Changeset fa47d680 for postlfs/security/mitkrb.xml
- Timestamp:
- 07/23/2012 07:48:08 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- edb9c52
- Parents:
- 696e766
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/mitkrb.xml
r696e766 rfa47d680 6 6 7 7 <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.10/krb5-&mitkrb-version;-signed.tar"> 8 <!ENTITY mitkrb-download-ftp " ">9 <!ENTITY mitkrb-md5sum "43d6a2f6f4f96fbf8423732065b49f0f">10 <!ENTITY mitkrb-size "10MB">11 <!ENTITY mitkrb-buildsize "100 MB">12 <!ENTITY mitkrb-time "1.0 SBU">8 <!ENTITY mitkrb-download-ftp " "> 9 <!ENTITY mitkrb-md5sum "ddacb6ad7399681ad1506f435a2683b6"> 10 <!ENTITY mitkrb-size "11 MB"> 11 <!ENTITY mitkrb-buildsize "110 MB (Additional 20 MB if running the testsuite)"> 12 <!ENTITY mitkrb-time "1.2 SBU (additional 2.0 SBU if running the testsuite)"> 13 13 ]> 14 14 … … 30 30 <title>Introduction to MIT Kerberos V5</title> 31 31 32 <para><application>MIT Kerberos V5</application> is a free implementation 33 of Kerberos 5. Kerberos is a network authentication protocol. It 34 centralizes the authentication database and uses kerberized 35 applications to work with servers or services that support Kerberos 36 allowing single logins and encrypted communication over internal 37 networks or the Internet.</para> 38 39 &lfs70_checked; 32 <para> 33 <application>MIT Kerberos V5</application> is a free implementation 34 of Kerberos 5. Kerberos is a network authentication protocol. It 35 centralizes the authentication database and uses kerberized 36 applications to work with servers or services that support Kerberos 37 allowing single logins and encrypted communication over internal 38 networks or the Internet. 39 </para> 40 41 &lfs71_checked; 40 42 41 43 <bridgehead renderas="sect3">Package Information</bridgehead> 42 44 <itemizedlist spacing="compact"> 43 45 <listitem> 44 <para>Download (HTTP): <ulink url="&mitkrb-download-http;"/></para> 46 <para> 47 Download (HTTP): <ulink url="&mitkrb-download-http;"/> 48 </para> 45 49 </listitem> 46 50 <listitem> 47 <para>Download (FTP): <ulink url="&mitkrb-download-ftp;"/></para> 51 <para> 52 Download (FTP): <ulink url="&mitkrb-download-ftp;"/> 53 </para> 48 54 </listitem> 49 55 <listitem> 50 <para>Download MD5 sum: &mitkrb-md5sum;</para> 56 <para> 57 Download MD5 sum: &mitkrb-md5sum; 58 </para> 51 59 </listitem> 52 60 <listitem> 53 <para>Download size: &mitkrb-size;</para> 61 <para> 62 Download size: &mitkrb-size; 63 </para> 54 64 </listitem> 55 65 <listitem> 56 <para>Estimated disk space required: &mitkrb-buildsize;</para> 66 <para> 67 Estimated disk space required: &mitkrb-buildsize; 68 </para> 57 69 </listitem> 58 70 <listitem> 59 <para>Estimated build time: &mitkrb-time;</para> 71 <para> 72 Estimated build time: &mitkrb-time; 73 </para> 60 74 </listitem> 61 75 </itemizedlist> … … 64 78 65 79 <bridgehead renderas="sect4">Optional</bridgehead> 66 <para role="optional"><xref linkend="keyutils"/>, 67 <xref linkend="openldap"/>, and 68 <xref linkend="dejagnu"/> (required to run the test suite)</para> 80 <para role="optional"> 81 <xref linkend="dejagnu"/> (required to run the testsuite), 82 <xref linkend="keyutils"/>, 83 <xref linkend="openldap"/> and 84 <xref linkend="python2"/> (used during the testsuite). 85 </para> 69 86 70 87 <note> 71 <para>Some sort of time synchronization facility on your system (like 72 <xref linkend="ntp"/>) is required since Kerberos won't authenticate if 73 there is a time difference between a kerberized client and the 74 KDC server.</para> 88 <para> 89 Some sort of time synchronization facility on your system (like 90 <xref linkend="ntp"/>) is required since Kerberos won't authenticate 91 if there is a time difference between a kerberized client and the 92 KDC server. 