MIT krb5
Download Source: | http://web.mit.edu/kerberos/www/dist/krb5/1.7/krb5-1.7-signed.tar |
---|
Contents
Introduction to MIT krb5
Project Homepage: Unknown
Dependencies
Optional
- xinetd (services servers only)
- Linux-PAM (for xdm based logins)
- OpenLDAP (alternative for krb5kdc password database)
Note: A time synchronization facility of some sort (like NTP) is needed on your system if you're going to be using Kerberos. Kerberos won't authenticate if the time differential between a kerberized client and the KDC server is more than 5 minutes. And since you'll probably want Kerberos to be able to authenticate, you'll want to synchronize the time between teh client and the server.
Non-Multilib
Build the packge:
cd src ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/lib --enable-dns --enable-static --mandir=/usr/share/man make
Install the package:
make install mv -v /usr/lib/libdes425.so.3* /lib mv -v /usr/lib/libk5crypto.so.3* /lib mv -v /usr/lib/libkrb5.so.3* /lib mv -v /usr/lib/libkrb4.so.2* /lib mv -v /usr/lib/libcom_err.so.3* /lib mv -v /usr/bin/ksu /bin ln -v -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so ln -v -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so ln -v -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so ln -v -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so ldconfig
Warning: login.krb5 does not support shadow passwords. So, when the Kerberos server is unavailable, the default use of /etc/password will not work because the passwords are now in /etc/shadow (where they were put while building CLFS). Entering the following commands without moving the passwords back to /etc/password could prevent any logins.
If you understand the above warning and Linux-PAM is not installed, the following commands can be used:
mv -v /bin/login /bin/login.shadow && cp -v /usr/sbin/login.krb5 /bin/login
If CrackLib is installed, or if any word list has been put in /usr/share/dict, the following commands should be used:
ln -s /usr/share/dict/words /var/lib/krb5kdc/kadmin.dict
Command Explanations
--enable-dns: This switch allows realms to be resolved using the DNS server.
--enable-static: This switch builds static libraries in addition to the shared libraries.
mv -v /bin/login /bin/login.shadow && cp -v /usr/sbin/login.krb5 /bin/login && mv -v /usr/bin/ksu /bin: Preserves Shadow's login command, moves ksu and login by moving them to the /bin directory.
mv -v ... /lib and ln -v -sf ...: The login and ksu programs are linked against these libraries, so these libraries are moved to /lib in order to allow logins without mounting /usr.
Multilib
32Bit
TODO....
N32
TODO....
64Bit
TODO....
Configuring
See BLFS' MIT krb5 page for how to configure Kerberos.
For additional information, take a look at Documentation for krb-1.4.1.
Contents
Installed Programs: | compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin, kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist, klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d, krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin, rsh, sclient, sim_client, sim_server, sserver, telnet, telnetd, uuclient, uuserver, v5passwd, and v5passwdd |
---|---|
Installed Libraries: | libcom_err.{so,a}, libdes425.{so,a}, libgssapi.{so,a}, libgssrpc.{so,a}, libkadm5clnt.{so,a}, libkadm5srv.{so,a}, libkdb5.{so,a}, libkrb5.{so,a}, and libkrb4.{so,a} |
Installed Directory: | /usr/include/kerberosIV and /var/lib/krb5kdc |
Short Descriptions
compile_et | converts the table listing error-code names into a C source file. |
---|---|
ftp | is a kerberized FTP client. |
ftpd | is a kerberized FTP daemon. |
k5srvutil | is a host keytable manipulation utility. |
kadmin | is an utility used to make modifications to the Kerberos database. |
kadmind | is a server for administrative access to a Kerberos database. |
kdb5_util | is the KDC database utility. |
kdestroy | removes the current set of tickets. |
kinit | is used to authenticate to the Kerberos server as a principal and acquire a ticket granting ticket that can later be used to obtain tickets for other services. |
klist | reads and displays the current tickets in the credential cache. |
klogind | is the server that responds to rlogin requests. |
kpasswd | is a program for changing Kerberos 5 passwords. |
kprop | takes a principal database in a specified format and converts it into a stream of database records. |
kpropd | receives a database sent by kprop and writes it as a local database. |
krb5-config | gives information on how to link programs against libraries. |
krb5kdc | is a Kerberos 5 server. |
kshd | is the server that responds to rsh requests. |
ksu | is the super user program using Kerberos protocol. Requires a properly configured /etc/shells and ~/.k5login containing principals authorized to become super users. |
ktutil | is a program for managing Kerberos keytabs. |
kvno | prints keyversion numbers of Kerberos principals. |
login.krb5 | is a kerberized login program. |
rcp | is a kerberized rcp client program. |
rlogin | is a kerberized rlogin client program. |
rsh | is a kerberized rsh client program. |
telnet | is a kerberized telnet client program. |
telnetd | is a kerberized telnet server. |
libcom_err.{so,a} | implements the Kerberos library error code. |
libgssapi.{so,a} | contain the Generic Security Service Application Programming Interface (GSSAPI) functions which provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. |
libkadm5clnt.{so,a} | contains the administrative authentication and password checking functions required by Kerberos 5 client-side programs. |
libkadm5srv.{so,a} | contain the administrative authentication and password checking functions required by Kerberos 5 servers. |
libkdb5.{so,a} | is a Kerberos 5 authentication/authorization database access library. |
libkrb5.{so,a} | is an all-purpose Kerberos 5 library. |