371 lines
14 KiB
Plaintext
371 lines
14 KiB
Plaintext
\input texinfo @c -*- texinfo -*-
|
|
@c %**start of header
|
|
@c $Id: heimdal.texi 22191 2007-12-06 17:26:30Z lha $
|
|
@setfilename heimdal.info
|
|
@settitle HEIMDAL
|
|
@iftex
|
|
@afourpaper
|
|
@end iftex
|
|
@c some sensible characters, please?
|
|
@tex
|
|
\input latin1.tex
|
|
@end tex
|
|
@setchapternewpage on
|
|
@syncodeindex pg cp
|
|
@c %**end of header
|
|
|
|
@include vars.texi
|
|
|
|
@set UPDATED $Date: 2007-12-06 09:26:30 -0800 (Tor, 06 Dec 2007) $
|
|
@set VERSION @value{PACKAGE_VERSION}
|
|
@set EDITION 1.0
|
|
|
|
@ifinfo
|
|
@dircategory Security
|
|
@direntry
|
|
* Heimdal: (heimdal). The Kerberos 5 distribution from KTH
|
|
@end direntry
|
|
@end ifinfo
|
|
|
|
@c title page
|
|
@titlepage
|
|
@title Heimdal
|
|
@subtitle Kerberos 5 from KTH
|
|
@subtitle Edition @value{EDITION}, for version @value{VERSION}
|
|
@subtitle 2007
|
|
@author Johan Danielsson
|
|
@author Love Hörnquist Åstrand
|
|
@author Assar Westerlund
|
|
@author last updated @value{UPDATED}
|
|
|
|
@def@copynext{@vskip 20pt plus 1fil@penalty-1000}
|
|
@def@copyrightstart{}
|
|
@def@copyrightend{}
|
|
@page
|
|
@copyrightstart
|
|
Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
|
|
(Royal Institute of Technology, Stockholm, Sweden).
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
3. Neither the name of the Institute nor the names of its contributors
|
|
may be used to endorse or promote products derived from this software
|
|
without specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
SUCH DAMAGE.
|
|
|
|
@copynext
|
|
|
|
Copyright (C) 1990 by the Massachusetts Institute of Technology
|
|
|
|
Export of this software from the United States of America may
|
|
require a specific license from the United States Government.
|
|
It is the responsibility of any person or organization contemplating
|
|
export to obtain such a license before exporting.
|
|
|
|
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
|
distribute this software and its documentation for any purpose and
|
|
without fee is hereby granted, provided that the above copyright
|
|
notice appear in all copies and that both that copyright notice and
|
|
this permission notice appear in supporting documentation, and that
|
|
the name of M.I.T. not be used in advertising or publicity pertaining
|
|
to distribution of the software without specific, written prior
|
|
permission. M.I.T. makes no representations about the suitability of
|
|
this software for any purpose. It is provided "as is" without express
|
|
or implied warranty.
|
|
|
|
@copynext
|
|
|
|
Copyright (c) 1988, 1990, 1993
|
|
The Regents of the University of California. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
3. Neither the name of the University nor the names of its contributors
|
|
may be used to endorse or promote products derived from this software
|
|
without specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
SUCH DAMAGE.
|
|
|
|
@copynext
|
|
|
|
Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
|
|
|
|
This software is not subject to any license of the American Telephone
|
|
and Telegraph Company or of the Regents of the University of California.
|
|
|
|
Permission is granted to anyone to use this software for any purpose on
|
|
any computer system, and to alter it and redistribute it freely, subject
|
|
to the following restrictions:
|
|
|
|
1. The authors are not responsible for the consequences of use of this
|
|
software, no matter how awful, even if they arise from flaws in it.
|
|
|
|
2. The origin of this software must not be misrepresented, either by
|
|
explicit claim or by omission. Since few users ever read sources,
|
|
credits must appear in the documentation.
|
|
|
|
3. Altered versions must be plainly marked as such, and must not be
|
|
misrepresented as being the original software. Since few users
|
|
ever read sources, credits must appear in the documentation.
|
|
|
|
4. This notice may not be removed or altered.
|
|
|
|
@copynext
|
|
|
|
IMath is Copyright 2002-2005 Michael J. Fromberger
|
|
You may use it subject to the following Licensing Terms:
|
|
|
|
Permission is hereby granted, free of charge, to any person obtaining
|
|
a copy of this software and associated documentation files (the
|
|
"Software"), to deal in the Software without restriction, including
|
|
without limitation the rights to use, copy, modify, merge, publish,
|
|
distribute, sublicense, and/or sell copies of the Software, and to
|
|
permit persons to whom the Software is furnished to do so, subject to
|
|
the following conditions:
|
|
|
|
The above copyright notice and this permission notice shall be
|
|
included in all copies or substantial portions of the Software.
|
|
|
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
|
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
|
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
|
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
|
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
@copynext
|
|
|
|
Copyright (c) 2005 Doug Rabson
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
SUCH DAMAGE.
|
|
|
|
@copynext
|
|
|
|
Copyright (c) 2005 Marko Kreen
|
|
All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
SUCH DAMAGE.
|
|
|
|
@copynext
|
|
|
|
Copyright (c) 2006,2007
|
|
NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions
|
|
are met:
|
|
1. Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer as
|
|
the first lines of this file unmodified.
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
|
|
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
@copyrightend
|
|
@end titlepage
|
|
|
|
@macro manpage{man, section}
|
|
@cite{\man\(\section\)}
|
|
@end macro
|
|
|
|
@c Less filling! Tastes great!
|
|
@iftex
|
|
@parindent=0pt
|
|
@global@parskip 6pt plus 1pt
|
|
@global@chapheadingskip = 15pt plus 4pt minus 2pt
|
|
@global@secheadingskip = 12pt plus 3pt minus 2pt
|
|
@global@subsecheadingskip = 9pt plus 2pt minus 2pt
|
|
@end iftex
|
|
@ifinfo
|
|
@paragraphindent 0
|
|
@end ifinfo
|
|
|
|
@ifnottex
|
|
@node Top, Introduction, (dir), (dir)
|
|
@top Heimdal
|
|
@end ifnottex
|
|
|
|
This manual is last updated @value{UPDATED} for version
|
|
@value{VERSION} of Heimdal.
|
|
|
|
@menu
|
|
* Introduction::
|
|
* What is Kerberos?::
|
|
* Building and Installing::
|
|
* Setting up a realm::
|
|
* Applications::
|
|
* Things in search for a better place::
|
|
* Kerberos 4 issues::
|
|
* Windows 2000 compatability::
|
|
* Programming with Kerberos::
|
|
* Migration::
|
|
* Acknowledgments::
|
|
|
|
@detailmenu
|
|
--- The Detailed Node Listing ---
|
|
|
|
Setting up a realm
|
|
|
|
* Configuration file::
|
|
* Creating the database::
|
|
* Modifying the database::
|
|
* keytabs::
|
|
* Serving Kerberos 4/524/kaserver::
|
|
* Remote administration::
|
|
* Password changing::
|
|
* Testing clients and servers::
|
|
* Slave Servers::
|
|
* Incremental propagation::
|
|
* Encryption types and salting::
|
|
* Cross realm::
|
|
* Transit policy::
|
|
* Setting up DNS::
|
|
* Using LDAP to store the database::
|
|
* Providing Kerberos credentials to servers and programs::
|
|
* Setting up PK-INIT::
|
|
|
|
Applications
|
|
|
|
* Authentication modules::
|
|
* AFS::
|
|
|
|
Authentication modules
|
|
|
|
* Digital SIA::
|
|
* IRIX::
|
|
|
|
Kerberos 4 issues
|
|
|
|
* Principal conversion issues::
|
|
* Converting a version 4 database::
|
|
* kaserver::
|
|
|
|
Windows 2000 compatability
|
|
|
|
* Configuring Windows 2000 to use a Heimdal KDC::
|
|
* Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC::
|
|
* Create account mappings::
|
|
* Encryption types::
|
|
* Authorisation data::
|
|
* Quirks of Windows 2000 KDC::
|
|
* Useful links when reading about the Windows 2000::
|
|
|
|
Programming with Kerberos
|
|
|
|
* Kerberos 5 API Overview::
|
|
* Walkthrough of a sample Kerberos 5 client::
|
|
* Validating a password in a server application::
|
|
* API differences to MIT Kerberos::
|
|
* File formats::
|
|
|
|
@end detailmenu
|
|
@end menu
|
|
|
|
@include intro.texi
|
|
@include whatis.texi
|
|
@include install.texi
|
|
@include setup.texi
|
|
@include apps.texi
|
|
@include misc.texi
|
|
@include kerberos4.texi
|
|
@include win2k.texi
|
|
@include programming.texi
|
|
@include migration.texi
|
|
@include ack.texi
|
|
|
|
@c @shortcontents
|
|
@contents
|
|
|
|
@bye
|