diff options
Diffstat (limited to 'doc/html/user/user_commands/ksu.html')
| -rw-r--r-- | doc/html/user/user_commands/ksu.html | 507 |
1 files changed, 507 insertions, 0 deletions
diff --git a/doc/html/user/user_commands/ksu.html b/doc/html/user/user_commands/ksu.html new file mode 100644 index 000000000000..894576304b8d --- /dev/null +++ b/doc/html/user/user_commands/ksu.html @@ -0,0 +1,507 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + + <title>ksu — MIT Kerberos Documentation</title> + + <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> + <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> + <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> + + <script type="text/javascript"> + var DOCUMENTATION_OPTIONS = { + URL_ROOT: '../../', + VERSION: '1.15.1', + COLLAPSE_INDEX: false, + FILE_SUFFIX: '.html', + HAS_SOURCE: true + }; + </script> + <script type="text/javascript" src="../../_static/jquery.js"></script> + <script type="text/javascript" src="../../_static/underscore.js"></script> + <script type="text/javascript" src="../../_static/doctools.js"></script> + <link rel="author" title="About these documents" href="../../about.html" /> + <link rel="copyright" title="Copyright" href="../../copyright.html" /> + <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> + <link rel="up" title="User commands" href="index.html" /> + <link rel="next" title="kswitch" href="kswitch.html" /> + <link rel="prev" title="krb5-config" href="krb5-config.html" /> + </head> + <body> + <div class="header-wrapper"> + <div class="header"> + + + <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> + + <div class="rel"> + + <a href="../../index.html" title="Full Table of Contents" + accesskey="C">Contents</a> | + <a href="krb5-config.html" title="krb5-config" + accesskey="P">previous</a> | + <a href="kswitch.html" title="kswitch" + accesskey="N">next</a> | + <a href="../../genindex.html" title="General Index" + accesskey="I">index</a> | + <a href="../../search.html" title="Enter search criteria" + accesskey="S">Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> + </div> + </div> + </div> + + <div class="content-wrapper"> + <div class="content"> + <div class="document"> + + <div class="documentwrapper"> + <div class="bodywrapper"> + <div class="body"> + + <div class="section" id="ksu"> +<span id="ksu-1"></span><h1>ksu<a class="headerlink" href="#ksu" title="Permalink to this headline">¶</a></h1> +<div class="section" id="synopsis"> +<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> +<p><strong>ksu</strong> +[ <em>target_user</em> ] +[ <strong>-n</strong> <em>target_principal_name</em> ] +[ <strong>-c</strong> <em>source_cache_name</em> ] +[ <strong>-k</strong> ] +[ <strong>-r</strong> time ] +[ <strong>-pf</strong> ] +[ <strong>-l</strong> <em>lifetime</em> ] +[ <strong>-z | Z</strong> ] +[ <strong>-q</strong> ] +[ <strong>-e</strong> <em>command</em> [ args ... ] ] [ <strong>-a</strong> [ args ... ] ]</p> +</div> +<div class="section" id="requirements"> +<h2>REQUIREMENTS<a class="headerlink" href="#requirements" title="Permalink to this headline">¶</a></h2> +<p>Must have Kerberos version 5 installed to compile ksu. Must have a +Kerberos version 5 server running to use ksu.</p> +</div> +<div class="section" id="description"> +<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> +<p>ksu is a Kerberized version of the su program that has two missions: +one is to securely change the real and effective user ID to that of +the target user, and the other is to create a new security context.</p> +<div class="admonition note"> +<p class="first admonition-title">Note</p> +<p>For the sake of clarity, all references to and attributes of +the user invoking the program will start with “source” +(e.g., “source user”, “source cache”, etc.).</p> +<p class="last">Likewise, all references to and attributes of the target +account will start with “target”.</p> +</div> +</div> +<div class="section" id="authentication"> +<h2>AUTHENTICATION<a class="headerlink" href="#authentication" title="Permalink to this headline">¶</a></h2> +<p>To fulfill the first mission, ksu operates in two phases: +authentication and authorization. Resolving the target principal name +is the first step in authentication. The user can either specify his +principal name with the <strong>-n</strong> option (e.g., <tt class="docutils literal"><span class="pre">-n</span> <span class="pre">jqpublic@USC.EDU</span></tt>) +or a default principal name will be assigned using a heuristic +described in the OPTIONS section (see <strong>-n</strong> option). The target user +name must be the first argument to ksu; if not specified root is the +default. If <tt class="docutils literal"><span class="pre">.