os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Clean up the <indexterms> so that they are in a logical order. This

Browse source 
will index the KerberosIV entries under KerberosIV and Kerberos5
entries under Kerberos5.
This commit is contained in:
Tom Rhodes 2003-09-10 19:31:36 +00:00
parent aef6aeb915
commit 9dd925cd20
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=18103
1 changed files with 52 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -419,7 +419,7 @@
vast majority of break-ins occur remotely, over a network, from vast majority of break-ins occur remotely, over a network, from
people who do not have physical access to your workstation or people who do not have physical access to your workstation or
servers.</para> servers.</para>
<indexterm><primary>Kerberos</primary></indexterm> <indexterm><primary>KerberosIV</primary></indexterm>
<para>Using something like Kerberos also gives you the ability to <para>Using something like Kerberos also gives you the ability to
disable or change the password for a staff account in one place, disable or change the password for a staff account in one place,
@ -916,7 +916,7 @@
<sect2> <sect2>
<title>Access Issues with Kerberos and SSH</title> <title>Access Issues with Kerberos and SSH</title>
<indexterm><primary><command>ssh</command></primary></indexterm> <indexterm><primary><command>ssh</command></primary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm> <indexterm><primary>KerberosIV</primary></indexterm>
<para>There are a few issues with both Kerberos and <para>There are a few issues with both Kerberos and
ssh that need to be addressed if ssh that need to be addressed if
@ -1457,8 +1457,7 @@ permit port ttyd0</programlisting>
</sect1info> </sect1info>
<title>KerberosIV</title> <title>KerberosIV</title>
<indexterm><primary>KerberosIV</primary></indexterm>
<para>Kerberos is a network add-on system/protocol that allows users to <para>Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server. authenticate themselves through the services of a secure server.
Services such as remote login, remote copy, secure inter-system file Services such as remote login, remote copy, secure inter-system file
@ -1470,12 +1469,12 @@ permit port ttyd0</programlisting>
relevant manual pages for a complete description.</para> relevant manual pages for a complete description.</para>
<sect2> <sect2>
<title>Installing Kerberos</title> <title>Installing KerberosIV</title>
<indexterm><primary>MIT</primary></indexterm> <indexterm><primary>MIT</primary></indexterm>
<indexterm> <indexterm>
<primary>Kerberos</primary> <primary>KerberosIV</primary>
<secondary>installing</secondary> <secondary>Installing</secondary>
</indexterm> </indexterm>
<para>Kerberos is an optional component of &os;. The easiest <para>Kerberos is an optional component of &os;. The easiest
way to install this software is by selecting the <literal>krb4</literal> or way to install this software is by selecting the <literal>krb4</literal> or
@ -1577,7 +1576,7 @@ It is important that you NOT FORGET this password.
<para>Now we have to save the key so that servers on the local machine <para>Now we have to save the key so that servers on the local machine
can pick it up. Use the <command>kstash</command> command to do can pick it up. Use the <command>kstash</command> command to do
this:</para> this:</para>
<screen>&prompt.root; <userinput>kstash</userinput> <screen>&prompt.root; <userinput>kstash</userinput>
<prompt>Enter Kerberos master key:</prompt> <prompt>Enter Kerberos master key:</prompt>
@ -1585,14 +1584,19 @@ It is important that you NOT FORGET this password.
Current Kerberos master key version is 1. Current Kerberos master key version is 1.
Master key entered. BEWARE!</screen> Master key entered. BEWARE!</screen>
<para>This saves the encrypted master password in <para>This saves the encrypted master password in
<filename>/etc/kerberosIV/master_key</filename>.</para> <filename>/etc/kerberosIV/master_key</filename>.</para>
</sect2> </sect2>
<sect2> <sect2>
<title>Making It All Run</title> <title>Making It All Run</title>
<indexterm>
<primary>KerberosIV</primary>
<secondary>Inital Startup</secondary>
</indexterm>
<para>Two principals need to be added to the database for <para>Two principals need to be added to the database for
<emphasis>each</emphasis> system that will be secured with Kerberos. <emphasis>each</emphasis> system that will be secured with Kerberos.
