krb5: Import MIT 1.21.3 - src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2025-03-19 22:12:25 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2025-03-19 22:12:25 +0000
commit	8f7d3ef26dec89a92ec0665de84a5936310a5574 (patch)
tree	9a465418bd4056bf0d369751320a414eaed29fa4 /doc/html/admin/install_appl_srv.html
parent	1a79b20663ca26acc2998b90ea2ff2aefd8af5b1 (diff)

Diffstat (limited to 'doc/html/admin/install_appl_srv.html')

-rw-r--r--

doc/html/admin/install_appl_srv.html

1 files changed, 29 insertions, 35 deletions

diff --git a/doc/html/admin/install_appl_srv.html b/doc/html/admin/install_appl_srv.html
index b025950bdc63..14536e42d0e1 100644
--- a/doc/html/admin/install_appl_srv.html
+++ b/doc/html/admin/install_appl_srv.html

@@ -1,35 +1,26 @@

-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<!DOCTYPE html>

-<html xmlns="http://www.w3.org/1999/xhtml">

+<html>

<head>

- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

+ <meta charset="utf-8" />

+ <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" content="Docutils 0.17.1: http://docutils.sourceforge.net/" />

<title>UNIX Application Servers — MIT Kerberos Documentation</title>

- <link rel="stylesheet" href="../_static/agogo.css" type="text/css" />

- <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

- <link rel="stylesheet" href="../_static/kerb.css" type="text/css" />

- <script type="text/javascript">

- var DOCUMENTATION_OPTIONS = {

- URL_ROOT: '../',

- VERSION: '1.21.2',

- COLLAPSE_INDEX: false,

- FILE_SUFFIX: '.html',

- HAS_SOURCE: true,

- SOURCELINK_SUFFIX: '.txt'

- };

- </script>

- <script type="text/javascript" src="../_static/jquery.js"></script>

- <script type="text/javascript" src="../_static/underscore.js"></script>

- <script type="text/javascript" src="../_static/doctools.js"></script>

+ <link rel="stylesheet" type="text/css" href="../_static/pygments.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/agogo.css" />

+ <link rel="stylesheet" type="text/css" href="../_static/kerb.css" />

+ <script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"></script>

+ <script src="../_static/jquery.js"></script>

+ <script src="../_static/underscore.js"></script>

+ <script src="../_static/doctools.js"></script>

- </head>

- <body>

+ </head><body>

@@ -61,7 +52,7 @@

- <div class="section" id="unix-application-servers">

+ <section id="unix-application-servers">

<h1>UNIX Application Servers<a class="headerlink" href="#unix-application-servers" title="Permalink to this headline">¶</a></h1>

<p>An application server is a host that provides one or more services

over the network. Application servers can be “secure” or “insecure.”

@@ -75,7 +66,7 @@ security that Kerberos authentication affords. However, if you have

some clients that do not have Kerberos V5 installed, you can run an

insecure server, and still take advantage of Kerberos V5’s single

sign-on capability.</p>

-<div class="section" id="the-keytab-file">

+<section id="the-keytab-file">

<span id="keytab-file"></span><h2>The keytab file<a class="headerlink" href="#the-keytab-file" title="Permalink to this headline">¶</a></h2>

<p>All Kerberos server machines need a keytab file to authenticate to the

KDC. By default on UNIX-like systems this file is named <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a>.

@@ -93,10 +84,10 @@ the database is described fully in <a class="reference internal" href="database.

generated by running <a class="reference internal" href="admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> and issuing the <a class="reference internal" href="admin_commands/kadmin_local.html#ktadd"><span class="std std-ref">ktadd</span></a>

command.</p>

<p>For example, to generate a keytab file to allow the host

-<code class="docutils literal"><span class="pre">trillium.mit.edu</span></code> to authenticate for the services host, ftp, and

-pop, the administrator <code class="docutils literal"><span class="pre">joeadmin</span></code> would issue the command (on

-<code class="docutils literal"><span class="pre">trillium.mit.edu</span></code>):</p>

-<div class="highlight-default"><div class="highlight"><pre><span></span><span class="n">trillium</span><span class="o">%</span> <span class="n">kadmin</span>

+<code class="docutils literal notranslate"><span class="pre">trillium.mit.edu</span></code> to authenticate for the services host, ftp, and

+pop, the administrator <code class="docutils literal notranslate"><span class="pre">joeadmin</span></code> would issue the command (on

+<code class="docutils literal notranslate"><span class="pre">trillium.mit.edu</span></code>):</p>

+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">trillium</span><span class="o">%</span> <span class="n">kadmin</span>

<span class="n">Authenticating</span> <span class="k">as</span> <span class="n">principal</span> <span class="n">root</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> <span class="k">with</span> <span class="n">password</span><span class="o">.</span>

<span class="n">Password</span> <span class="k">for</span> <span class="n">root</span><span class="o">/</span><span class="n">admin</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span>

<span class="n">kadmin</span><span class="p">:</span> <span class="n">ktadd</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">ftp</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span> <span class="n">pop</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span>

@@ -108,10 +99,10 @@ pop, the administrator <code class="docutils literal"><span class="pre">joeadmin

</pre></div>

</div>

<p>If you generate the keytab file on another host, you need to get a

-copy of the keytab file onto the destination host (<code class="docutils literal"><span class="pre">trillium</span></code>, in

+copy of the keytab file onto the destination host (<code class="docutils literal notranslate"><span class="pre">trillium</span></code>, in

the above example) without sending it unencrypted over the network.</p>

-</div>

-<div class="section" id="some-advice-about-secure-hosts">

+</section>

+<section id="some-advice-about-secure-hosts">

<h2>Some advice about secure hosts<a class="headerlink" href="#some-advice-about-secure-hosts" title="Permalink to this headline">¶</a></h2>

<p>Kerberos V5 can protect your host from certain types of break-ins, but

it is possible to install Kerberos V5 and still leave your host

@@ -126,15 +117,17 @@ be physically secured.</p>

<p>The keytab file and any programs run by root, including the Kerberos

V5 binaries, should be kept on local disk. The keytab file should be

readable only by root.</p>

-</div>

+</section>

+ <div class="clearer"></div>

</div>

<ul>

<li><a class="reference internal" href="#">UNIX Application Servers</a><ul>

@@ -200,6 +193,7 @@ readable only by root.</p>

</form>

</div>

</div>

@@ -207,8 +201,8 @@ readable only by root.</p>

- <div class="right" ><i>Release: 1.21.2</i><br />

+ <div class="right" ><i>Release: 1.21.3</i><br />

</div>