mirror of
https://github.com/Zeckmathederg/glfs.git
synced 2025-02-01 04:52:12 +08:00
ff769b8c61
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3656 af4574ff-66df-0310-9fd7-8a98e5e911e0
695 lines
23 KiB
XML
695 lines
23 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
%general-entities;
|
|
|
|
<!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar">
|
|
<!ENTITY mitkrb-download-ftp " ">
|
|
<!ENTITY mitkrb-md5sum "2fa56607677544e3a27b42f7cfa1155b">
|
|
<!ENTITY mitkrb-size "6.6 MB">
|
|
<!ENTITY mitkrb-buildsize "55 MB">
|
|
<!ENTITY mitkrb-time "2.55 SBU">
|
|
]>
|
|
|
|
<sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;">
|
|
<sect1info>
|
|
<othername>$LastChangedBy$</othername>
|
|
<date>$Date$</date>
|
|
</sect1info>
|
|
<?dbhtml filename="mitkrb.html"?>
|
|
<title><acronym>MIT</acronym> krb5-&mitkrb-version;</title>
|
|
<indexterm zone="mitkrb">
|
|
<primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm>
|
|
|
|
<sect2>
|
|
<title>Introduction to <application><acronym>MIT</acronym>
|
|
krb5</application></title>
|
|
|
|
<para>
|
|
<application><acronym>MIT</acronym> krb5</application> is a free
|
|
implementation of Kerberos 5. Kerberos is a network authentication
|
|
protocol. It centralizes the authentication database and uses kerberized
|
|
applications to work with servers or services that support Kerberos
|
|
allowing single logins and encrypted communication over internal
|
|
networks or the Internet.
|
|
</para>
|
|
|
|
<sect3><title>Package information</title>
|
|
<itemizedlist spacing='compact'>
|
|
<listitem><para>Download (HTTP):
|
|
<ulink url="&mitkrb-download-http;"/></para></listitem>
|
|
<listitem><para>Download (FTP):
|
|
<ulink url="&mitkrb-download-ftp;"/></para></listitem>
|
|
<listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem>
|
|
<listitem><para>Download size: &mitkrb-size;</para></listitem>
|
|
<listitem><para>Estimated disk space required:
|
|
&mitkrb-buildsize;</para></listitem>
|
|
<listitem><para>Estimated build time:
|
|
&mitkrb-time;</para></listitem></itemizedlist>
|
|
</sect3>
|
|
|
|
<sect3><title><application><acronym>MIT</acronym> krb5</application>
|
|
dependencies</title>
|
|
<sect4><title>Optional</title>
|
|
<para>
|
|
<xref linkend="xinetd"/> (services servers only),
|
|
<xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and
|
|
<xref linkend="openldap"/> (alternative for <command>krb5kdc</command>
|
|
password database)
|
|
</para>
|
|
|
|
<note><para>
|
|
Some sort of time synchronization facility on your system (like
|
|
<xref linkend="ntp"/>) is required since Kerberos won't authenticate if there
|
|
is a time difference between a kerberized client and the
|
|
<acronym>KDC</acronym> server.</para></note>
|
|
</sect4>
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Installation of <application><acronym>MIT</acronym>
|
|
krb5</application></title>
|
|
|
|
<para>
|
|
<application><acronym>MIT</acronym> krb5</application> is distributed in a
|
|
<acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym>
|
|
package and a detached <acronym>PGP</acronym>
|
|
<filename class="extension">ASC</filename> file.
