[prev in list] [next in list] [prev in thread] [next in thread]
List: krb5-cvs
Subject: svn rev #25404: trunk/doc/rst_source/ krb_appldev/refs/api/
From: tsitkova () mit ! edu
Date: 2011-10-21 19:31:41
Message-ID: 201110211931.p9LJVfnx012799 () drugstore ! mit ! edu
[Download RAW message or body]
http://src.mit.edu/fisheye/changelog/krb5/?cs=25404
Commit By: tsitkova
Log Message:
Updated "MIT Kerberos defaults" with references to the internet drafts/standards and \
projects
On the unrelated note, commiting the reference to the new API krb5_pac_sign in \
krb_appldev/refs/api/index.rst
Changed Files:
U trunk/doc/rst_source/index.rst
U trunk/doc/rst_source/krb_appldev/refs/api/index.rst
A trunk/doc/rst_source/mitK5defaults.rst
U trunk/doc/rst_source/mitK5features.rst
U trunk/doc/rst_source/mitK5license.rst
Modified: trunk/doc/rst_source/index.rst
===================================================================
--- trunk/doc/rst_source/index.rst 2011-10-21 19:10:57 UTC (rev 25403)
+++ trunk/doc/rst_source/index.rst 2011-10-21 19:31:41 UTC (rev 25404)
@@ -11,6 +11,7 @@
krb_appldev/index.rst
krb_admins/index.rst
krb_users/index.rst
+ krb_build/index.rst
.. toctree::
:maxdepth: 1
Modified: trunk/doc/rst_source/krb_appldev/refs/api/index.rst
===================================================================
--- trunk/doc/rst_source/krb_appldev/refs/api/index.rst 2011-10-21 19:10:57 UTC (rev \
25403)
+++ trunk/doc/rst_source/krb_appldev/refs/api/index.rst 2011-10-21 19:31:41 UTC (rev \
25404) @@ -234,6 +234,7 @@
krb5_pac_get_types.rst
krb5_pac_init.rst
krb5_pac_parse.rst
+ krb5_pac_sign.rst
krb5_pac_verify.rst
krb5_principal2salt.rst
krb5_rd_cred.rst
Added: trunk/doc/rst_source/mitK5defaults.rst
===================================================================
--- trunk/doc/rst_source/mitK5defaults.rst (rev 0)
+++ trunk/doc/rst_source/mitK5defaults.rst 2011-10-21 19:31:41 UTC (rev 25404)
@@ -0,0 +1,98 @@
+.. _mitK5defaults:
+
+MIT Kerberos defaults
+============================
+
+
+The list of the site- and OS- dependent configuration
+-------------------------------------------------------
+
+
+ ================================================== ================================
+ Keytab file FILE\:/etc/krb5.keytab
+ Path to Kerberos configuration file \
/etc/krb5.conf:SYSCONFDIR/krb5.conf + KDC configuration file \
LOCALSTATEDIR/krb5kdc/kdc.conf + The location of the default database \
LOCALSTATEDIR/krb5kdc/principal + Master key stash file location and prefix \
LOCALSTATEDIR/krb5kdc/.k5. (for example, /usr/local/var/krb5kdc/.k5.YOURREALM) + \
Admin Access Control List (ACL) file LOCALSTATEDIR/krb5kdc/krb5_adm.acl \
+ Admin ACL file used by old admin server \
LOCALSTATEDIR/krb5kdc/kadm_old.acl + Kerberos database library path \
MODULEDIR/kdb + Base directory where plugins are located \
LIBDIR/krb5/plugins + Master key default enctype \
ENCTYPE_AES256_CTS_HMAC_SHA1_96 + The name of the rcache used by KDC \
dfl:krb5kdc_rcache + KDC portname used for /etc/services or equiv. "kerberos"
+ KDC secondary portname for backward compatibility "kerberos-sec"
+ KDC default port 88
+ KDC default port for authentication 750
+ Admin change password port 464
+ KDC UDP default portlist "88,750"
+ ================================================== ================================
+
+
+MAC OS specific
+-----------------
+
+ ============================================================ \
================================ + Path to Kerberos config file \
~/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:SYSCONFDIR/krb5.conf + Base \
directory where krb5 plugins are located \
/System/Library/KerberosPlugins/KerberosFrameworkPlugins + Base directory where \
Kerberos databadse plugins are located \
/System/Library/KerberosPlugins/KerberosDatabasePlugins + Base directory where \
authorization data plugins are located \
/System/Library/KerberosPlugins/KerberosAuthDataPlugins + \
============================================================ \
================================ +
+
+Windows specific
+----------------------
+
+ ======================================= \
==================================================== + Kerberos config file name \
krb5.ini + Keytab file name FILE\:%s\\krb5kt (for example, \
C:\\WINDOWS\\krb5kt) + ======================================= \
==================================================== +
+
+Defaults for the KADM5 admin system
+---------------------------------------
+
+ ====================================================================== \
================================ + Admin keytab file \
LOCALSTATEDIR/krb5kdc/kadm5.keytab + Admin ACL file that defines access rights to the \
Kerberos database LOCALSTATEDIR/krb5kdc/kadm5.acl + Admin server default port \
749 + Default supported enctype/salttype matrix \
aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal \
arcfour-hmac-md5:normal + Max datagram size \
4096 + Directory to store replay caches \
KRB5RCTMPDIR + Kerberized login program \
SBINDIR/login.krb5 + Kerberized remote login program \
BINDIR/rlogin + ====================================================================== \
================================ +
+
+krb5 *slave* support
+-----------------------------
+
+ ============================================================ \
================================ + kprop database dump file \
LOCALSTATEDIR/krb5kdc/slave_datatrans + kpropd temporary database file \
LOCALSTATEDIR/krb5kdc/from_master + Location of the utility used to load the \
principal database SBINDIR/kdb5_util + kpropd default kprop \
SBINDIR/kprop + kpropd principal database location \
LOCALSTATEDIR/krb5kdc/principal + kpropd ACL file \
LOCALSTATEDIR/krb5kdc/kpropd.acl + \
============================================================ \
================================ +
+
+Site- and system-wide initialization for the code compiled on Linux or Solaris
+-----------------------------------------------------------------------------------
+
+ ===================== ============================== =================
+ BINDIR /usr/local/bin/
+ KRB5RCTMPDIR /var/tmp
+ LIBDIR /usr/local/lib/ krb5 library directory
+ LOCALSTATEDIR /usr/local/var/
+ MODULEDIR /usr/local/lib/krb5/plugins/ krb5 static plugins directory
+ SBINDIR /usr/local/sbin/
+ SYSCONFDIR /usr/local/etc/
+ ===================== ============================== =================
+
+Report the problem
+------------------
+
+
+Please, provide your feedback on this document at \
krb5-bugsmit.edu?subject=Documentation___krb5_implementation_features +
Modified: trunk/doc/rst_source/mitK5features.rst
===================================================================
--- trunk/doc/rst_source/mitK5features.rst 2011-10-21 19:10:57 UTC (rev 25403)
+++ trunk/doc/rst_source/mitK5features.rst 2011-10-21 19:31:41 UTC (rev 25404)
@@ -10,48 +10,42 @@
Quick facts
-----------------------
- +---------------------------------+------------------------+
- | | MIT |
- +=================================+========================+
- | Latest stable version | 1.9.1 |
- +---------------------------------+------------------------+
- | Supported versions | 1.7.2, 1.8.4, 1.9.1 |
- +---------------------------------+------------------------+
- | Release cycle | 9 - 12 months |
- +---------------------------------+------------------------+
- | Supported platforms/ | - Solaris |
- | OS distributions | - SPARC |
- | | - x86_64/x86 |
- | | - GNU/Linux |
- | | - Debian x86_64/x86 |
- | | - Ubuntu x86_64/x86 |
- | | - RedHat x86_64/x86 |
- | | - BSD |
- | | - NetBSD x86_64/x86 |
- +---------------------------------+------------------------+
- | Crypto backends | - OSSL 1.0+ |
- | | - builtin |
- | | - NSS 3.12.9+ |
- +---------------------------------+------------------------+
- | Database backends | - LDAP |
- | | - DB2 |
- +---------------------------------+------------------------+
- | krb4 support | < 1.8 |
- +---------------------------------+------------------------+
- | DES support | configurable |
- +---------------------------------+------------------------+
- | Extensions (1.8+) | - S4U2Self |
- | | - S4U2Proxy |
