- s/NOTE/Note
- Add some manual page entities - s/id/ID to be consistent will all docs - Use right tags for a Kerberos realm - Reword a sentence - Add some username tags and a missing )
This commit is contained in:
Marc Fonvieille
parent
9d6824efa7
commit
cf253eac90
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=17709
1 changed files with 15 additions and 15 deletions
|
|
@ -1728,7 +1728,7 @@ Edit O.K.
|
||||||
<sect2>
|
<sect2>
|
||||||
<title>Testing It All Out</title>
|
<title>Testing It All Out</title>
|
||||||
|
|
||||||
<para>First we have to start the Kerberos daemons. NOTE that if you
|
<para>First we have to start the Kerberos daemons. Note that if you
|
||||||
have correctly edited your <filename>/etc/rc.conf</filename> then this
|
have correctly edited your <filename>/etc/rc.conf</filename> then this
|
||||||
will happen automatically when you reboot. This is only necessary on
|
will happen automatically when you reboot. This is only necessary on
|
||||||
the Kerberos server. Kerberos clients will automatically get what
|
the Kerberos server. Kerberos clients will automatically get what
|
||||||
|
|
@ -1755,7 +1755,7 @@ Current Kerberos master key version is 1.
|
||||||
Master key entered. BEWARE!</screen>
|
Master key entered. BEWARE!</screen>
|
||||||
|
|
||||||
<para>Now we can try using the <command>kinit</command> command to get a
|
<para>Now we can try using the <command>kinit</command> command to get a
|
||||||
ticket for the id <username>jane</username> that we created
|
ticket for the ID <username>jane</username> that we created
|
||||||
above:</para>
|
above:</para>
|
||||||
|
|
||||||
<screen>&prompt.user; <userinput>kinit jane</userinput>
|
<screen>&prompt.user; <userinput>kinit jane</userinput>
|
||||||
|
|
@ -1773,7 +1773,7 @@ Principal: jane@EXAMPLE.COM
|
||||||
Issued Expires Principal
|
Issued Expires Principal
|
||||||
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.EXAMPLE.COM@EXAMPLE.COM</screen>
|
Apr 30 11:23:22 Apr 30 19:23:22 krbtgt.EXAMPLE.COM@EXAMPLE.COM</screen>
|
||||||
|
|
||||||
<para>Now try changing the password using <command>passwd</command> to
|
<para>Now try changing the password using &man.passwd.1; to
|
||||||
check if the <application>kpasswd</application> daemon can get
|
check if the <application>kpasswd</application> daemon can get
|
||||||
authorization to the Kerberos database:</para>
|
authorization to the Kerberos database:</para>
|
||||||
|
|
||||||
|
|
@ -1791,9 +1791,9 @@ Password changed.</screen>
|
||||||
|
|
||||||
<para>Kerberos allows us to give <emphasis>each</emphasis> user
|
<para>Kerberos allows us to give <emphasis>each</emphasis> user
|
||||||
who needs <username>root</username> privileges their own
|
who needs <username>root</username> privileges their own
|
||||||
<emphasis>separate</emphasis> <command>su</command> password.
|
<emphasis>separate</emphasis> &man.su.1; password.