|
|
</para>
|
|
|
|
<para>
|
|
If you have installed <xref linkend="gnupg"/>, you can
|
|
authenticate the package with the following command:
|
|
</para>
|
|
|
|
<screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen>
|
|
|
|
<para>
|
|
Build <application><acronym>MIT</acronym> krb5</application> by running the
|
|
following commands:
|
|
</para>
|
|
|
|
<screen><userinput><command>cd src &&
|
|
./configure --prefix=/usr --sysconfdir=/etc \
|
|
--localstatedir=/var/lib --enable-dns \
|
|
--enable-static --mandir=/usr/share/man &&
|
|
make</command></userinput></screen>
|
|
|
|
<para>
|
|
Install <application><acronym>MIT</acronym> krb5</application> by
|
|
running the following commands as root:
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>make install &&
|
|
mv /bin/login /bin/login.shadow &&
|
|
cp /usr/sbin/login.krb5 /bin/login &&
|
|
mv /usr/bin/ksu /bin &&
|
|
mv /usr/lib/libkrb5.so.3* /lib &&
|
|
mv /usr/lib/libkrb4.so.2* /lib &&
|
|
mv /usr/lib/libdes425.so.3* /lib &&
|
|
mv /usr/lib/libk5crypto.so.3* /lib &&
|
|
mv /usr/lib/libcom_err.so.3* /lib &&
|
|
ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so &&
|
|
ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so &&
|
|
ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so &&
|
|
ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so &&
|
|
ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
|
|
ldconfig</command></userinput></screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Command explanations</title>
|
|
|
|
<para>
|
|
<parameter>--enable-dns</parameter>: This switch allows realms to
|
|
be resolved using the <acronym>DNS</acronym> server.
|
|
</para>
|
|
|
|
<para>
|
|
<parameter>--enable-static</parameter>: This switch builds static
|
|
libraries in addition to the shared libraries.
|
|
</para>
|
|
|
|
<para>
|
|
<screen><command>mv /bin/login /bin/login.shadow
|
|
cp /usr/sbin/login.krb5 /bin/login
|
|
mv /usr/bin/ksu /bin</command></screen>
|
|
Preserves <application>Shadow</application>'s <command>login</command>
|
|
command, moves <command>ksu</command> and <command>login</command> to
|
|
the <filename class="directory">/bin</filename> directory.
|
|
</para>
|
|
|
|
<para>
|
|
<screen><command>mv /usr/lib/libkrb5.so.3* /lib
|
|
mv /usr/lib/libkrb4.so.2* /lib
|
|
mv /usr/lib/libdes425.so.3* /lib
|
|
mv /usr/lib/libk5crypto.so.3* /lib
|
|
mv /usr/lib/libcom_err.so.3* /lib
|
|
ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so
|
|
ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so
|
|
ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so
|
|
ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so
|
|
ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen>
|
|
The <command>login</command> and <command>ksu</command> programs
|
|
are linked against these libraries, therefore we move these libraries to
|
|
<filename class="directory">/lib</filename> to allow logins without mounting
|
|
<filename class="directory">/usr</filename>.
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Configuring <application><acronym>MIT</acronym> krb5</application></title>
|
|
|
|
<sect3 id="krb5-config"><title>Config files</title>
|
|
<para>
|
|
<filename>/etc/krb5.conf</filename> and
|
|
<filename>/var/lib/krb5kdc/kdc.conf</filename>
|
|
</para>
|
|
<indexterm zone="mitkrb krb5-config">
|
|
<primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm>
|
|
<indexterm zone="mitkrb krb5-config">
|
|
<primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary>
|
|
</indexterm>
|
|
</sect3>
|
|
|
|
<sect3><title>Configuration Information</title>
|
|
|
|
<sect4><title>Kerberos Configuration</title>
|
|
<para>
|
|
Create the Kerberos configuration file with the following command:
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>cat > /etc/krb5.conf << "EOF"</command>
|
|
# Begin /etc/krb5.conf
|
|
|
|
[libdefaults]
|
|
default_realm = <replaceable>[LFS.ORG]</replaceable>
|
|
encrypt = true
|
|
|
|
[realms]
|
|
<replaceable>[LFS.ORG]</replaceable> = {
|
|
kdc = <replaceable>[belgarath.lfs.org]</replaceable>
|
|
admin_server = <replaceable>[belgarath.lfs.org]</replaceable>
|
|
}
|
|
|
|
[domain_realm]
|
|
.<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable>
|
|
|
|
[logging]
|
|
kdc = SYSLOG[:INFO[:AUTH]]
|
|
admin_server = SYSLOG[INFO[:AUTH]]
|
|
default = SYSLOG[[:SYS]]
|
|
|
|
# End /etc/krb5.conf
|
|
<command>EOF</command></userinput></screen>
|
|
|
|
<para>
|
|
You will need to substitute your domain and proper hostname for the
|
|
occurances of the <replaceable>[belgarath]</replaceable> and
|
|
<replaceable>[lfs.org]</replaceable> names.