Their names are <literal>kpasswd</literal> and <literal>rcmd</literal>. Their names are <literal>kpasswd</literal> and <literal>rcmd</literal>.
@ -1945,8 +1949,6 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<title><application>Kerberos5</application></title> <title><application>Kerberos5</application></title>
<indexterm><primary>Kerberos5</primary></indexterm>
<para>Every &os; release beyond &os;-5.1 includes support <para>Every &os; release beyond &os;-5.1 includes support
only for <application>Kerberos5</application>. Hence only for <application>Kerberos5</application>. Hence
<application>Kerberos5</application> is the only version <application>Kerberos5</application> is the only version
@ -2011,6 +2013,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<sect2> <sect2>
<title>History</title> <title>History</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>History</secondary>
</indexterm>
<para><application>Kerberos</application> was created by <para><application>Kerberos</application> was created by
<acronym>MIT</acronym> as a solution to network security problems. <acronym>MIT</acronym> as a solution to network security problems.
@ -2053,6 +2059,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<sect2> <sect2>
<title>Setting up a Heimdal <acronym>KDC</acronym></title> <title>Setting up a Heimdal <acronym>KDC</acronym></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Key Distribution Center Configuration</secondary>
</indexterm>
<para>The Key Distribution Center (<acronym>KDC</acronym>) is the <para>The Key Distribution Center (<acronym>KDC</acronym>) is the
centralized authentication service that centralized authentication service that
@ -2187,6 +2197,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<title><application>Kerberos</application> enabling a server with <title><application>Kerberos</application> enabling a server with
Heimdal services</title> Heimdal services</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Enabling Services</secondary>
</indexterm>
<para>First, we need a copy of the <application>Kerberos</application> <para>First, we need a copy of the <application>Kerberos</application>
configuration file, <filename>/etc/krb5.conf</filename>. To do configuration file, <filename>/etc/krb5.conf</filename>. To do
so, simply copy it over to the client computer from the so, simply copy it over to the client computer from the
@ -2286,6 +2301,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2> <sect2>
<title><application>Kerberos</application> enabling a client with Heimdal</title> <title><application>Kerberos</application> enabling a client with Heimdal</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Client Configuration</secondary>
</indexterm>
<para>Setting up a client computer is almost trivially easy. As <para>Setting up a client computer is almost trivially easy. As
far as <application>Kerberos</application> configuration goes, far as <application>Kerberos</application> configuration goes,
you only need the <application>Kerberos</application> you only need the <application>Kerberos</application>
@ -2339,6 +2359,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2> <sect2>
<title>User configuration files: <filename>.k5login</filename> and <filename>.k5users</filename></title> <title>User configuration files: <filename>.k5login</filename> and <filename>.k5users</filename></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>User Configuration Files</secondary>
</indexterm>
<para>Users within a realm typically have their <para>Users within a realm typically have their
<application>Kerberos</application> principal (such as <application>Kerberos</application> principal (such as
<username>tillman@EXAMPLE.ORG</username>) mapped to a local <username>tillman@EXAMPLE.ORG</username>) mapped to a local
@ -2379,6 +2404,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2> <sect2>
<title><application>Kerberos</application> Tips, Tricks, and Troubleshooting</title> <title><application>Kerberos</application> Tips, Tricks, and Troubleshooting</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Troubleshooting</secondary>
</indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>When using either the Heimdal or <acronym>MIT</acronym> <para>When using either the Heimdal or <acronym>MIT</acronym>
@ -2549,6 +2579,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2> <sect2>
<title>Mitigating limitations found in <application>Kerberos</application></title> <title>Mitigating limitations found in <application>Kerberos</application></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Limitations and Shortcomings</secondary>
</indexterm>
<sect3> <sect3>
<title><application>Kerberos</application> is an all-or-nothing approach</title> <title><application>Kerberos</application> is an all-or-nothing approach</title>
@ -2633,6 +2668,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2> <sect2>
<title>Resources and further information</title> <title>Resources and further information</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>External Resources</secondary>
</indexterm>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para><ulink <para><ulink