</span></tt> is specified then the target user will be the +source user (e.g., <tt class="docutils literal"><span class="pre">ksu</span> <span class="pre">.</span></tt>). If the source user is root or the +target user is the source user, no authentication or authorization +takes place. Otherwise, ksu looks for an appropriate Kerberos ticket +in the source cache.</p> +<p>The ticket can either be for the end-server or a ticket granting +ticket (TGT) for the target principal’s realm. If the ticket for the +end-server is already in the cache, it’s decrypted and verified. If +it’s not in the cache but the TGT is, the TGT is used to obtain the +ticket for the end-server. The end-server ticket is then verified. +If neither ticket is in the cache, but ksu is compiled with the +<strong>GET_TGT_VIA_PASSWD</strong> define, the user will be prompted for a +Kerberos password which will then be used to get a TGT. If the user +is logged in remotely and does not have a secure channel, the password +may be exposed. If neither ticket is in the cache and +<strong>GET_TGT_VIA_PASSWD</strong> is not defined, authentication fails.</p> +</div> +<div class="section" id="authorization"> +<h2>AUTHORIZATION<a class="headerlink" href="#authorization" title="Permalink to this headline">¶</a></h2> +<p>This section describes authorization of the source user when ksu is +invoked without the <strong>-e</strong> option. For a description of the <strong>-e</strong> +option, see the OPTIONS section.</p> +<p>Upon successful authentication, ksu checks whether the target +principal is authorized to access the target account. In the target +user’s home directory, ksu attempts to access two authorization files: +<a class="reference internal" href="../user_config/k5login.html#k5login-5"><em>.k5login</em></a> and .k5users. In the .k5login file each line +contains the name of a principal that is authorized to access the +account.</p> +<p>For example:</p> +<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU +jqpublic/secure@USC.EDU +jqpublic/admin@USC.EDU +</pre></div> +</div> +<p>The format of .k5users is the same, except the principal name may be +followed by a list of commands that the principal is authorized to +execute (see the <strong>-e</strong> option in the OPTIONS section for details).</p> +<p>Thus if the target principal name is found in the .k5login file the +source user is authorized to access the target account. Otherwise ksu +looks in the .k5users file. If the target principal name is found +without any trailing commands or followed only by <tt class="docutils literal"><span class="pre">*</span></tt> then the +source user is authorized. If either .k5login or .k5users exist but +an appropriate entry for the target principal does not exist then +access is denied. If neither file exists then the principal will be +granted access to the account according to the aname->lname mapping +rules. Otherwise, authorization fails.</p> +</div> +<div class="section" id="execution-of-the-target-shell"> +<h2>EXECUTION OF THE TARGET SHELL<a class="headerlink" href="#execution-of-the-target-shell" title="Permalink to this headline">¶</a></h2> +<p>Upon successful authentication and authorization, ksu proceeds in a +similar fashion to su. The environment is unmodified with the +exception of USER, HOME and SHELL variables. If the target user is +not root, USER gets set to the target user name. Otherwise USER +remains unchanged. Both HOME and SHELL are set to the target login’s +default values. In addition, the environment variable <strong>KRB5CCNAME</strong> +gets set to the name of the target cache. The real and effective user +ID are changed to that of the target user. The target user’s shell is +then invoked (the shell name is specified in the password file). Upon +termination of the shell, ksu deletes the target cache (unless ksu is +invoked with the <strong>-k</strong> option). This is implemented by first doing a +fork and then an exec, instead of just exec, as done by su.