|
|
</para>
|
|
|
|
<para>
|
|
<userinput>default_realm</userinput> should be the name of your domain changed
|
|
to ALL CAPS. This isn't required, but both <application>Heimdal</application>
|
|
and <acronym>MIT</acronym> recommend it.
|
|
</para>
|
|
|
|
<para>
|
|
<userinput>encrypt = true</userinput> provides encryption of all traffic
|
|
between kerberized clients and servers. It's not necessary and can be left
|
|
off. If you leave it off, you can encrypt all traffic from the client to the
|
|
server using a switch on the client program instead.
|
|
</para>
|
|
|
|
<para>
|
|
The <userinput>[realms]</userinput> parameters tell the client programs where
|
|
to look for the <acronym>KDC</acronym> authentication services.
|
|
</para>
|
|
|
|
<para>
|
|
The <userinput>[domain_realm]</userinput> section maps a domain to a realm.
|
|
</para>
|
|
|
|
<para>
|
|
Create the <acronym>KDC</acronym> database:
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
|
|
|
|
<para>
|
|
Now you should populate the database with principles (users). For now,
|
|
just use your regular login name or root.
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>kadmin.local</command></userinput>
|
|
<prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen>
|
|
|
|
<para>
|
|
The <acronym>KDC</acronym> server and any machine running kerberized
|
|
server daemons must have a host key installed:
|
|
</para>
|
|
|
|
<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
|
|
|
<para>
|
|
After choosing the defaults when prompted, you will have to export the
|
|
data to a keytab file:
|
|
</para>
|
|
|
|
<screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
|
|
|
<para>
|
|
This should have created a file in <filename class="directory">/etc</filename>
|
|
named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600
|
|
(root rw only) permissions. Keeping the keytab files from public access
|
|
is crucial to the overall security of the Kerberos installation.
|
|
</para>
|
|
|
|
<para>
|
|
Eventually, you'll want to add server daemon principles to the database
|
|
and extract them to the keytab file. You do this in the same way you
|
|
created the host principles. Below is an example:
|
|
</para>
|
|
|
|
<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
|
|
<prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
|
|
|
|
<para>
|
|
Exit the <command>kadmin</command> program (use <command>quit</command>
|
|
or <command>exit</command>) and return back to the shell prompt. Start
|
|
the <acronym>KDC</acronym> daemon manually, just to test out the
|
|
installation:
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>/usr/sbin/krb5kdc &</command></userinput></screen>
|
|
|
|
<para>
|
|
Attempt to get a ticket with the following command:
|
|
</para>
|
|
|
|
<screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen>
|
|
|
|
<para>
|
|
You will be prompted for the password you created. After you get your
|
|
ticket, you can list it with the following command:
|
|
</para>
|
|
|
|
<screen><userinput><command>klist</command></userinput></screen>
|
|
|
|
<para>
|
|
Information about the ticket should be displayed on the screen.
|
|
</para>
|
|
|
|
<para>
|
|
To test the functionality of the keytab file, issue the following
|
|
command:
|
|
</para>
|
|
|
|
<screen><userinput><command>ktutil</command></userinput>
|
|
<prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput>
|
|
<prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen>
|
|
|
|
<para>
|
|
This should dump a list of the host principal, along with the encryption
|
|
methods used to access the principal.
|
|
</para>
|
|
|
|
<para>
|
|
At this point, if everything has been successful so far, you can feel
|
|
fairly confident in the installation and configuration of the package.
|
|
</para>
|
|
|
|
<para>
|
|
Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script
|
|
included in the <xref linkend="intro-important-bootscripts"/> package.