93 </para> 75 94 </note> 76 95 77 96 <para condition="html" role="usernotes">User Notes: 78 <ulink url="&blfs-wiki;/mitkrb"/></para>79 97 <ulink url="&blfs-wiki;/mitkrb"/> 98 </para> 80 99 </sect2> 81 100 … … 83 102 <title>Installation of MIT Kerberos V5</title> 84 103 85 <para><application>MIT Kerberos V5</application> is distributed in a 86 TAR file containing a compressed TAR package and a detached PGP 87 <filename class="extension">ASC</filename> file. You'll need to unpack 88 the distribution tar file, then unpack the compressed tar file before 89 starting the build.</para> 90 91 <para>After unpacking the distribution tarball and if you have 92 <xref linkend="gnupg"/> installed, you can 93 authenticate the package with the following command:</para> 104 <para> 105 <application>MIT Kerberos V5</application> is distributed in a 106 TAR file containing a compressed TAR package and a detached PGP 107 <filename class="extension">ASC</filename> file. You'll need to unpack 108 the distribution tar file, then unpack the compressed tar file before 109 starting the build. 110 </para> 111 112 <para> 113 After unpacking the distribution tarball and if you have 114 <xref linkend="gnupg"/> installed, you can 115 authenticate the package with the following command: 116 </para> 94 117 95 118 <screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen> 96 119 97 <para>Build <application>MIT Kerberos V5</application> by running the 98 following commands:</para> 120 <para> 121 Build <application>MIT Kerberos V5</application> by running the 122 following commands: 123 </para> 99 124 100 125 <screen><userinput>sed -i -e 's/^YYSTYPE yylval/&={0}/' lib/krb5/krb/deltat.c && … … 108 133 make</userinput></screen> 109 134 110 <para>The regression test suite is designed to be run after the 111 installation has been completed.</para> 112 113 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 135 <para> 136 The regression test suite is designed to be run after the 137 installation has been completed. 138 </para> 139 140 <para> 141 Now, as the <systemitem class="username">root</systemitem> user: 142 </para> 114 143 115 144 <screen role="root"><userinput>make install && … … 135 164 cp -Rv ../doc/* /usr/share/doc/krb5-&mitkrb-version;</userinput></screen> 136 165 137 <!-- Remove this for now as portmap cannot be built until upstream fixes it 138 139 <para>To test the installation, you must have 140 <xref linkend="dejagnu"/> installed and issue: <command>make 141 check</command>. The RPC layer tests will require a portmap daemon 142 (see <xref linkend="portmap"/>) running and configured to listen on the 143 regular network interface (not localhost). See the <quote>Testing the 144 Build</quote> section of the <filename>krb5-install.html</filename> file 145 in the <filename class='directory'>../doc</filename> directory for complete 146 information on running the regression tests.</para> 147 --> 166 <para> 167 To test the installation, you must have <xref linkend="dejagnu"/> 168 installed and issue: <command>make check</command>. 169 </para> 170 148 171 </sect2> 149 172 … … 151 174 <title>Command Explanations</title> 152 175 153 <para><userinput>sed ... lib/krb5/krb/deltat.c</userinput>: This change 154 fixes a problem identified by gcc-4.7.</para> 155 156 <para><parameter>--enable-dns-for-realm</parameter>: This parameter allows 157 realms to be resolved using the DNS server.</para> 158 159 <para><parameter>--with-system-et</parameter>: This parameter causes the 160 build to use the system-installed versions of the error-table support 161 software.</para> 162 163 <para><parameter>--with-system-ss</parameter>: This parameter causes the 164 build to use the system-installed versions of the subsystem command-line 165 interface software.</para> 166 167 <para><parameter>--localstatedir=/var/lib</parameter>: This parameter is 168 used so that the Kerberos variable run-time data is located in 169 <filename class='directory'>/var/lib</filename> instead of 170 <filename class='directory'>/usr/var</filename>.</para> 171 172 <para><command>mv -v /usr/bin/ksu /bin</command>: Moves the 173 <command>ksu</command> program to the 174 <filename class="directory">/bin</filename> directory so that it is 175 available when the <filename class="directory">/usr</filename> 176 filesystem is not mounted.