</p> +</div> +<div class="section" id="creating-a-new-security-context"> +<h2>CREATING A NEW SECURITY CONTEXT<a class="headerlink" href="#creating-a-new-security-context" title="Permalink to this headline">¶</a></h2> +<p>ksu can be used to create a new security context for the target +program (either the target shell, or command specified via the <strong>-e</strong> +option). The target program inherits a set of credentials from the +source user. By default, this set includes all of the credentials in +the source cache plus any additional credentials obtained during +authentication. The source user is able to limit the credentials in +this set by using <strong>-z</strong> or <strong>-Z</strong> option. <strong>-z</strong> restricts the copy +of tickets from the source cache to the target cache to only the +tickets where client == the target principal name. The <strong>-Z</strong> option +provides the target user with a fresh target cache (no creds in the +cache). Note that for security reasons, when the source user is root +and target user is non-root, <strong>-z</strong> option is the default mode of +operation.</p> +<p>While no authentication takes place if the source user is root or is +the same as the target user, additional tickets can still be obtained +for the target cache. If <strong>-n</strong> is specified and no credentials can +be copied to the target cache, the source user is prompted for a +Kerberos password (unless <strong>-Z</strong> specified or <strong>GET_TGT_VIA_PASSWD</strong> +is undefined). If successful, a TGT is obtained from the Kerberos +server and stored in the target cache. Otherwise, if a password is +not provided (user hit return) ksu continues in a normal mode of +operation (the target cache will not contain the desired TGT). If the +wrong password is typed in, ksu fails.</p> +<div class="admonition note"> +<p class="first admonition-title">Note</p> +<p class="last">During authentication, only the tickets that could be +obtained without providing a password are cached in in the +source cache.</p> +</div> +</div> +<div class="section" id="options"> +<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> +<dl class="docutils"> +<dt><strong>-n</strong> <em>target_principal_name</em></dt> +<dd><p class="first">Specify a Kerberos target principal name. Used in authentication +and authorization phases of ksu.</p> +<p>If ksu is invoked without <strong>-n</strong>, a default principal name is +assigned via the following heuristic:</p> +<ul class="last"> +<li><p class="first">Case 1: source user is non-root.</p> +<p>If the target user is the source user the default principal name +is set to the default principal of the source cache. If the +cache does not exist then the default principal name is set to +<tt class="docutils literal"><span class="pre">target_user@local_realm</span></tt>. If the source and target users are +different and neither <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> nor +<tt class="docutils literal"><span class="pre">~target_user/.k5login</span></tt> exist then the default principal name +is <tt class="docutils literal"><span class="pre">target_user_login_name@local_realm</span></tt>. Otherwise, starting +with the first principal listed below, ksu checks if the +principal is authorized to access the target account and whether +there is a legitimate ticket for that principal in the source +cache. If both conditions are met that principal becomes the +default target principal, otherwise go to the next principal.</p> +<ol class="loweralpha simple"> +<li>default principal of the source cache</li> +<li>target_user@local_realm</li> +<li>source_user@local_realm</li> +</ol> +<p>If a-c fails try any principal for which there is a ticket in +the source cache and that is authorized to access the target +account. If that fails select the first principal that is +authorized to access the target account from the above list. If +none are authorized and ksu is configured with +<strong>PRINC_LOOK_AHEAD</strong> turned on, select the default principal as +follows:</p> +<p>For each candidate in the above list, select an authorized +principal that has the same realm name and first part of the +principal name equal to the prefix of the candidate. For +example if candidate a) is <tt class="docutils literal"><span class="pre">jqpublic@ISI.EDU</span></tt> and +<tt class="docutils literal"><span class="pre">jqpublic/secure@ISI.EDU</span></tt> is authorized to access the target +account then the default principal is set to +<tt class="docutils literal"><span class="pre">jqpublic/secure@ISI.EDU</span></tt>.