|
|
</para>
|
|
|
|
<screen><userinput role='root'><command>make install-kerberos</command></userinput></screen>
|
|
|
|
</sect4>
|
|
|
|
<sect4><title>Using Kerberized Client Programs</title>
|
|
|
|
<para>
|
|
To use the kerberized client programs (<command>telnet</command>,
|
|
<command>ftp</command>, <command>rsh</command>,
|
|
<command>rcp</command>, <command>rlogin</command>), you first must get
|
|
an authentication ticket. Use the <command>kinit</command> program to
|
|
get the ticket. After you've acquired the ticket, you can use the
|
|
kerberized programs to connect to any kerberized server on the network.
|
|
You will not be prompted for authentication until your ticket expires
|
|
(default is one day), unless you specify a different user as a command
|
|
line argument to the program.
|
|
</para>
|
|
|
|
<para>
|
|
The kerberized programs will connect to non kerberized daemons, warning
|
|
you that authentication is not encrypted.
|
|
</para>
|
|
</sect4>
|
|
|
|
<sect4><title>Using Kerberized Server Programs</title>
|
|
<para>
|
|
Using kerberized server programs (<command>telnetd</command>,
|
|
<command>kpropd</command>, <command>klogind</command> and
|
|
<command>kshd</command>) requires two additional configuration steps.
|
|
First the <filename>/etc/services</filename> file must be updated to
|
|
include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename>
|
|
or <filename>xinetd.conf</filename> must be modified for each server that will
|
|
be activated, usually replacing the server from <xref linkend="inetutils"/>.
|
|
</para>
|
|
</sect4>
|
|
|
|
<sect4><title>Additional Information</title>
|
|
<para>
|
|
For additional information consult <ulink
|
|
url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation
|
|
for krb-&mitkrb-version;</ulink> on which the above instructions are based.
|
|
</para>
|
|
|
|
</sect4>
|
|
|
|
</sect3>
|
|
|
|
</sect2>
|
|
|
|
<sect2>
|
|
<title>Contents</title>
|
|
|
|
<segmentedlist>
|
|
<segtitle>Installed Programs</segtitle>
|
|
<segtitle>Installed Libraries</segtitle>
|
|
<segtitle>Installed Directories</segtitle>
|
|
|
|
<seglistitem>
|
|
<seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin,
|
|
kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist,
|
|
klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d,
|
|
krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin,
|
|
rsh, sclient, sim_client, sim_server, sserver,
|
|
telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg>
|
|
<seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a],
|
|
libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a],
|
|
libkrb4.[so,a]</seg>
|
|
<seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg>
|
|
</seglistitem>
|
|
</segmentedlist>
|
|
|
|
<variablelist>
|
|
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
|
<?dbfo list-presentation="list"?>
|
|
|
|
<varlistentry id="compile_et">
|
|
<term><command>compile_et</command></term>
|
|
<listitem><para>converts the table listing
|
|
error-code names into a <application>C</application> source file..</para>
|
|
<indexterm zone="mitkrb compile_et">
|
|
<primary sortas="b-compile_et">compile_et</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="ftp-mitkrb">
|
|
<term><command>ftp</command></term>
|
|
<listitem><para>is a kerberized <acronym>FTP</acronym> client.</para>
|
|
<indexterm zone="mitkrb ftp">
|
|
<primary sortas="b-ftp">ftp</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="ftpd-mitkrb">
|
|
<term><command>ftpd</command></term>
|
|
<listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para>
|
|
<indexterm zone="mitkrb ftpd">
|
|
<primary sortas="b-ftpd">ftpd</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="k5srvutil">
|
|
<term><command>k5srvutil</command></term>
|
|
<listitem><para>is a host keytable manipulation utility.</para>
|
|
<indexterm zone="mitkrb k5srvutil">
|
|
