</filename> and 462 <filename class="libraryfile">libss</filename>. 463 464 </para> 465 466 </sect2> 467 468 <sect2><title>Description</title> 469 470 <sect3><title>afslog</title> 471 <para><command>afslog</command> obtains AFS tokens for a number of 472 cells.</para></sect3> 473 474 <sect3><title>hprop</title> 475 <para><command>hprop</command> takes a principal database in a specified 476 format and converts it into a stream of Heimdal database 477 records.</para></sect3> 478 479 <sect3><title>hpropd</title> 480 <para><command>hpropd</command> receives a database sent by 481 <command>hprop</command> and writes it as a local 482 database.</para></sect3> 483 484 <sect3><title>kadmin</title> 485 <para><command>kadmin</command> is an utility used to make modifications 486 to the Kerberos database.</para></sect3> 487 488 <sect3><title>kadmind</title> 489 <para><command>kadmind</command> is a server for administrative access 490 to Kerberos database.</para></sect3> 491 492 <sect3><title>kauth, kinit</title> 493 <para><command>kauth</command> and <command>kinit</command> are used to 494 authenticate to the Kerberos server as principal and acquire a ticket 495 granting ticket that can later be used to obtain tickets for other 496 services.</para></sect3> 497 498 <sect3><title>kdc</title> 499 <para><command>kdc</command> is a Kerberos 5 server.</para></sect3> 500 501 <sect3><title>kdestroy</title> 502 <para><command>kdestroy</command> removes the current set of 503 tickets.</para></sect3> 504 505 <sect3><title>kf</title> 506 <para><command>kf</command> is a program which forwards tickets to a 507 remote host through an authenticated and encrypted 508 stream.</para></sect3> 509 510 <sect3><title>kfd</title> 511 <para><command>kfd</command> receives forwarded tickets.</para></sect3> 512 513 <sect3><title>kgetcred</title> 514 <para><command>kgetcred</command> obtains a ticket for a 515 service.</para></sect3> 516 517 <sect3><title>klist</title> 518 <para><command>klist</command> reads and displays the current tickets in 519 the credential cache.</para></sect3> 520 521 <sect3><title>kpasswd</title> 522 <para><command>kpasswd</command> is a program for changing Kerberos 5 523 passwords.</para></sect3> 524 525 <sect3><title>kpasswdd</title> 526 <para><command>kpasswdd</command> is a Kerberos 5 password changing 527 server.</para></sect3> 528 529 <sect3><title>krb5-config</title> 530 <para><command>krb5-config</command> gives information on how to link 531 programs against Heimdal libraries.</para></sect3> 532 533 <sect3><title>kstash</title> 534 <para><command>kstash</command> stores the <acronym>KDC</acronym> master 535 password in a file.</para></sect3> 536 537 <sect3><title>ktutil</title> 538 <para><command>ktutil</command> is a program for managing Kerberos 539 keytabs.</para></sect3> 540 541 <sect3><title>kx</title> 542 <para><command>kx</command> is a program which securely forwards X 543 connections.</para></sect3> 544 545 <sect3><title>kxd</title> 546 <para><command>kxd</command> is the daemon for 547 <command>kx</command>.</para></sect3> 548 549 <sect3><title>otp</title> 550 <para><command>otp</command> manages one-time passwords.</para></sect3> 551 552 <sect3><title>otpprint</title> 553 <para><command>otpprint</command> prints lists of one-time 554 passwords.</para></sect3> 555 556 <sect3><title>rxtelnet</title> 557 <para><command>rxtelnet</command> program starts an 558 <command>xterm</command> window with a telnet to given host and forwards 559 X connections.</para></sect3> 560 561 <sect3><title>rxterm</title> 562 <para><command>rxterm</command> starts a secure remote 563 <command>xterm</command>.</para></sect3> 564 565 <sect3><title>string2key</title> 566 <para><command>string2key</command> maps a password into a 567 key.</para></sect3> 568 569 <sect3><title>tenletxr</title> 570 <para><command>tenletxr</command> forwards X connections 571 backwards.</para></sect3> 572 573 <sect3><title>verify_krb5_conf</title> 574 <para><command>verify_krb5_conf</command> checks 575 <filename>krb5.conf</filename> file for obvious errors.</para></sect3> 576 577 <sect3><title>xnlock</title> 578 <para><command>xnlock</command> is a program that acts as a secure screen 579 saver for workstations running X.</para></sect3> 580 581 </sect2> 10 582 11 583 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.