</p> +</li> +<li><p class="first">Case 2: source user is root.</p> +<p>If the target user is non-root then the default principal name +is <tt class="docutils literal"><span class="pre">target_user@local_realm</span></tt>. Else, if the source cache +exists the default principal name is set to the default +principal of the source cache. If the source cache does not +exist, default principal name is set to <tt class="docutils literal"><span class="pre">root\@local_realm</span></tt>.</p> +</li> +</ul> +</dd> +</dl> +<p><strong>-c</strong> <em>source_cache_name</em></p> +<blockquote> +<div><p>Specify source cache name (e.g., <tt class="docutils literal"><span class="pre">-c</span> <span class="pre">FILE:/tmp/my_cache</span></tt>). If +<strong>-c</strong> option is not used then the name is obtained from +<strong>KRB5CCNAME</strong> environment variable. If <strong>KRB5CCNAME</strong> is not +defined the source cache name is set to <tt class="docutils literal"><span class="pre">krb5cc_<source</span> <span class="pre">uid></span></tt>. +The target cache name is automatically set to <tt class="docutils literal"><span class="pre">krb5cc_<target</span> +<span class="pre">uid>.(gen_sym())</span></tt>, where gen_sym generates a new number such that +the resulting cache does not already exist. For example:</p> +<div class="highlight-python"><div class="highlight"><pre>krb5cc_1984.2 +</pre></div> +</div> +</div></blockquote> +<dl class="docutils"> +<dt><strong>-k</strong></dt> +<dd>Do not delete the target cache upon termination of the target +shell or a command (<strong>-e</strong> command). Without <strong>-k</strong>, ksu deletes +the target cache.</dd> +<dt><strong>-z</strong></dt> +<dd>Restrict the copy of tickets from the source cache to the target +cache to only the tickets where client == the target principal +name. Use the <strong>-n</strong> option if you want the tickets for other then +the default principal. Note that the <strong>-z</strong> option is mutually +exclusive with the <strong>-Z</strong> option.</dd> +<dt><strong>-Z</strong></dt> +<dd>Don’t copy any tickets from the source cache to the target cache. +Just create a fresh target cache, where the default principal name +of the cache is initialized to the target principal name. Note +that the <strong>-Z</strong> option is mutually exclusive with the <strong>-z</strong> +option.</dd> +<dt><strong>-q</strong></dt> +<dd>Suppress the printing of status messages.</dd> +</dl> +<p>Ticket granting ticket options:</p> +<dl class="docutils"> +<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-pf</strong></dt> +<dd>The ticket granting ticket options only apply to the case where +there are no appropriate tickets in the cache to authenticate the +source user. In this case if ksu is configured to prompt users +for a Kerberos password (<strong>GET_TGT_VIA_PASSWD</strong> is defined), the +ticket granting ticket options that are specified will be used +when getting a ticket granting ticket from the Kerberos server.</dd> +<dt><strong>-l</strong> <em>lifetime</em></dt> +<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies the lifetime to be requested +for the ticket; if this option is not specified, the default ticket +lifetime (12 hours) is used instead.</dd> +<dt><strong>-r</strong> <em>time</em></dt> +<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies that the <strong>renewable</strong> option +should be requested for the ticket, and specifies the desired +total lifetime of the ticket.</dd> +<dt><strong>-p</strong></dt> +<dd>specifies that the <strong>proxiable</strong> option should be requested for +the ticket.</dd> +<dt><strong>-f</strong></dt> +<dd>option specifies that the <strong>forwardable</strong> option should be +requested for the ticket.</dd> +<dt><strong>-e</strong> <em>command</em> [<em>args</em> ...]</dt> +<dd><p class="first">ksu proceeds exactly the same as if it was invoked without the +<strong>-e</strong> option, except instead of executing the target shell, ksu +executes the specified command. Example of usage:</p> +<div class="highlight-python"><div class="highlight"><pre>ksu bob -e ls -lag +</pre></div> +</div> +<p>The authorization algorithm for <strong>-e</strong> is as follows:</p> +<p>If the source user is root or source user == target user, no +authorization takes place and the command is executed. If source +user id != 0, and <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file does not exist, +authorization fails. Otherwise, <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file +must have an appropriate entry for target principal to get +authorized.</p> +<p>The .k5users file format:</p> +<p>A single principal entry on each line that may be followed by a +list of commands that the principal is authorized to execute. A +principal name followed by a <tt class="docutils literal"><span class="pre">*</span></tt> means that the user is +authorized to execute any command. Thus, in the following +example:</p> +<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU ls mail /local/kerberos/klist +jqpublic/secure@USC.EDU * +jqpublic/admin@USC.EDU +</pre></div> +</div> +<p><tt class="docutils literal"><span class="pre">jqpublic@USC.EDU</span></tt> is only authorized to execute <tt class="docutils literal"><span class="pre">ls</span></tt>, +<tt class="docutils literal"><span class="pre">mail</span></tt> and <tt class="docutils literal"><span class="pre">klist</span></tt> commands. <tt class="docutils literal"><span class="pre">jqpublic/secure@USC.EDU</span></tt> is +authorized to execute any command. <tt class="docutils literal"><span class="pre">jqpublic/admin@USC.EDU</span></tt> is +not authorized to execute any command. Note, that +<tt class="docutils literal"><span class="pre">jqpublic/admin@USC.EDU</span></tt> is authorized to execute the target +shell (regular ksu, without the <strong>-e</strong> option) but +<tt class="docutils literal"><span class="pre">jqpublic@USC.EDU</span></tt> is not.</p> +<p>The commands listed after the principal name must be either a full +path names or just the program name. In the second case, +<strong>CMD_PATH</strong> specifying the location of authorized programs must +be defined at the compilation time of ksu. Which command gets +executed?</p> +<p class="last">If the source user is root or the target user is the source user +or the user is authorized to execute any command (<tt class="docutils literal"><span class="pre">*</span></tt> entry) +then command can be either a full or a relative path leading to +the target program. Otherwise, the user must specify either a +full path or just the program name.</p> +</dd> +<dt><strong>-a</strong> <em>args</em></dt> +<dd><p class="first">Specify arguments to be passed to the target shell. Note that all +flags and parameters following -a will be passed to the shell, +thus all options intended for ksu must precede <strong>-a</strong>.</p> +<p>The <strong>-a</strong> option can be used to simulate the <strong>-e</strong> option if +used as follows:</p> +<div class="highlight-python"><div class="highlight"><pre>-a -c [command [arguments]]. +</pre></div> +</div> +<p class="last"><strong>-c</strong> is interpreted by the c-shell to execute the command.</p> +</dd> +</dl> +</div> +<div class="section" id="installation-instructions"> +<h2>INSTALLATION INSTRUCTIONS<a class="headerlink" href="#installation-instructions" title="Permalink to this headline">¶</a></h2> +<p>ksu can be compiled with the following four flags:</p> +<dl class="docutils"> +<dt><strong>GET_TGT_VIA_PASSWD</strong></dt> +<dd>In case no appropriate tickets are found in the source cache, the +user will be prompted for a Kerberos password. The password is +then used to get a ticket granting ticket from the Kerberos +server. The danger of configuring ksu with this macro is if the +source user is logged in remotely and does not have a secure +channel, the password may get exposed.</dd> +<dt><strong>PRINC_LOOK_AHEAD</strong></dt> +<dd>During the resolution of the default principal name, +<strong>PRINC_LOOK_AHEAD</strong> enables ksu to find principal names in +the .k5users file as described in the OPTIONS section +(see <strong>-n</strong> option).</dd> +<dt><strong>CMD_PATH</strong></dt> +<dd>Specifies a list of directories containing programs that users are +authorized to execute (via .k5users file).</dd> +<dt><strong>HAVE_GETUSERSHELL</strong></dt> +<dd>If the source user is non-root, ksu insists that the target user’s +shell to be invoked is a “legal shell”. <em>getusershell(3)</em> is +called to obtain the names of “legal shells”. Note that the +target user’s shell is obtained from the passwd file.</dd> +</dl> +<p>Sample configuration:</p> +<div class="highlight-python"><div class="highlight"><pre>KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" +</pre></div> +</div> +<p>ksu should be owned by root and have the set user id bit turned on.</p> +<p>ksu attempts to get a ticket for the end server just as Kerberized +telnet and rlogin. Thus, there must be an entry for the server in the +Kerberos database (e.g., <tt class="docutils literal"><span class="pre">host/nii.isi.edu@ISI.EDU</span></tt>). The keytab +file must be in an appropriate location.</p> +</div> +<div class="section" id="side-effects"> +<h2>SIDE EFFECTS<a class="headerlink" href="#side-effects" title="Permalink to this headline">¶</a></h2> +<p>ksu deletes all expired tickets from the source cache.</p> +</div> +<div class="section" id="author-of-ksu"> +<h2>AUTHOR OF KSU<a class="headerlink" href="#author-of-ksu" title="Permalink to this headline">¶</a></h2> +<p>GENNADY (ARI) MEDVINSKY</p> +</div> +</div> + + + </div> + </div> + </div> + </div> + <div class="sidebar"> + <h2>On this page</h2> + <ul> +<li><a class="reference internal" href="#">ksu</a><ul> +<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> +<li><a class="reference internal" href="#requirements">REQUIREMENTS</a></li> +<li><a class="reference internal" href="#description">DESCRIPTION</a></li> +<li><a class="reference internal" href="#authentication">AUTHENTICATION</a></li> +<li><a class="reference internal" href="#authorization">AUTHORIZATION</a></li> +<li><a class="reference internal" href="#execution-of-the-target-shell">EXECUTION OF THE TARGET SHELL</a></li> +<li><a class="reference internal" href="#creating-a-new-security-context">CREATING A NEW SECURITY CONTEXT</a></li> +<li><a class="reference internal" href="#options">OPTIONS</a></li> +<li><a class="reference internal" href="#installation-instructions">INSTALLATION INSTRUCTIONS</a></li> +<li><a class="reference internal" href="#side-effects">SIDE EFFECTS</a></li> +<li><a class="reference internal" href="#author-of-ksu">AUTHOR OF KSU</a></li> +</ul> +</li> +</ul> + + <br/> + <h2>Table of contents</h2> + <ul class="current"> +<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> +<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> +<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> +<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> +<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> +<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> +<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> +<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> +<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> +<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> +<li class="toctree-l3 current"><a class="current reference internal" href="">ksu</a></li> +<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> +<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> +<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> +</ul> +</li> +</ul> +</li> +<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> +<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> +</ul> + + <br/> + <h4><a href="../../index.html">Full Table of Contents</a></h4> + <h4>Search</h4> + <form class="search" action="../../search.html" method="get"> + <input type="text" name="q" size="18" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> + <div class="clearer"></div> + </div> + </div> + + <div class="footer-wrapper"> + <div class="footer" > + <div class="right" ><i>Release: 1.15.1</i><br /> + © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. + </div> + <div class="left"> + + <a href="../../index.html" title="Full Table of Contents" + >Contents</a> | + <a href="krb5-config.html" title="krb5-config" + >previous</a> | + <a href="kswitch.html" title="kswitch" + >next</a> | + <a href="../../genindex.html" title="General Index" + >index</a> | + <a href="../../search.html" title="Enter search criteria" + >Search</a> | + <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> + </div> + </div> + </div> + + </body> +</html>
\ No newline at end of file |