<primary sortas="b-k5srvutil">k5srvutil</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kadmin-mitkrb">
|
|
<term><command>kadmin</command></term>
|
|
<listitem><para>is an utility used to make modifications
|
|
to the Kerberos database.</para>
|
|
<indexterm zone="mitkrb kadmin-mitkrb">
|
|
<primary sortas="b-kadmin">kadmin</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kadmind-mitkrb">
|
|
<term><command>kadmind</command></term>
|
|
<listitem><para>is a server for administrative access
|
|
to a Kerberos database.</para>
|
|
<indexterm zone="mitkrb kadmind-mitkrb">
|
|
<primary sortas="b-kadmind">kadmind</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kdb5_util">
|
|
<term><command>kdb5_util</command></term>
|
|
<listitem><para>is the <acronym>KDC</acronym> database utility.</para>
|
|
<indexterm zone="mitkrb kdb5_util">
|
|
<primary sortas="b-kdb5_util">kdb5_util</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kdestroy-mitkrb">
|
|
<term><command>kdestroy</command></term>
|
|
<listitem><para>removes the current set of tickets.</para>
|
|
<indexterm zone="mitkrb kdestroy-mitkrb">
|
|
<primary sortas="b-kdestroy">kdestroy</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kinit-mitkrb">
|
|
<term><command>kinit</command></term>
|
|
<listitem><para>is used to authenticate to the Kerberos server as
|
|
a principal and acquire a ticket granting ticket that can later be used
|
|
to obtain tickets for other services.</para>
|
|
<indexterm zone="mitkrb kinit-mitkrb">
|
|
<primary sortas="b-kinit">kinit</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="klist-mitkrb">
|
|
<term><command>klist</command></term>
|
|
<listitem><para>reads and displays the current tickets in
|
|
the credential cache.</para>
|
|
<indexterm zone="mitkrb klist-mitkrb">
|
|
<primary sortas="b-klist">klist</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="klogind">
|
|
<term><command>klogind</command></term>
|
|
<listitem><para>is the server that responds to
|
|
<command>rlogin</command> requests.</para>
|
|
<indexterm zone="mitkrb klogind">
|
|
<primary sortas="b-klogind">klogind</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kpasswd-mitkrb">
|
|
<term><command>kpasswd</command></term>
|
|
<listitem><para>is a program for changing Kerberos 5 passwords.</para>
|
|
<indexterm zone="mitkrb kpasswd-mitkrb">
|
|
<primary sortas="b-kpasswd">kpasswd</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kprop">
|
|
<term><command>kprop</command></term>
|
|
<listitem><para>takes a principal database in a specified
|
|
format and converts it into a stream of database
|
|
records.</para>
|
|
<indexterm zone="mitkrb kprop">
|
|
<primary sortas="b-kprop">kprop</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kpropd">
|
|
<term><command>kpropd</command></term>
|
|
<listitem><para>receives a database sent by
|
|
<command>kprop</command> and writes it as a local database.</para>
|
|
<indexterm zone="mitkrb kpropd">
|
|
<primary sortas="b-kpropd">kpropd</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="krb5-config-1">
|
|
<term><command>krb5-config</command></term>
|
|
<listitem><para>gives information on how to link
|
|
programs against libraries.</para>
|
|
<indexterm zone="mitkrb krb5-config-prog">
|
|
<primary sortas="b-krb5-config-1">krb5-config</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="krb5kdc">
|
|
<term><command>krb5kdc</command></term>
|
|
<listitem><para>is a Kerberos 5 server.</para>
|
|
<indexterm zone="mitkrb krb5kdc">
|
|
<primary sortas="b-krb5kdc">krb5kdc</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kshd">
|
|
<term><command>kshd</command></term>
|
|
<listitem><para>is the server that responds to
|
|
<command>rsh</command> requests.</para>
|
|
<indexterm zone="mitkrb kshd">
|
|
<primary sortas="b-kshd">kshd</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="ksu">
|
|
<term><command>ksu</command></term>
|
|
<listitem><para>is the super user program using Kerberos protocol.