|
||||||
We could now add an id which is authorized to
|
We could now add an ID which is authorized to
|
||||||
<command>su</command> to <username>root</username>. This is
|
&man.su.1; to <username>root</username>. This is
|
||||||
controlled by having an instance of <username>root</username>
|
controlled by having an instance of <username>root</username>
|
||||||
associated with a principal. Using <command>kdb_edit</command>
|
associated with a principal. Using <command>kdb_edit</command>
|
||||||
we can create the entry <literal>jane.root</literal> in the
|
we can create the entry <literal>jane.root</literal> in the
|
||||||
|
|
@ -1841,7 +1841,7 @@ Kerberos Initialization for "jane.root"
|
||||||
<screen>&prompt.root; <userinput>cat /root/.klogin</userinput>
|
<screen>&prompt.root; <userinput>cat /root/.klogin</userinput>
|
||||||
jane.root@EXAMPLE.COM</screen>
|
jane.root@EXAMPLE.COM</screen>
|
||||||
|
|
||||||
<para>Now try doing the <command>su</command>:</para>
|
<para>Now try doing the &man.su.1;:</para>
|
||||||
|
|
||||||
<screen>&prompt.user; <userinput>su</userinput>
|
<screen>&prompt.user; <userinput>su</userinput>
|
||||||
<prompt>Password:</prompt></screen>
|
<prompt>Password:</prompt></screen>
|
||||||
|
|
@ -1865,7 +1865,7 @@ May 2 20:43:12 May 3 04:43:12 krbtgt.EXAMPLE.COM@EXAMPLE.COM</screen>
|
||||||
is a Kerberos default; that a
|
is a Kerberos default; that a
|
||||||
<literal><principal>.<instance></literal> of the form
|
<literal><principal>.<instance></literal> of the form
|
||||||
<literal><username>.</literal><username>root</username> will allow
|
<literal><username>.</literal><username>root</username> will allow
|
||||||
that <literal><username></literal> to <command>su</command> to
|
that <literal><username></literal> to &man.su.1; to
|
||||||
<username>root</username> if the necessary entries are in the
|
<username>root</username> if the necessary entries are in the
|
||||||
<filename>.klogin</filename> file in <username>root</username>'s
|
<filename>.klogin</filename> file in <username>root</username>'s
|
||||||
home directory:</para>
|
home directory:</para>
|
||||||
|
|
@ -1880,13 +1880,13 @@ jane.root@EXAMPLE.COM</screen>
|
||||||
jane@EXAMPLE.COM
|
jane@EXAMPLE.COM
|
||||||
jack@EXAMPLE.COM</screen>
|
jack@EXAMPLE.COM</screen>
|
||||||
|
|
||||||
<para>This allows anyone in the <filename>EXAMPLE.COM</filename> realm
|
<para>This allows anyone in the <literal>EXAMPLE.COM</literal> realm
|
||||||
who has authenticated themselves to <username>jane</username> or
|
who has authenticated themselves as <username>jane</username> or
|
||||||
<username>jack</username> (via <command>kinit</command>, see above)
|
<username>jack</username> (via <command>kinit</command>, see above)
|
||||||
access to <command>rlogin</command> to <username>jane</username>'s
|
to access to <username>jane</username>'s
|
||||||
account or files on this system (<hostid>grunt</hostid>) via
|
account or files on this system (<hostid>grunt</hostid>) via
|
||||||
<command>rlogin</command>, <command>rsh</command> or
|
&man.rlogin.1;, &man.rsh.1; or
|
||||||
<command>rcp</command>.</para>
|
&man.rcp.1;.</para>
|
||||||
|
|
||||||
<para>For example, <username>jane</username> now logs into another system using
|
<para>For example, <username>jane</username> now logs into another system using
|
||||||
Kerberos:</para>
|
Kerberos:</para>
|
||||||
|
|
@ -1901,11 +1901,11 @@ Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
|
||||||
|
|
||||||
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
|
FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
|
||||||
|
|
||||||
<para>Or Jack logs into Jane's account on the same machine
|
<para>Or <username>jack</username> logs into <username>jane</username>'s account on the same machine
|
||||||
(<username>jane</username> having
|
(<username>jane</username> having
|
||||||
set up the <filename>.klogin</filename> file as above, and the person
|
set up the <filename>.klogin</filename> file as above, and the person
|
||||||
in charge of Kerberos having set up principal
|
in charge of Kerberos having set up principal
|
||||||
<emphasis>jack</emphasis> with a null instance:</para>
|
<emphasis>jack</emphasis> with a null instance):</para>
|
||||||
|
|
||||||
<screen>&prompt.user; <userinput>kinit</userinput>
|
<screen>&prompt.user; <userinput>kinit</userinput>
|
||||||
&prompt.user; <userinput>rlogin grunt -l jane</userinput>
|
&prompt.user; <userinput>rlogin grunt -l jane</userinput>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue