os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Clean up the <indexterms> so that they are in a logical order. This

Browse source 
will index the KerberosIV entries under KerberosIV and Kerberos5
entries under Kerberos5.
This commit is contained in:
Tom Rhodes 2003-09-10 19:31:36 +00:00
parent aef6aeb915
commit 9dd925cd20
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=18103
1 changed files with 52 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -419,7 +419,7 @@
vast majority of break-ins occur remotely, over a network, from
people who do not have physical access to your workstation or
servers.</para>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>KerberosIV</primary></indexterm>
<para>Using something like Kerberos also gives you the ability to
disable or change the password for a staff account in one place,
@ -916,7 +916,7 @@
<sect2>
<title>Access Issues with Kerberos and SSH</title>
<indexterm><primary><command>ssh</command></primary></indexterm>
<indexterm><primary>Kerberos</primary></indexterm>
<indexterm><primary>KerberosIV</primary></indexterm>
<para>There are a few issues with both Kerberos and
ssh that need to be addressed if
@ -1457,7 +1457,6 @@ permit port ttyd0</programlisting>
</sect1info>
<title>KerberosIV</title>
<indexterm><primary>KerberosIV</primary></indexterm>
<para>Kerberos is a network add-on system/protocol that allows users to
authenticate themselves through the services of a secure server.
@ -1470,12 +1469,12 @@ permit port ttyd0</programlisting>
relevant manual pages for a complete description.</para>
<sect2>
<title>Installing Kerberos</title>
<title>Installing KerberosIV</title>
<indexterm><primary>MIT</primary></indexterm>
<indexterm>
<primary>Kerberos</primary>
<secondary>installing</secondary>
<primary>KerberosIV</primary>
<secondary>Installing</secondary>
</indexterm>
<para>Kerberos is an optional component of &os;. The easiest
way to install this software is by selecting the <literal>krb4</literal> or
@ -1593,6 +1592,11 @@ Master key entered. BEWARE!</screen>
<sect2>
<title>Making It All Run</title>
<indexterm>
<primary>KerberosIV</primary>
<secondary>Inital Startup</secondary>
</indexterm>
<para>Two principals need to be added to the database for
<emphasis>each</emphasis> system that will be secured with Kerberos.
Their names are <literal>kpasswd</literal> and <literal>rcmd</literal>.
@ -1945,8 +1949,6 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<title><application>Kerberos5</application></title>
<indexterm><primary>Kerberos5</primary></indexterm>
<para>Every &os; release beyond &os;-5.1 includes support
only for <application>Kerberos5</application>. Hence
<application>Kerberos5</application> is the only version
@ -2011,6 +2013,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<sect2>
<title>History</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>History</secondary>
</indexterm>
<para><application>Kerberos</application> was created by
<acronym>MIT</acronym> as a solution to network security problems.
@ -2053,6 +2059,10 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<sect2>
<title>Setting up a Heimdal <acronym>KDC</acronym></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Key Distribution Center Configuration</secondary>
</indexterm>
<para>The Key Distribution Center (<acronym>KDC</acronym>) is the
centralized authentication service that
@ -2187,6 +2197,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<title><application>Kerberos</application> enabling a server with
Heimdal services</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Enabling Services</secondary>
</indexterm>
<para>First, we need a copy of the <application>Kerberos</application>
configuration file, <filename>/etc/krb5.conf</filename>. To do
so, simply copy it over to the client computer from the
@ -2286,6 +2301,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2>
<title><application>Kerberos</application> enabling a client with Heimdal</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Client Configuration</secondary>
</indexterm>
<para>Setting up a client computer is almost trivially easy. As
far as <application>Kerberos</application> configuration goes,
you only need the <application>Kerberos</application>
@ -2339,6 +2359,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2>
<title>User configuration files: <filename>.k5login</filename> and <filename>.k5users</filename></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>User Configuration Files</secondary>
</indexterm>
<para>Users within a realm typically have their
<application>Kerberos</application> principal (such as
<username>tillman@EXAMPLE.ORG</username>) mapped to a local
@ -2379,6 +2404,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2>
<title><application>Kerberos</application> Tips, Tricks, and Troubleshooting</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Troubleshooting</secondary>
</indexterm>
<itemizedlist>
<listitem>
<para>When using either the Heimdal or <acronym>MIT</acronym>
@ -2549,6 +2579,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2>
<title>Mitigating limitations found in <application>Kerberos</application></title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>Limitations and Shortcomings</secondary>
</indexterm>
<sect3>
<title><application>Kerberos</application> is an all-or-nothing approach</title>
@ -2633,6 +2668,11 @@ _kerberos IN TXT EXAMPLE.ORG.</programlisting></note>
<sect2>
<title>Resources and further information</title>
<indexterm>
<primary>Kerberos5</primary>
<secondary>External Resources</secondary>
</indexterm>
<itemizedlist>
<listitem>
<para><ulink