|
|
Requires a properly configured
|
|
<filename class="directory">/etc/shells</filename> and
|
|
<filename>~/.k5login</filename> containing principals authorized to
|
|
become super users.</para>
|
|
<indexterm zone="mitkrb ksu">
|
|
<primary sortas="b-ksu">ksu</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="ktutil-mitkrb">
|
|
<term><command>ktutil</command></term>
|
|
<listitem><para>is a program for managing Kerberos keytabs.</para>
|
|
<indexterm zone="mitkrb ktutil-mitkrb">
|
|
<primary sortas="b-ktutil">ktutil</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="kvno">
|
|
<term><command>kvno</command></term>
|
|
<listitem><para>prints keyversion numbers of Kerberos principals.</para>
|
|
<indexterm zone="mitkrb kvno">
|
|
<primary sortas="b-kvno">kvno</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="login.krb5">
|
|
<term><command>login.krb5</command></term>
|
|
<listitem><para>is a kerberized login program.</para>
|
|
<indexterm zone="mitkrb login">
|
|
<primary sortas="b-login.krb5">login.krb5</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="rcp-mitkrb">
|
|
<term><command>rcp</command></term>
|
|
<listitem><para>is a kerberized rcp client program.</para>
|
|
<indexterm zone="mitkrb rcp">
|
|
<primary sortas="b-rcp">rcp</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="rlogin">
|
|
<term><command>rlogin</command></term>
|
|
<listitem><para>is a kerberized rlogin client program.</para>
|
|
<indexterm zone="mitkrb rlogin">
|
|
<primary sortas="b-rlogin">rlogin</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="rsh-mitkrb">
|
|
<term><command>rsh</command></term>
|
|
<listitem><para>is a kerberized rsh client program.</para>
|
|
<indexterm zone="mitkrb rsh">
|
|
<primary sortas="b-rsh">rsh</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="telnet-mitkrb">
|
|
<term><command>telnet</command></term>
|
|
<listitem><para>is a kerberized telnet client program.</para>
|
|
<indexterm zone="mitkrb telnet">
|
|
<primary sortas="b-telnet">telnet</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="telnetd-mitkrb">
|
|
<term><command>telnetd</command></term>
|
|
<listitem><para>is a kerberized telnet server.</para>
|
|
<indexterm zone="mitkrb telnetd">
|
|
<primary sortas="b-telnetd">telnetd</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libcom_err">
|
|
<term><filename class='libraryfile'>libcom_err.[so,a]</filename></term>
|
|
<listitem><para>implements the Kerberos library error code.</para>
|
|
<indexterm zone="mitkrb libcom_err">
|
|
<primary sortas="c-libcom_err">libcom_err.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libgssapi-mitkrb">
|
|
<term><filename class='libraryfile'>libgssapi.[so,a]</filename></term>
|
|
<listitem><para>contain the Generic Security Service Application
|
|
Programming
|
|
Interface (<acronym>GSSAPI</acronym>) functions which provides security
|
|
services to callers in a generic fashion, supportable with a range of
|
|
underlying mechanisms and technologies and hence allowing source-level
|
|
portability of applications to different environments.</para>
|
|
<indexterm zone="mitkrb libgssapi">
|
|
<primary sortas="c-libgssapi">libgssapi.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libkadm5clnt-mitkrb">
|
|
<term><filename
|
|
class='libraryfile'>libkadm5clnt.[so,a]</filename></term>
|
|
<listitem><para>contains the administrative authentication and password
|
|
checking functions required by Kerberos 5 client-side programs.</para>
|
|
<indexterm zone="mitkrb libkadm5clnt">
|
|
<primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libkadm5srv-mitkrb">
|
|
<term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term>
|
|
<listitem><para>contain the administrative authentication and password
|
|
checking functions required by Kerberos 5 servers.</para>
|
|
<indexterm zone="mitkrb libkadm5srv">
|
|
<primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libkdb5">
|
|
<term><filename class='libraryfile'>libkdb5.[so,a]</filename></term>
|
|
<listitem><para>is a Kerberos 5
|
|
authentication/authorization database access library.</para>
|
|
<indexterm zone="mitkrb libkdb5">
|
|
<primary sortas="c-libkdb5">libkdb5.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry id="libkrb5-mitkrb">
|
|
<term><filename class='libraryfile'>libkrb5.[so,a]</filename></term>
|
|
<listitem><para>is an all-purpose Kerberos 5 library.</para>
|
|
<indexterm zone="mitkrb libkrb5">
|
|
<primary sortas="c-libkrb5">libkrb5.[so,a]</primary>
|
|
</indexterm></listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</sect2>
|
|
|
|
</sect1>
|