</para> 176 <para> 177 <command>sed ... lib/krb5/krb/deltat.c</command>: This sed 178 fixes a problem when building with GCC 4.7. 179 </para> 180 181 <para> 182 <option>--enable-dns-for-realm</option>: This parameter allows 183 realms to be resolved using the DNS server. 184 </para> 185 186 <para> 187 <option>--with-system-et</option>: This switch causes the build 188 to use the system-installed versions of the error-table support 189 software. 190 </para> 191 192 <para> 193 <option>--with-system-ss</option>: This switch causes the build 194 to use the system-installed versions of the subsystem command-line 195 interface software. 196 </para> 197 198 <para> 199 <parameter>--localstatedir=/var/lib</parameter>: This parameter is 200 used so that the Kerberos variable run-time data is located in 201 <filename class="directory">/var/lib</filename> instead of 202 <filename class="directory">/usr/var</filename>. 203 </para> 204 205 <para> 206 <command>mv -v /usr/bin/ksu /bin</command>: Moves the 207 <command>ksu</command> program to the 208 <filename class="directory">/bin</filename> directory so that it is 209 available when the <filename class="directory">/usr</filename> 210 filesystem is not mounted. 211 </para> 212 213 <para> 214 <option>--with-ldap</option>: Use this switch if you want to compile 215 <application>OpenLDAP</application> database backend module. 216 </para> 177 217 178 218 </sect2> … … 184 224 <title>Config Files</title> 185 225 186 <para><filename>/etc/krb5.conf</filename> and 187 <filename>/var/lib/krb5kdc/kdc.conf</filename></para> 226 <para> 227 <filename>/etc/krb5.conf</filename> and 228 <filename>/var/lib/krb5kdc/kdc.conf</filename> 229 </para> 188 230 189 231 <indexterm zone="mitkrb krb5-config"> … … 204 246 205 247 <tip> 206 <para>You should consider installing some sort of password checking 207 dictionary so that you can configure the installation to only 208 accept strong passwords. A suitable dictionary to use is shown in 209 the <xref linkend="cracklib"/> instructions. Note that only one 210 file can be used, but you can concatenate many files into one. The 211 configuration file shown below assumes you have installed a 212 dictionary to <filename>/usr/share/dict/words</filename>.</para> 248 <para> 249 You should consider installing some sort of password checking 250 dictionary so that you can configure the installation to only 251 accept strong passwords. A suitable dictionary to use is shown in 252 the <xref linkend="cracklib"/> instructions. Note that only one 253 file can be used, but you can concatenate many files into one. The 254 configuration file shown below assumes you have installed a 255 dictionary to <filename>/usr/share/dict/words</filename>. 256 </para> 213 257 </tip> 214 258 215 <para>Create the Kerberos configuration file with the following 216 commands issued by the <systemitem class="username">root</systemitem> 217 user:</para> 259 <para> 260 Create the Kerberos configuration file with the following 261 commands issued by the <systemitem class="username">root</systemitem> 262 user: 263 </para> 218 264 219 265 <screen role="root"><userinput>cat > /etc/krb5.conf << "EOF" … … 242 288 EOF</userinput></screen> 243 289 244 <para>You will need to substitute your domain and proper hostname 245 for the occurrences of the <replaceable><belgarath></replaceable> and 246 <replaceable><lfs.org></replaceable> names.</para> 247 248 <para><option>default_realm</option> should be the name of your 249 domain changed to ALL CAPS. This isn't required, but both 250 <application>Heimdal</application> and MIT recommend it.</para> 251 252 <para><option>encrypt = true</option> provides encryption of all 253 traffic between kerberized clients and servers. It's not necessary 254 and can be left off. If you leave it off, you can encrypt all traffic 255 from the client to the server using a switch on the client program 256 instead.</para> 257 258 <para>The <option>[realms]</option> parameters tell the client 259 programs where to look for the KDC authentication services.</para> 260 261 <para>The <option>[domain_realm]</option> section maps a domain to 262 a realm.</para> 263 264 <para>Create the KDC database:</para> 290 <para> 291 You will need to substitute your domain and proper hostname for the 292 occurrences of the <replaceable><belgarath></replaceable> and 293 <replaceable><lfs.org></replaceable> names. 294 </para> 295 296 <para> 297 <option>default_realm</option> should be the name of your 298 domain changed to ALL CAPS. This isn't required, but both 299 <application>Heimdal</application> and MIT recommend it. 300 </para> 301 302 <para> 303 <option>encrypt = true</option> provides encryption of all traffic 304 between kerberized clients and servers. It's not necessary and can 305 be left off. If you leave it off, you can encrypt all traffic from 306 the client to the server using a switch on the client program 307 instead. 308 </para> 309 310 <para> 311 The <option>[realms]</option> parameters tell the client programs 312 where to look for the KDC authentication services. 313 </para> 314 315 <para> 316 The <option>[domain_realm]</option> section maps a domain to a realm. 317 </para> 318 319 <para> 320 Create the KDC database: 321 </para> 265 322 266 323 <screen role="root"><userinput>kdb5_util create -r <replaceable><LFS.ORG></replaceable> -s</userinput></screen> 267 324 268 <para>Now you should populate the database with principles 269 (users). For now, just use your regular login name or 270 <systemitem class="username">root</systemitem>.</para> 325 <para> 326 Now you should populate the database with principles 327 (users). For now, just use your regular login name or 328 <systemitem class="username">root</systemitem>. 329 </para> 271 330 272 331 <screen role="root"><userinput>kadmin.local … … 274 333 <prompt>kadmin:</prompt> addprinc -policy dict-only <replaceable><loginname></replaceable></userinput></screen> 275 334 276 <para>The KDC server and any machine running kerberized 277 server daemons must have a host key installed:</para> 278 279 <screen role='root'><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen> 280 281 <para>After choosing the defaults when prompted, you will have to 282 export the data to a keytab file:</para> 283 284 <screen role='root'><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen> 285 286 <para>This should have created a file in 287 <filename class="directory">/etc</filename> named 288 <filename>krb5.keytab</filename> (Kerberos 5). This file should 289 have 600 (<systemitem class="username">root</systemitem> rw only) 290 permissions. Keeping the keytab files from public access is crucial 291 to the overall security of the Kerberos installation.</para> 292 293 <para>Exit the <command>kadmin</command> program (use 294 <command>quit</command> or <command>exit</command>) and return 295 back to the shell prompt. Start the KDC daemon manually, just to 296 test out the installation:</para> 297 298 <screen role='root'><userinput>/usr/sbin/krb5kdc</userinput></screen> 299 300 <para>Attempt to get a ticket with the following command:</para> 335 <para> 336 The KDC server and any machine running kerberized 337 server daemons must have a host key installed: 338 </para> 339 340 <screen role="root"><userinput><prompt>kadmin:</prompt> addprinc -randkey host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen> 341 342 <para> 343 After choosing the defaults when prompted, you will have to 344 export the data to a keytab file: 345 </para> 346 347 <screen role="root"><userinput><prompt>kadmin:</prompt> ktadd host/<replaceable><belgarath.lfs.org></replaceable></userinput></screen> 348 349 <para> 350 This should have created a file in 351 <filename class="directory">/etc</filename> named 352 <filename>krb5.keytab</filename> (Kerberos 5). This file should 353 have 600 (<systemitem class="username">root</systemitem> rw only) 354 permissions. Keeping the keytab files from public access is crucial 355 to the overall security of the Kerberos installation. 356 </para> 357 358 <para> 359 Exit the <command>kadmin</command> program (use 360 <command>quit</command> or <command>exit</command>) and return 361 back to the shell prompt. Start the KDC daemon manually, just to 362 test out the installation: 363 </para> 364 365 <screen role="root"><userinput>/usr/sbin/krb5kdc</userinput></screen> 366 367 <para> 368 Attempt to get a ticket with the following command: 369 </para> 301 370 302 371 <screen><userinput>kinit <replaceable><loginname></replaceable></userinput></screen> 303 372 304 <para>You will be prompted for the password you created. After you 305 get your ticket, you can list it with the following command:</para> 373 <para> 374 You will be prompted for the password you created. After you 375 get your ticket, you can list it with the following command: 376 </para> 306 377 307 378 <screen><userinput>klist</userinput></screen> 308 379 309 <para>Information about the ticket should be displayed on the 310 screen.</para> 311 312 <para>To test the functionality of the keytab file, issue the 313 following command:</para> 380 <para> 381 Information about the ticket should be displayed on the 382 screen. 383 </para> 384 385 <para> 386 To test the functionality of the keytab file, issue the 387 following command: 388 </para> 314 389 315 390 <screen><userinput>ktutil … … 317 392 <prompt>ktutil:</prompt> l</userinput></screen> 318 393 319 <para>This should dump a list of the host principal, along with 320 the encryption methods used to access the principal.</para> 321 322 <para>At this point, if everything has been successful so far, you 323 can feel fairly confident in the installation and configuration of 324 the package.</para> 325 326 <para>Install the <filename>/etc/rc.d/init.d/kerberos</filename> init 327 script included in the <xref linkend="bootscripts"/> 328 package.</para> 394 <para> 395 This should dump a list of the host principal, along with 396 the encryption methods used to access the principal. 397 </para> 398 399 <para> 400 At this point, if everything has been successful so far, you 401 can feel fairly confident in the installation and configuration of 402 the package. 403 </para> 404 405 <para> 406 Install the <filename>/etc/rc.d/init.d/kerberos</filename> init 407 script included in the <xref linkend="bootscripts"/> package. 408 </para> 329 409 330 410 <screen role="root"><userinput>make install-kerberos</userinput></screen> … … 335 415 <title>Additional Information</title> 336 416 337 <para>For additional information consult <ulink 338 url="http://web.mit.edu/kerberos/www/krb5-1.10/#documentation"> 339 Documentation for krb-&mitkrb-version;</ulink> on which the above 340 instructions are based.</para> 417 <para> 418 For additional information consult <ulink 419 url="http://web.mit.edu/kerberos/www/krb5-1.10/#documentation"> 420 Documentation for krb-&mitkrb-version;</ulink> on which the above 421 instructions are based. 422 </para> 341 423 342 424 </sect4> … … 347 429 348 430 <sect2 role="content"> 431 349 432 <title>Contents</title> 350 433 <para></para> … … 356 439 357 440 <seglistitem> 358 <seg>gss-client, gss-server, k5srvutil, kadmin, kadmin.local, 359 kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist, 360 kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr, 361 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server, 362 sserver, uuclient, and uuserver</seg> 363 <seg>libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, 364 libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so, 365 libkrb5.so, libkrb5support.so, libverto-k5ev.so and 366 libverto.so</seg> 367 <seg>/usr/include/{gssapi,gssrpc,kadm5,krb5}, /usr/lib/krb5, 368 /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5,gnats} 369 and /var/lib/krb5kdc</seg> 441 <seg> 442 gss-client, gss-server, k5srvutil, kadmin, kadmin.local, 443 kadmind, kdb5_ldap_util, kdb5_util, kdestroy, kinit, klist, 444 kpasswd, kprop, kpropd, krb5-config, krb5kdc, krb5-send-pr, 445 ksu, kswitch, ktutil, kvno, sclient, sim_client, sim_server, 446 sserver, uuclient and uuserver 447 </seg> 448 <seg> 449 libgssapi_krb5.so, libgssrpc.so, libk5crypto.so, 450 libkadm5clnt.so, libkadm5srv.so, libkdb5.so, libkdb_ldap.so, 451 libkrb5.so, libkrb5support.so, libverto-k5ev.so and 452 libverto.so 453 </seg> 454 <seg> 455 /usr/include/{gssapi,gssrpc,kadm5,krb5}, 456 /usr/lib/krb5, 457 /usr/share/doc/krb5-&mitkrb-version;, 458 /usr/share/examples/krb5 and 459 /var/lib/krb5kdc 460 </seg> 370 461 </seglistitem> 371 462 </segmentedlist> … … 379 470 <term><command>k5srvutil</command></term> 380 471 <listitem> 381 <para>is a host keytable manipulation utility.</para> 472 <para> 473 is a host keytable manipulation utility. 474 </para> 382 475 <indexterm zone="mitkrb k5srvutil"> 383 476 <primary sortas="b-k5srvutil">k5srvutil</primary> … … 386 479 </varlistentry> 387 480 388 <varlistentry id="kadmin -mitkrb">481 <varlistentry id="kadmin"> 389 482 <term><command>kadmin</command></term> 390 483 <listitem> 391 <para>is an utility used to make modifications 392 to the Kerberos database.</para> 393 <indexterm zone="mitkrb kadmin-mitkrb"> 484 <para> 485 is an utility used to make modifications 486 to the Kerberos database. 487 </para> 488 <indexterm zone="mitkrb kadmin"> 394 489 <primary sortas="b-kadmin">kadmin</primary> 395 490 </indexterm> … … 397 492 </varlistentry> 398 493 399 <varlistentry id="kadmind -mitkrb">494 <varlistentry id="kadmind"> 400 495 <term><command>kadmind</command></term> 401 496 <listitem> 402 <para>is a server for administrative access 403 to a Kerberos database.</para> 404 <indexterm zone="mitkrb kadmind-mitkrb"> 497 <para> 498 is a server for administrative access 499 to a Kerberos database. 500 </para> 501 <indexterm zone="mitkrb kadmind"> 405 502 <primary sortas="b-kadmind">kadmind</primary> 406 503 </indexterm> … … 411 508 <term><command>kdb5_util</command></term> 412 509 <listitem> 413 <para>is the KDC database utility.</para> 510 <para> 511 is the KDC database utility. 512 </para> 414 513 <indexterm zone="mitkrb kdb5_util"> 415 514 <primary sortas="b-kdb5_util">kdb5_util</primary> … … 418 517 </varlistentry> 419 518 420 <varlistentry id="kdestroy -mitkrb">519 <varlistentry id="kdestroy"> 421 520 <term><command>kdestroy</command></term> 422 521 <listitem> 423 <para>removes the current set of tickets.</para> 424 <indexterm zone="mitkrb kdestroy-mitkrb"> 522 <para> 523 removes the current set of tickets. 524 </para> 525 <indexterm zone="mitkrb kdestroy"> 425 526 <primary sortas="b-kdestroy">kdestroy</primary> 426 527 </indexterm> … … 428 529 </varlistentry> 429 530 430 <varlistentry id="kinit -mitkrb">531 <varlistentry id="kinit"> 431 532 <term><command>kinit</command></term> 432 533 <listitem> 433 <para>is used to authenticate to the Kerberos server as a 434 principal and acquire a ticket granting ticket that can 435 later be used to obtain tickets for other services.</para> 436 <indexterm zone="mitkrb kinit-mitkrb"> 534 <para> 535 is used to authenticate to the Kerberos server as a 536 principal and acquire a ticket granting ticket that can 537 later be used to obtain tickets for other services. 538 </para> 539 <indexterm zone="mitkrb kinit"> 437 540 <primary sortas="b-kinit">kinit</primary> 438 541 </indexterm> … … 440 543 </varlistentry> 441 544 442 <varlistentry id="klist -mitkrb">545 <varlistentry id="klist"> 443 546 <term><command>klist</command></term> 444 547 <listitem> 445 <para>reads and displays the current tickets in 446 the credential cache.</para> 447 <indexterm zone="mitkrb klist-mitkrb"> 548 <para> 549 reads and displays the current tickets in 550 the credential cache. 551 </para> 552 <indexterm zone="mitkrb klist"> 448 553 <primary sortas="b-klist">klist</primary> 449 554 </indexterm> … … 451 556 </varlistentry> 452 557 453 <varlistentry id="kpasswd -mitkrb">558 <varlistentry id="kpasswd"> 454 559 <term><command>kpasswd</command></term> 455 560 <listitem> 456 <para>is a program for changing Kerberos 5 passwords.</para> 457 <indexterm zone="mitkrb kpasswd-mitkrb"> 561 <para> 562 is a program for changing Kerberos 5 passwords. 563 </para> 564 <indexterm zone="mitkrb kpasswd"> 458 565 <primary sortas="b-kpasswd">kpasswd</primary> 459 566 </indexterm> … … 464 571 <term><command>kprop</command></term> 465 572 <listitem> 466 <para>takes a principal database in a specified format and 467 converts it into a stream of database records.</para> 573 <para> 574 takes a principal database in a specified format and 575 converts it into a stream of database records. 576 </para> 468 577 <indexterm zone="mitkrb kprop"> 469 578 <primary sortas="b-kprop">kprop</primary> … … 475 584 <term><command>kpropd</command></term> 476 585 <listitem> 477 <para>receives a database sent by <command>kprop</command> 478 and writes it as a local database.</para> 586 <para> 587 receives a database sent by <command>kprop</command> 588 and writes it as a local database. 589 </para> 479 590 <indexterm zone="mitkrb kpropd"> 480 591 <primary sortas="b-kpropd">kpropd</primary> … … 486 597 <term><command>krb5-config</command></term> 487 598 <listitem> 488 <para>gives information on how to link programs against 489 libraries.</para> 599 <para> 600 gives information on how to link programs against 601 libraries. 602 </para> 490 603 <indexterm zone="mitkrb krb5-config-prog2"> 491 604 <primary sortas="b-krb5-config">krb5-config</primary> … … 497 610 <term><command>krb5kdc</command></term> 498 611 <listitem> 499 <para>is a Kerberos 5 server.</para> 612 <para> 613 is the <application>Kerberos 5</application> server. 614 </para> 500 615 <indexterm zone="mitkrb krb5kdc"> 501 616 <primary sortas="b-krb5kdc">krb5kdc</primary> … … 507 622 <term><command>ksu</command></term> 508 623 <listitem> 509 <para>is the super user program using Kerberos protocol. 510 Requires a properly configured 511 <filename class="directory">/etc/shells</filename> and 512 <filename>~/.k5login</filename> containing principals 513 authorized to become super users.</para> 624 <para> 625 is the super user program using Kerberos protocol. 626 Requires a properly configured 627 <filename>/etc/shells</filename> and 628 <filename>~/.k5login</filename> containing principals 629 authorized to become super users. 630 </para> 514 631 <indexterm zone="mitkrb ksu"> 515 632 <primary sortas="b-ksu">ksu</primary> … … 521 638 <term><command>kswitch</command></term> 522 639 <listitem> 523 <para>makes the specified credential cache the 524 primary cache for the collection, if a cache 525 collection is available.</para> 640 <para> 641 makes the specified credential cache the 642 primary cache for the collection, if a cache 643 collection is available. 644 </para> 526 645 <indexterm zone="mitkrb kswitch"> 527 646 <primary sortas="b-kswitch">kswitch</primary> … … 530 649 </varlistentry> 531 650 532 <varlistentry id="ktutil -mitkrb">651 <varlistentry id="ktutil"> 533 652 <term><command>ktutil</command></term> 534 653 <listitem> 535 <para>is a program for managing Kerberos keytabs.</para> 536 <indexterm zone="mitkrb ktutil-mitkrb"> 654 <para> 655 is a program for managing Kerberos keytabs. 656 </para> 657 <indexterm zone="mitkrb ktutil"> 537 658 <primary sortas="b-ktutil">ktutil</primary> 538 659 </indexterm> … … 543 664 <term><command>kvno</command></term> 544 665 <listitem> 545 <para>prints keyversion numbers of Kerberos principals.</para> 666 <para> 667 prints keyversion numbers of Kerberos principals. 668 </para> 546 669 <indexterm zone="mitkrb kvno"> 547 670 <primary sortas="b-kvno">kvno</primary> … … 553 676 <term><command>sclient</command></term> 554 677 <listitem> 555 <para>used to contact a sample server and authenticate to it 556 using Kerberos version 5 tickets, then display the server's 557 response.</para> 678 <para> 679 used to contact a sample server and authenticate to it 680 using Kerberos 5 tickets, then display the server's 681 response. 682 </para> 558 683 <indexterm zone="mitkrb sclient"> 559 684 <primary sortas="b-sclient">sclient</primary> … … 565 690 <term><command>sserver</command></term> 566 691 <listitem> 567 <para>sample Kerberos version 5 server.</para> 692 <para> 693 is the sample Kerberos 5 server. 694 </para> 568 695 <indexterm zone="mitkrb sserver"> 569 696 <primary sortas="b-sserver">sserver</primary> … … 572 699 </varlistentry> 573 700 574 <varlistentry id="libgssapi_krb5 -mitkrb">701 <varlistentry id="libgssapi_krb5"> 575 702 <term><filename class='libraryfile'>libgssapi_krb5.so</filename></term> 576 703 <listitem> 577 <para>contain the Generic Security Service Application 578 Programming Interface (GSSAPI) functions which provides security 579 services to callers in a generic fashion, supportable with a range of 580 underlying mechanisms and technologies and hence allowing source-level 581 portability of applications to different environments.</para> 582 <indexterm zone="mitkrb libgssapi_krb5-mitkrb"> 704 <para> 705 contain the Generic Security Service Application Programming 706 Interface (GSSAPI) functions which provides security services 707 to callers in a generic fashion, supportable with a range of 708 underlying mechanisms and technologies and hence allowing 709 source-level portability of applications to different 710 environments. 711 </para> 712 <indexterm zone="mitkrb libgssapi_krb5"> 583 713 <primary sortas="c-libgssapi_krb5">libgssapi_krb5.so</primary> 584 714 </indexterm> … … 586 716 </varlistentry> 587 717 588 <varlistentry id="libkadm5clnt -mitkrb">718 <varlistentry id="libkadm5clnt"> 589 719 <term><filename class='libraryfile'>libkadm5clnt.so</filename></term> 590 720 <listitem> 591 <para>contains the administrative authentication and password 592 checking functions required by Kerberos 5 client-side programs.</para> 593 <indexterm zone="mitkrb libkadm5clnt-mitkrb"> 721 <para> 722 contains the administrative authentication and password checking 723 functions required by Kerberos 5 client-side programs. 724 </para> 725 <indexterm zone="mitkrb libkadm5clnt"> 594 726 <primary sortas="c-libkadm5clnt">libkadm5clnt.so</primary> 595 727 </indexterm> … … 597 729 </varlistentry> 598 730 599 <varlistentry id="libkadm5srv -mitkrb">731 <varlistentry id="libkadm5srv"> 600 732 <term><filename class='libraryfile'>libkadm5srv.so</filename></term> 601 733 <listitem> 602 <para>contain the administrative authentication and password 603 checking functions required by Kerberos 5 servers.</para> 604 <indexterm zone="mitkrb libkadm5srv-mitkrb"> 734 <para> 735 contain the administrative authentication and password 736 checking functions required by Kerberos 5 servers. 737 </para> 738 <indexterm zone="mitkrb libkadm5srv"> 605 739 <primary sortas="c-libkadm5srv">libkadm5srv.so</primary> 606 740 </indexterm> … … 611 745 <term><filename class='libraryfile'>libkdb5.so</filename></term> 612 746 <listitem> 613 <para>is a Kerberos 5 authentication/authorization database 614 access library.</para> 747 <para> 748 is a Kerberos 5 authentication/authorization database 749 access library. 750 </para> 615 751 <indexterm zone="mitkrb libkdb5"> 616 752 <primary sortas="c-libkdb5">libkdb5.so</primary> … … 619 755 </varlistentry> 620 756 621 <varlistentry id="libkrb5 -mitkrb">757 <varlistentry id="libkrb5"> 622 758 <term><filename class='libraryfile'>libkrb5.so</filename></term> 623 759 <listitem> 624 <para>is an all-purpose Kerberos 5 library.</para> 625 <indexterm zone="mitkrb libkrb5-mitkrb"> 760 <para> 761 is an all-purpose <application>Kerberos 5</application> library. 762 </para> 763 <indexterm zone="mitkrb libkrb5"> 626 764 <primary sortas="c-libkrb5">libkrb5.so</primary> 627 765 </indexterm>
Note:
See TracChangeset
for help on using the changeset viewer.