diff --git a/postlfs/security/heimdal.xml b/postlfs/security/heimdal.xml index 0a3dd43c82..6090410b18 100644 --- a/postlfs/security/heimdal.xml +++ b/postlfs/security/heimdal.xml @@ -13,191 +13,210 @@ ]> - -$LastChangedBy$ -$Date$ - - -Heimdal-&heimdal-version; - -Heimdal - + - -Introduction to <application>Heimdal</application> + + $LastChangedBy$ + $Date$ + -Heimdal is a free implementation of Kerberos -5, that aims to be compatible with MIT krb5 and is backwards -compatible with krb4. Kerberos is a network authentication protocol. Basically -it preserves the integrity of passwords in any untrusted network (like the -Internet). Kerberized applications work hand-in-hand with sites that support -Kerberos to ensure that passwords cannot be stolen. A Kerberos installation -will make changes to the authentication mechanisms on your network and will -overwrite several programs and daemons from the -Coreutils, Inetutils, -Qpopper and Shadow -packages. + Heimdal-&heimdal-version; -Package information - -Download (HTTP): - -Download (FTP): - -Download MD5 sum: &heimdal-md5sum; -Download size: &heimdal-size; -Estimated disk space required: -&heimdal-buildsize; -Estimated build time: -&heimdal-time; - + + Heimdal + -Additional downloads - -Required Patch: - -Required patch for cracklib: - - + + Introduction to Heimdal - + Heimdal is a free implementation + of Kerberos 5, that aims to be compatible with MIT krb5 and is + backwards compatible with krb4. Kerberos is a network authentication + protocol. Basically it preserves the integrity of passwords in any + untrusted network (like the Internet). Kerberized applications work + hand-in-hand with sites that support Kerberos to ensure that passwords + cannot be stolen. A Kerberos installation will make changes to the + authentication mechanisms on your network and will overwrite several + programs and daemons from the Coreutils, + Inetutils, Qpopper + and Shadow packages. -<application>Heimdal</application> dependencies -Required - and - - + Package Information + + + Download (HTTP): + + + Download (FTP): + + + Download MD5 sum: &heimdal-md5sum; + + + Download size: &heimdal-size; + + + Estimated disk space required: &heimdal-buildsize; + + + Estimated build time: &heimdal-time; + + -Optional -, -, -X ( or ), - and -krb4 + Additional Downloads + + + Required Patch: + + + Required patch for cracklib: + + -Some sort of time synchronization facility on your system (like -) is required since Kerberos won't authenticate if the -time differential between a kerberized client and the -KDC server is more than 5 minutes. - + Heimdal Dependencies - + Required + and + - + Optional + , + , + X ( or ), + and + krb4 - -Installation of <application>Heimdal</application> + + Some sort of time synchronization facility on your system + (like ) is required since Kerberos won't + authenticate if the time differential between a kerberized client + and the KDC server is more than 5 minutes. + -Before installing the package, you may want to preserve the -ftp program from the Inetutils -package. This is because using the Heimdal -ftp program to connect to non-kerberized ftp servers may -not work properly. It will allow you to connect (letting you know that -transmission of the password is clear text) but will have problems doing puts -and gets. Issue the following command as the root user. + -mv /usr/bin/ftp /usr/bin/ftpn + + Installation of Heimdal -If you wish the Heimdal package to link -against the cracklib library, you must apply a -patch: + Before installing the package, you may want to preserve the + ftp program from the Inetutils + package. This is because using the Heimdal + ftp program to connect to non-kerberized ftp servers may + not work properly. It will allow you to connect (letting you know that + transmission of the password is clear text) but will have problems doing puts + and gets. Issue the following command as the root user. -patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch +mv -v /usr/bin/ftp /usr/bin/ftpn -Install Heimdal by running the following -commands: + If you wish the Heimdal package to + link against the cracklib library, you + must apply a patch: -patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch && +patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch + + Install Heimdal by running the following + commands: + +patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch && ./configure --prefix=/usr --sysconfdir=/etc/heimdal \ --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \ --libexecdir=/usr/sbin --enable-shared \ --with-openssl=/usr --with-readline=/usr && -make +make -Now, as the root user: + Now, as the root user: -make install && -mv /bin/login /bin/login.shadow && -mv /bin/su /bin/su.shadow && -mv /usr/bin/{login,su} /bin && -ln -sf ../../bin/login /usr/bin && -mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \ +make install && +mv -v /bin/login /bin/login.shadow && +mv -v /bin/su /bin/su.shadow && +mv -v /usr/bin/{login,su} /bin && +ln -v -sf ../../bin/login /usr/bin && +mv -v /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \ /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib && -ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \ +ln -v -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \ /usr/lib && -ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \ +ln -v -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \ /usr/lib && -ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \ +ln -v -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \ /usr/lib && -ldconfig +ldconfig - + - -Command explanations + + Command Explanations ---libexecdir=/usr/sbin: This switch puts the -daemon programs into /usr/sbin. - + --libexecdir=/usr/sbin: This switch + puts the daemon programs into + /usr/sbin. - -If you want to preserve all your existing Inetutils -package daemons, install the Heimdal daemons into -/usr/sbin/heimdal (or wherever you -want). Since these programs will be called from (x)inetd or -rc scripts, it really doesn't matter where they are -installed, as long as they are correctly specified in the -/etc/(x)inetd.conf file and rc -scripts. If you choose something other than -/usr/sbin, you may want to move some of -the user programs (such as kadmin) to -/usr/sbin manually so they'll be in the -privileged user's default path. + + If you want to preserve all your existing + Inetutils package daemons, install the + Heimdal daemons into + /usr/sbin/heimdal (or wherever + you want). Since these programs will be called from + (x)inetd or rc scripts, it + really doesn't matter where they are installed, as long as they are + correctly specified in the /etc/(x)inetd.conf file + and rc scripts. If you choose something other than + /usr/sbin, you may want to move + some of the user programs (such as kadmin) to + /usr/sbin manually so they'll be + in the privileged user's default path. + -mv ... .shadow; mv ... /bin; ln -sf ../../bin...: The -login and su programs installed by -Heimdal belong in the -/bin directory. The -login program is symlinked because -Heimdal is expecting to find it in -/usr/bin. The old executables are -preserved before the move to keep things sane should breaks occur. + mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...: + The login and su programs installed by + Heimdal belong in the + /bin directory. The + login program is symlinked because + Heimdal is expecting to find it in + /usr/bin. The old executables are + preserved before the move to keep things sane should breaks occur. -mv ... /lib; ln -sf ../../lib/lib... /usr/lib: The -login and su programs installed by -Heimdal link against -Heimdal libraries as well as libraries provided by -the OpenSSL and -Berkeley DB packages. These -libraries are moved to /lib to be -FHS compliant and also in case -/usr is located on a separate partition -which may not always be mounted. + mv ... /lib; ln -sf ../../lib/lib... /usr/lib: + The login and su programs installed + by Heimdal link against + Heimdal libraries as well as libraries provided + by the OpenSSL and + Berkeley DB packages. These + libraries are moved to /lib to be + FHS compliant and also in case + /usr is located on a separate partition + which may not always be mounted. - + - -Configuring <application>Heimdal</application> + + Configuring Heimdal -Config files -/etc/heimdal/* - -/etc/heimdal/* - - + + Config Files -Configuration Information + /etc/heimdal/* -Master <acronym>KDC</acronym> Server Configuration + + /etc/heimdal/* + -Create the Kerberos configuration file with the following -commands: + -install -d /etc/heimdal && -cat > /etc/heimdal/krb5.conf << "EOF" -# Begin /etc/heimdal/krb5.conf + + Configuration Information + + + Master KDC Server Configuration + + Create the Kerberos configuration file with the + following commands: + +install -v -d /etc/heimdal && +cat > /etc/heimdal/krb5.conf << "EOF" +# Begin /etc/heimdal/krb5.conf [libdefaults] default_realm = [EXAMPLE.COM] @@ -218,634 +237,745 @@ cat > /etc/heimdal/krb5.conf << "EOF" admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb.log -# End /etc/heimdal/krb5.conf -EOF +# End /etc/heimdal/krb5.conf +EOF -You will need to substitute your domain and proper hostname for the -occurrences of the [hostname] and -[EXAMPLE.COM] names. + You will need to substitute your domain and proper hostname + for the occurrences of the [hostname] + and [EXAMPLE.COM] names. -default_realm should be the name of your domain -changed to ALL CAPS. This isn't required, but both -Heimdal and MIT -krb5 recommend it. + should be the name of your + domain changed to ALL CAPS. This isn't required, but both + Heimdal and MIT + krb5 recommend it. -encrypt = true provides encryption of all traffic -between kerberized clients and servers. It's not necessary and can be left -off. If you leave it off, you can encrypt all traffic from the client to the -server using a switch on the client program instead. + provides encryption of all + traffic between kerberized clients and servers. It's not necessary + and can be left off. If you leave it off, you can encrypt all traffic + from the client to the server using a switch on the client program + instead. -The [realms] parameters tell the client programs -where to look for the KDC authentication services. + The parameters tell the client + programs where to look for the KDC authentication services. -The [domain_realm] section maps a domain to a -realm. + The section maps a domain + to a realm. -Store the master password in a key file using the following -commands: + Store the master password in a key file using the following + commands: -install -d -m 755 /var/lib/heimdal && -kstash +install -d -m 755 /var/lib/heimdal && +kstash -Create the KDC database: + Create the KDC database: -kadmin -l +kadmin -l -Choose the defaults for now. You can go in later and change the -defaults, should you feel the need. At the -kadmin> prompt, issue the following statement: + Choose the defaults for now. You can go in later and change the + defaults, should you feel the need. At the kadmin> + prompt, issue the following statement: -init [EXAMPLE.COM] +init [EXAMPLE.COM] -The database must now be populated with at least one principle (user). -For now, just use your regular login name or root. You may create as few, or -as many principles as you wish using the following statement: + The database must now be populated with at least one principle + (user). For now, just use your regular login name or root. You may + create as few, or as many principles as you wish using the following + statement: -add [loginname] +add [loginname] -The KDC server and any machine running kerberized -server daemons must have a host key installed: + The KDC server and any machine running kerberized + server daemons must have a host key installed: -add --random-key host/[hostname.example.com] +add --random-key host/[hostname.example.com] -After choosing the defaults when prompted, you will have to export the -data to a keytab file: + After choosing the defaults when prompted, you will have to + export the data to a keytab file: -ext host/[hostname.example.com] +ext host/[hostname.example.com] -This should have created two files in -/etc/heimdal: -krb5.keytab (Kerberos 5) and -srvtab (Kerberos 4). Both files should have 600 -(root rw only) permissions. Keeping the keytab files from public access -is crucial to the overall security of the Kerberos installation. + This should have created two files in + /etc/heimdal: + krb5.keytab (Kerberos 5) and + srvtab (Kerberos 4). Both files should have 600 + (root rw only) permissions. Keeping the keytab files from public access + is crucial to the overall security of the Kerberos installation. -Eventually, you'll want to add server daemon principles to the database -and extract them to the keytab file. You do this in the same way you created -the host principles. Below is an example: + Eventually, you'll want to add server daemon principles to the + database and extract them to the keytab file. You do this in the same + way you created the host principles. Below is an example: -add --random-key ftp/[hostname.example.com] +add --random-key ftp/[hostname.example.com] -(choose the defaults) + (choose the defaults) -ext ftp/[hostname.example.com] +ext ftp/[hostname.example.com] -Exit the kadmin program (use quit -or exit) and return back to the shell prompt. Start -the KDC daemon manually, just to test out the -installation: + Exit the kadmin program (use + quit or exit) and return back + to the shell prompt. Start the KDC daemon manually, just to test out + the installation: -/usr/sbin/kdc & +/usr/sbin/kdc & -Attempt to get a TGT (ticket granting ticket) with -the following command: + Attempt to get a TGT (ticket granting ticket) with + the following command: -kinit [loginname] +kinit [loginname] -You will be prompted for the password you created. After you get your -ticket, you should list it with the following command: + You will be prompted for the password you created. After you get + your ticket, you should list it with the following command: -klist +klist -Information about the ticket should be displayed on the screen. + Information about the ticket should be displayed on + the screen. -To test the functionality of the keytab file, issue the following -command: + To test the functionality of the keytab file, + issue the following command: -ktutil list +ktutil list -This should dump a list of the host principals, along with the encryption -methods used to access the principals. + This should dump a list of the host principals, along with the + encryption methods used to access the principals. -At this point, if everything has been successful so far, you can feel -fairly confident in the installation and configuration of the package. + At this point, if everything has been successful so far, you + can feel fairly confident in the installation and configuration of + the package. -Install the -/etc/rc.d/init.d/heimdal init script included in the - package: - -heimdal - - -make install-heimdal - - -Using Kerberized Client Programs - -To use the kerberized client programs (telnet, -ftp, rsh, -rxterm, rxtelnet, -rcp, xnlock), you first must get -a TGT. Use the kinit program to -get the ticket. After you've acquired the ticket, you can use the -kerberized programs to connect to any kerberized server on the network. -You will not be prompted for authentication until your ticket expires -(default is one day), unless you specify a different user as a command -line argument to the program. - -The kerberized programs will connect to non-kerberized daemons, warning -you that authentication is not encrypted. As mentioned earlier, only the -ftp program gives any trouble connecting to -non-kerberized daemons. - -In order to use the Heimdal -X programs, you'll need to add a service port -entry to the /etc/services file for the -kxd server. There is no 'standardized port number' for -the 'kx' service in the IANA database, so you'll have to -pick an unused port number. Add an entry to the services -file similar to the entry below (substitute your chosen port number for -[49150]): - -kx [49150]/tcp # Heimdal kerberos X -kx [49150]/udp # Heimdal kerberos X - -For additional information consult the -Heimdal hint on which the above instructions are based. - - - - - - -Contents - - -Installed Programs -Installed Libraries -Installed Directories - - -afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave, -kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist, -kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp, -otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet, -rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log, -verify_krb5_conf and xnlock -libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], -libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], -libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a] -/etc/heimdal, /usr/include/kadm5, /usr/include/ss and -/var/lib/heimdal - - - - -Short Descriptions - - - -afslog -obtains AFS tokens for a number of -cells. - -afslog - - - - -ftp -is a kerberized FTP client. - -ftp - - - - -ftpd -is a kerberized FTP daemon. - -ftpd - - - - -hprop - takes a principal database in a specified format and converts -it into a stream of Heimdal database records. - -hprop - - - - -hpropd -is a server that receives a database sent by -hprop and writes it as a local database. - -hpropd - - - - -ipropd-master -is a daemon which runs on the master KDC -server which incrementally propogates changes to the KDC -database to the slave KDC servers. - -ipropd-master - - - - -ipropd-slave -is a daemon which runs on the slave KDC -servers which incrementally propogates changes to the KDC -database from the master KDC server. - -ipropd-slave - - - - -kadmin -is a utility used to make modifications to the Kerberos -database. - -kadmin - - - - -kadmind -is a server for administrative access to the Kerberos -database. - -kadmind - - - - -kauth -is a symbolic link to the kinit -program. - -kauth - - - - -kdc -is a Kerberos 5 server. - -kdc - - - - -kdestroy -removes a principle's current set of tickets. - -kdestroy - - - - -kf -is a program which forwards tickets to a remote host through -an authenticated and encrypted stream. - -kf - - - - -kfd -is a server used to receive forwarded tickets. - -kfd - - - - -kgetcred -obtains a ticket for a service. - -kgetcred - - - - -kinit -is used to authenticate to the Kerberos server as a principal -and acquire a ticket granting ticket that can later be used to obtain tickets -for other services. - -kinit - - - - -klist -reads and displays the current tickets in the credential -cache. - -klist - - - - -kpasswd -is a program for changing Kerberos 5 passwords. - -kpasswd - - - - -kpasswdd -is a Kerberos 5 password changing server. - -kpasswdd - - - - -krb5-config -gives information on how to link programs against -Heimdal libraries. - -krb5-config - - - - -kstash -stores the KDC master password in a -file. - -kstash - - - - -ktutil -is a program for managing Kerberos keytabs. - -ktutil - - - - -kx -is a program which securely forwards -X connections. - -kx - - - - -kxd -is the daemon for kx. - -kxd - - - - -login -is a kerberized login program. - -login - - - - -otp -manages one-time passwords. - -otp - - - - -otpprint -prints lists of one-time passwords. - -otpprint - - - - -pfrom -is a script that runs push --from. - -pfrom - - - - -popper -is a kerberized POP-3 server. - -popper - - - - -push -is a kerberized POP mail retreival -client. - -push - - - - -rcp -is a kerberized rcp client program. - -rcp - - - - -rsh -is a kerberized rsh client program. - -rsh - - - - -rshd -is a kerberized rsh server. - -rshd - - - - -rxtelnet -starts a secure xterm window with a -telnet to a given host and forwards -X connections. - -rxtelnet - - - - -rxterm -starts a secure remote xterm. - -rxterm - - - - -string2key -maps a password into a key. - -string2key - - - - -su -is a kerberized su client program. - -su - - - - -telnet -is a kerberized telnet client program. - -telnet - - - - -telnetd -is a kerberized telnet server. - -telnetd - - - - -tenletxr -forwards X connections -backwards. - -tenletxr - - - - -verify_krb5_conf -checks krb5.conf file for obvious -errors. - -verify_krb5_conf - - - - -xnlock -is a program that acts as a secure screen saver for -workstations running X. - -xnlock - - - - -libasn1.[so,a] -provides the ASN.1 and DER functions to encode and decode -the Kerberos TGTs. - -libasn1.[so,a] - - - - -libeditline.a -is a command-line editing library with history. - -libeditline.a - - - - -libgssapi.[so,a] -contain the Generic Security Service Application Programming -Interface (GSSAPI) functions which provides security -services to callers in a generic fashion, supportable with a range of -underlying mechanisms and technologies and hence allowing source-level -portability of applications to different environments. - -libgssapi.[so,a] - - - - -libhdb.[so,a] -is a Heimdal Kerberos 5 -authentication/authorization database access library. - -libhdb.[so,a] - - - - -libkadm5clnt.[so,a] -contains the administrative authentication and password -checking functions required by Kerberos 5 client-side programs. - -libkadm5clnt.[so,a] - - - - -libkadm5srv.[so,a] -contain the administrative authentication and password -checking functions required by Kerberos 5 servers. - -libkadm5srv.[so,a] - - - - -libkafs.[so,a] -contains the functions required to authenticated to AFS. - -libkafs.[so,a] - - - - -libkrb5.[so,a] -is an all-purpose Kerberos 5 library. - -libkrb5.[so,a] - - - - -libotp.[so,a] -contains the functions required to handle authenticating -one time passwords. - -libotp.[so,a] - - - - -libroken.[so,a] -is a library containing Kerberos 5 compatibility -functions. - -libroken.[so,a] - - - - - - + Install the + /etc/rc.d/init.d/heimdal init script included + in the package: + + + heimdal + + +make install-heimdal + + + + + Using Kerberized Client Programs + + To use the kerberized client programs (telnet, + ftp, rsh, + rxterm, rxtelnet, + rcp, xnlock), you first must get + a TGT. Use the kinit program to get the ticket. + After you've acquired the ticket, you can use the kerberized programs + to connect to any kerberized server on the network. You will not be + prompted for authentication until your ticket expires (default is one + day), unless you specify a different user as a command line argument + to the program. + + The kerberized programs will connect to non-kerberized daemons, + warning you that authentication is not encrypted. As mentioned earlier, + only the ftp program gives any trouble connecting to + non-kerberized daemons. + + In order to use the Heimdal + X programs, you'll need to add a service + port entry to the /etc/services file for the + kxd server. There is no 'standardized port number' + for the 'kx' service in the IANA database, so you'll have to pick an + unused port number. Add an entry to the services + file similar to the entry below (substitute your chosen port number + for [49150]): + +kx [49150]/tcp # Heimdal kerberos X +kx [49150]/udp # Heimdal kerberos X + + For additional information consult the + Heimdal hint on which the above instructions are based. + + + + + + + + + Contents + + + Installed Programs + Installed Libraries + Installed Directories + + + afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, + ipropd-slave, kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, + kinit, klist, kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, + login, mk_cmds, otp, otpprint, pagsh, pfrom, popper, push, rcp, + replay_log, rsh, rshd, rxtelnet, rxterm, string2key, su, telnet, + telnetd, tenletxr, truncate-log, verify_krb5_conf, and xnlock + libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], + libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], + libotp.[so,a], libroken.[so,a], libsl.[so,a], and libss.[so,a] + /etc/heimdal, /usr/include/kadm5, /usr/include/ss, and + /var/lib/heimdal + + + + + Short Descriptions + + + + + afslog + + obtains AFS tokens for a number of cells. + + afslog + + + + + + ftp + + is a kerberized FTP client. + + ftp + + + + + + ftpd + + is a kerberized FTP daemon. + + ftpd + + + + + + hprop + + takes a principal database in a specified format and converts + it into a stream of Heimdal database + records. + + hprop + + + + + + hpropd + + is a server that receives a database sent by + hprop and writes it as a local database. + + hpropd + + + + + + ipropd-master + + is a daemon which runs on the master KDC + server which incrementally propogates changes to the KDC + database to the slave KDC servers. + + ipropd-master + + + + + + ipropd-slave + + is a daemon which runs on the slave KDC + servers which incrementally propogates changes to the KDC + database from the master KDC server. + + ipropd-slave + + + + + + kadmin + + is a utility used to make modifications to the Kerberos + database. + + kadmin + + + + + + kadmind + + is a server for administrative access to the Kerberos + database. + + kadmind + + + + + + kauth + + is a symbolic link to the kinit program. + + kauth + + + + + + kdc + + is a Kerberos 5 server. + + kdc + + + + + + kdestroy + + removes a principle's current set of tickets. + + kdestroy + + + + + + kf + + is a program which forwards tickets to a remote host through + an authenticated and encrypted stream. + + kf + + + + + + kfd + + is a server used to receive forwarded tickets. + + kfd + + + + + + kgetcred + + obtains a ticket for a service. + + kgetcred + + + + + + kinit + + is used to authenticate to the Kerberos server as a principal + and acquire a ticket granting ticket that can later be used to obtain + tickets for other services. + + kinit + + + + + + klist + + reads and displays the current tickets in the credential + cache. + + klist + + + + + + kpasswd + + is a program for changing Kerberos 5 passwords. + + kpasswd + + + + + + kpasswdd + + is a Kerberos 5 password changing server. + + kpasswdd + + + + + + krb5-config + + gives information on how to link programs against + Heimdal libraries. + + krb5-config + + + + + + kstash + + stores the KDC master password in a file. + + kstash + + + + + + ktutil + + is a program for managing Kerberos keytabs. + + ktutil + + + + + + kx + + is a program which securely forwards + X connections. + + kx + + + + + + kxd + + is the daemon for kx. + + kxd + + + + + + login + + is a kerberized login program. + + login + + + + + + otp + + manages one-time passwords. + + otp + + + + + + otpprint + + prints lists of one-time passwords. + + otpprint + + + + + + pfrom + + is a script that runs push --from. + + pfrom + + + + + + popper + + is a kerberized POP-3 server. + + popper + + + + + + push + + is a kerberized POP mail retreival client. + + push + + + + + + rcp + + is a kerberized rcp client program. + + rcp + + + + + + rsh + + is a kerberized rsh client program. + + rsh + + + + + + rshd + + is a kerberized rsh server. + + rshd + + + + + + rxtelnet + + starts a secure xterm window with a + telnet to a given host and forwards + X connections. + + rxtelnet + + + + + + rxterm + + starts a secure remote xterm. + + rxterm + + + + + + string2key + + maps a password into a key. + + string2key + + + + + + su + + is a kerberized su client program. + + su + + + + + + telnet + + is a kerberized telnet client program. + + telnet + + + + + + telnetd + + is a kerberized telnet server. + + telnetd + + + + + + tenletxr + + forwards X connections + backwards. + + tenletxr + + + + + + verify_krb5_conf + + checks krb5.conf file for obvious + errors. + + verify_krb5_conf + + + + + + xnlock + + is a program that acts as a secure screen saver for + workstations running X. + + xnlock + + + + + + libasn1.[so,a] + + provides the ASN.1 and DER functions to encode and decode + the Kerberos TGTs. + + libasn1.[so,a] + + + + + + libeditline.a + + is a command-line editing library with history. + + libeditline.a + + + + + + libgssapi.[so,a] + + contain the Generic Security Service Application Programming + Interface (GSSAPI) functions which provides security + services to callers in a generic fashion, supportable with a range of + underlying mechanisms and technologies and hence allowing source-level + portability of applications to different environments. + + libgssapi.[so,a] + + + + + + libhdb.[so,a] + + is a Heimdal Kerberos 5 + authentication/authorization database access library. + + libhdb.[so,a] + + + + + + libkadm5clnt.[so,a] + + contains the administrative authentication and password + checking functions required by Kerberos 5 client-side programs. + + libkadm5clnt.[so,a] + + + + + + libkadm5srv.[so,a] + + contain the administrative authentication and password + checking functions required by Kerberos 5 servers. + + libkadm5srv.[so,a] + + + + + + libkafs.[so,a] + + contains the functions required to authenticated to AFS. + + libkafs.[so,a] + + + + + + libkrb5.[so,a] + + is an all-purpose Kerberos 5 library. + + libkrb5.[so,a] + + + + + + libotp.[so,a] + + contains the functions required to handle authenticating + one time passwords. + + libotp.[so,a] + + + + + + libroken.[so,a] + + is a library containing Kerberos 5 compatibility + functions. + + libroken.[so,a] + + + + + + +