- | | - GSS naming exts |
- | | - GSS to store creds |
- +---------------------------------+------------------------+
- | License | .. toctree:: |
- | | |
- | | mitK5license.rst |
- +---------------------------------+------------------------+
+ ====================================================== \
======================================= \
============================================================================= + \
Latest stable version 1.9.1 + \
Supported versions 1.7.2, 1.8.4, 1.9.1 + \
Release cycle 9 - 12 months + \
Supported platforms/OS distributions Solaris + \
- SPARC + \
- x86_64/x86 + \
GNU/Linux + \
- Debian x86_64/x86 + \
- Ubuntu x86_64/x86 + \
- RedHat x86_64/x86 + \
BSD + \
- NetBSD x86_64/x86 + Crypto backends - \
OpenSSL 1.0\+ - http://www.openssl.org + \
- builtin - MIT Kerberos native crypto library + \
- NSS 3.12.9\+ - Mozilla's Network Security Services. + \
http://www.mozilla.org/projects/security/pki/nss + Database backends \
- LDAP + \
- DB2 + krb4 support < \
1.8 + DES support \
configurable \
http://k5wiki.kerberos.org/wiki/Projects/Disable_DES + GSS-API S4U extensions \
1.8+ \
http://msdn.microsoft.com/en-us/library/cc246071 + \
- S4U2Proxy + \
- S4U2Proxy + GSS-API naming extensions 1.8+ \
http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-11 + \
+ GSS-API extensions for storing delegated credentials 1.8+ \
:rfc:`5588`
+ License :ref:`mitK5license`
+ Defaults :ref:`mitK5defaults`
+ ====================================================== \
======================================= \
=============================================================================
+
+
+
Interoperabiity
---------------
@@ -87,85 +81,52 @@
* Support for reading Heimdal database starting from version 1.8
-Feature list
---------------------------
+Feature list
+~~~~~~~~~~~~~~~
+ =============================================== =========== \
============================================ + \ \
Available Additional information + \
=============================================== =========== \
============================================ + Credentials delegation \
1.7 :rfc:`5896` + Cross-realm authentication and referrals 1.7 \
http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-12 + Master key \
migration 1.7 \
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration + PKINIT \
1.7 :rfc:`4556` + Anonymous PKINIT \
1.8 :rfc:`6112` http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit + \
Constrained delegation 1.8 \
http://k5wiki.kerberos.org/wiki/Projects/ConstrainedDelegation + \
IAKERB 1.8 \
http://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02 + Heimdal \
bridge plugin for KDC backend 1.8 + Advance \
warning on password expiry 1.9 + Camellia \
encryption (CTS-CMAC mode) 1.9 experimental \
http://tools.ietf.org/html/draft-ietf-krb-wg-camellia-cts-00 + KDC support \
for SecurID preauthentication 1.9 \
http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support + kadmin over IPv6 \
1.9 + Trace logging 1.9 \
http://k5wiki.kerberos.org/wiki/Projects/Trace_logging + \
GSSAPI/KRB5 multi-realm support + \
Plugins to test password quality 1.9 \
http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface + \
Plugins to synchronize password changes 1.9 + Parallel KDC \
1.9 + GS2 1.9 :rfc:`5801` \
:rfc:`5587` http://k5wiki.kerberos.org/wiki/Projects/GS2 + \
Purging old keys 1.9 + \
Naming extensions for delegation chain 1.9 + \
Password expiration API 1.9 + \
Windows client support (build-only) 1.9 + \
pre-auth mechanisms: + - \
PW-SALT :rfc:`4120#section-5.2.7.3` \
+ - ENC-TIMESTAMP \
:rfc:`4120#section-5.2.7.2` + - SAM-2 \
+ - FAST negotiation framework 1.8 :rfc:`6113`
+ - PKINIT :rfc:`4556`
+ - FX-COOKIE \
:rfc:`6113#section-5.2` + - S4U-X509-USER \
1.8 http://msdn.microsoft.com/en-us/library/cc246091 + \
+ PRNG
+ - modularity: 1.9
+ - Yarrow PRNG < 1.10
+ - Fortuna PRNG 1.9
+ - OS PRNG 1.10
+ Zero configuration
+ IPv6 support in iprop
+ =============================================== =========== \
============================================
- +-----------------------------------------------+-----------+-------------------+
- | | Available | Additional | \
- | | | information | \
- +===============================================+===========+===================+
- | PKINIT | 1.7 | |
- +-----------------------------------------------+-----------+-------------------+
- | Anonymous PKINIT | 1.8 | |
- +-----------------------------------------------+-----------+-------------------+
- | IPv6 support in iprop | | |
- +-----------------------------------------------+-----------+-------------------+
- | kadmin over IPv6 | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Trace logging | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | IAKERB | 1.8 | |
- +-----------------------------------------------+-----------+-------------------+
- | GSSAPI/KRB5 multi-realm support | | |
- +-----------------------------------------------+-----------+-------------------+
- | Plugins to test password quality | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Plugins to synchronize password changes | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Parallel KDC | | |
- +-----------------------------------------------+-----------+-------------------+
- | Credentials delegation | 1.7 | |
- +-----------------------------------------------+-----------+-------------------+
- | Constrained delegation | 1.8 | |
- +-----------------------------------------------+-----------+-------------------+
- | Cross-realm auth and referrals | 1.7 | |
- +-----------------------------------------------+-----------+-------------------+
- | GS2 | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Purging old keys | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Naming extensions for delegation chain | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Password expiration API | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Windows client support (build-only) | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | pre-auth mechanisms: | | | | |
- | | | | | |
- | - PW-SALT | | | | :rfc:`4120` |
- | - ENC-TIMESTAMP | | | | :rfc:`4120` |
- | - SAM-2 | | | | |
- | - FAST negotiation framework | | 1.8 | | |
- | - PKINIT | | | | |
- | - FX-COOKIE | | | | |
- | - S4U-X509-USER | | | | |
- | | | |
- +-----------------------------------------------+-----------+-------------------+
- | KDC support for SecurID preauthentication | 1.9 | SAM-2 protocol |
- +-----------------------------------------------+-----------+-------------------+
- | Account lockout on bad login attempts | 1.8 | | \
- +-----------------------------------------------+-----------+-------------------+
- | Camellia encryption (CTS-MAC mode) | 1.9 | experimental |
- | | | |
- +-----------------------------------------------+-----------+-------------------+
- | PRNG | | | |
- | | | | |
- | - modularity: | | 1.9 | |
- | - Yarrow PRNG | | < 1.10 | |
- | - Fortuna PRNG | | 1.9 | |
- | - OS PRNG | | 1.10 | |
- +-----------------------------------------------+-----------+-------------------+
- | Advance warning on password expiry | 1.9 | |
- +-----------------------------------------------+-----------+-------------------+
- | Heimdal bridge plugin for KDC backend | 1.8 | |
- +-----------------------------------------------+-----------+-------------------+
- | Zero configuration | | |
- +-----------------------------------------------+-----------+-------------------+
- | Master key migration | 1.7 | |
- +-----------------------------------------------+-----------+-------------------+
- | | | |
- +-----------------------------------------------+-----------+-------------------+
Modified: trunk/doc/rst_source/mitK5license.rst
===================================================================
--- trunk/doc/rst_source/mitK5license.rst 2011-10-21 19:10:57 UTC (rev 25403)
+++ trunk/doc/rst_source/mitK5license.rst 2011-10-21 19:31:41 UTC (rev 25404)
@@ -1,3 +1,5 @@
+.. _mitK5license:
+
MIT Kerberos License information
===================================
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic