aboutsummaryrefslogtreecommitdiff
path: root/crypto/krb5/doc/html/admin/install_clients.html
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/krb5/doc/html/admin/install_clients.html')
-rw-r--r--crypto/krb5/doc/html/admin/install_clients.html205
1 files changed, 0 insertions, 205 deletions
diff --git a/crypto/krb5/doc/html/admin/install_clients.html b/crypto/krb5/doc/html/admin/install_clients.html
deleted file mode 100644
index 57dec1f64e63..000000000000
--- a/crypto/krb5/doc/html/admin/install_clients.html
+++ /dev/null
@@ -1,205 +0,0 @@
-<!DOCTYPE html>
-
-<html lang="en" data-content_root="../">
- <head>
- <meta charset="utf-8" />
- <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
-
- <title>Installing and configuring UNIX client machines &#8212; MIT Kerberos Documentation</title>
- <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" />
- <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" />
- <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" />
- <script src="../_static/documentation_options.js?v=236fef3b"></script>
- <script src="../_static/doctools.js?v=888ff710"></script>
- <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
- <link rel="author" title="About these documents" href="../about.html" />
- <link rel="index" title="Index" href="../genindex.html" />
- <link rel="search" title="Search" href="../search.html" />
- <link rel="copyright" title="Copyright" href="../copyright.html" />
- <link rel="next" title="UNIX Application Servers" href="install_appl_srv.html" />
- <link rel="prev" title="Installing KDCs" href="install_kdc.html" />
- </head><body>
- <div class="header-wrapper">
- <div class="header">
-
-
- <h1><a href="../index.html">MIT Kerberos Documentation</a></h1>
-
- <div class="rel">
-
- <a href="../index.html" title="Full Table of Contents"
- accesskey="C">Contents</a> |
- <a href="install_kdc.html" title="Installing KDCs"
- accesskey="P">previous</a> |
- <a href="install_appl_srv.html" title="UNIX Application Servers"
- accesskey="N">next</a> |
- <a href="../genindex.html" title="General Index"
- accesskey="I">index</a> |
- <a href="../search.html" title="Enter search criteria"
- accesskey="S">Search</a> |
- <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Installing and configuring UNIX client machines">feedback</a>
- </div>
- </div>
- </div>
-
- <div class="content-wrapper">
- <div class="content">
- <div class="document">
-
- <div class="documentwrapper">
- <div class="bodywrapper">
- <div class="body" role="main">
-
- <section id="installing-and-configuring-unix-client-machines">
-<h1>Installing and configuring UNIX client machines<a class="headerlink" href="#installing-and-configuring-unix-client-machines" title="Link to this heading">¶</a></h1>
-<p>The Kerberized client programs include <a class="reference internal" href="../user/user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>,
-<a class="reference internal" href="../user/user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a>, <a class="reference internal" href="../user/user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, and <a class="reference internal" href="../user/user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a>. All of
-these programs are in the directory <a class="reference internal" href="../mitK5defaults.html#paths"><span class="std std-ref">BINDIR</span></a>.</p>
-<p>You can often integrate Kerberos with the login system on client
-machines, typically through the use of PAM. The details vary by
-operating system, and should be covered in your operating system’s
-documentation. If you do this, you will need to make sure your users
-know to use their Kerberos passwords when they log in.</p>
-<p>You will also need to educate your users to use the ticket management
-programs kinit, klist, and kdestroy. If you do not have Kerberos
-password changing integrated into the native password program (again,
-typically through PAM), you will need to educate users to use kpasswd
-in place of its non-Kerberos counterparts passwd.</p>
-<section id="client-machine-configuration-files">
-<h2>Client machine configuration files<a class="headerlink" href="#client-machine-configuration-files" title="Link to this heading">¶</a></h2>
-<p>Each machine running Kerberos should have a <a class="reference internal" href="conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a> file.
-At a minimum, it should define a <strong>default_realm</strong> setting in
-<a class="reference internal" href="conf_files/krb5_conf.html#libdefaults"><span class="std std-ref">[libdefaults]</span></a>. If you are not using DNS SRV records
-(<a class="reference internal" href="realm_config.html#kdc-hostnames"><span class="std std-ref">Hostnames for KDCs</span></a>) or URI records (<a class="reference internal" href="realm_config.html#kdc-discovery"><span class="std std-ref">KDC Discovery</span></a>), it must
-also contain a <a class="reference internal" href="conf_files/krb5_conf.html#realms"><span class="std std-ref">[realms]</span></a> section containing information for your
-realm’s KDCs.</p>
-<p>Consider setting <strong>rdns</strong> to false in order to reduce your dependence
-on precisely correct DNS information for service hostnames. Turning
-this flag off means that service hostnames will be canonicalized
-through forward name resolution (which adds your domain name to
-unqualified hostnames, and resolves CNAME records in DNS), but not
-through reverse address lookup. The default value of this flag is
-true for historical reasons only.</p>
-<p>If you anticipate users frequently logging into remote hosts
-(e.g., using ssh) using forwardable credentials, consider setting
-<strong>forwardable</strong> to true so that users obtain forwardable tickets by
-default. Otherwise users will need to use <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-f</span></code> to get
-forwardable tickets.</p>
-<p>Consider adjusting the <strong>ticket_lifetime</strong> setting to match the likely
-length of sessions for your users. For instance, if most of your
-users will be logging in for an eight-hour workday, you could set the
-default to ten hours so that tickets obtained in the morning expire
-shortly after the end of the workday. Users can still manually
-request longer tickets when necessary, up to the maximum allowed by
-each user’s principal record on the KDC.</p>
-<p>If a client host may access services in different realms, it may be
-useful to define a <a class="reference internal" href="conf_files/krb5_conf.html#domain-realm"><span class="std std-ref">[domain_realm]</span></a> mapping so that clients know
-which hosts belong to which realms. However, if your clients and KDC
-are running release 1.7 or later, it is also reasonable to leave this
-section out on client machines and just define it in the KDC’s
-krb5.conf.</p>
-</section>
-</section>
-
-
- <div class="clearer"></div>
- </div>
- </div>
- </div>
- </div>
- <div class="sidebar">
-
- <h2>On this page</h2>
- <ul>
-<li><a class="reference internal" href="#">Installing and configuring UNIX client machines</a><ul>
-<li><a class="reference internal" href="#client-machine-configuration-files">Client machine configuration files</a></li>
-</ul>
-</li>
-</ul>
-
- <br/>
- <h2>Table of contents</h2>
- <ul class="current">
-<li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
-<li class="toctree-l1 current"><a class="reference internal" href="index.html">For administrators</a><ul class="current">
-<li class="toctree-l2 current"><a class="reference internal" href="install.html">Installation guide</a><ul class="current">
-<li class="toctree-l3"><a class="reference internal" href="install_kdc.html">Installing KDCs</a></li>
-<li class="toctree-l3 current"><a class="current reference internal" href="#">Installing and configuring UNIX client machines</a></li>
-<li class="toctree-l3"><a class="reference internal" href="install_appl_srv.html">UNIX Application Servers</a></li>
-</ul>
-</li>
-<li class="toctree-l2"><a class="reference internal" href="conf_files/index.html">Configuration Files</a></li>
-<li class="toctree-l2"><a class="reference internal" href="realm_config.html">Realm configuration decisions</a></li>
-<li class="toctree-l2"><a class="reference internal" href="database.html">Database administration</a></li>
-<li class="toctree-l2"><a class="reference internal" href="dbtypes.html">Database types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="lockout.html">Account lockout</a></li>
-<li class="toctree-l2"><a class="reference internal" href="conf_ldap.html">Configuring Kerberos with OpenLDAP back-end</a></li>
-<li class="toctree-l2"><a class="reference internal" href="appl_servers.html">Application servers</a></li>
-<li class="toctree-l2"><a class="reference internal" href="host_config.html">Host configuration</a></li>
-<li class="toctree-l2"><a class="reference internal" href="backup_host.html">Backups of secure hosts</a></li>
-<li class="toctree-l2"><a class="reference internal" href="pkinit.html">PKINIT configuration</a></li>
-<li class="toctree-l2"><a class="reference internal" href="otp.html">OTP Preauthentication</a></li>
-<li class="toctree-l2"><a class="reference internal" href="spake.html">SPAKE Preauthentication</a></li>
-<li class="toctree-l2"><a class="reference internal" href="dictionary.html">Addressing dictionary attack risks</a></li>
-<li class="toctree-l2"><a class="reference internal" href="princ_dns.html">Principal names and DNS</a></li>
-<li class="toctree-l2"><a class="reference internal" href="enctypes.html">Encryption types</a></li>
-<li class="toctree-l2"><a class="reference internal" href="https.html">HTTPS proxy configuration</a></li>
-<li class="toctree-l2"><a class="reference internal" href="auth_indicator.html">Authentication indicators</a></li>
-<li class="toctree-l2"><a class="reference internal" href="admin_commands/index.html">Administration programs</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../mitK5defaults.html">MIT Kerberos defaults</a></li>
-<li class="toctree-l2"><a class="reference internal" href="env_variables.html">Environment variables</a></li>
-<li class="toctree-l2"><a class="reference internal" href="troubleshoot.html">Troubleshooting</a></li>
-<li class="toctree-l2"><a class="reference internal" href="advanced/index.html">Advanced topics</a></li>
-<li class="toctree-l2"><a class="reference internal" href="various_envs.html">Various links</a></li>
-</ul>
-</li>
-<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
-</ul>
-
- <br/>
- <h4><a href="../index.html">Full Table of Contents</a></h4>
- <h4>Search</h4>
- <form class="search" action="../search.html" method="get">
- <input type="text" name="q" size="18" />
- <input type="submit" value="Go" />
- <input type="hidden" name="check_keywords" value="yes" />
- <input type="hidden" name="area" value="default" />
- </form>
-
- </div>
- <div class="clearer"></div>
- </div>
- </div>
-
- <div class="footer-wrapper">
- <div class="footer" >
- <div class="right" ><i>Release: 1.22-final</i><br />
- &copy; <a href="../copyright.html">Copyright</a> 1985-2025, MIT.
- </div>
- <div class="left">
-
- <a href="../index.html" title="Full Table of Contents"
- >Contents</a> |
- <a href="install_kdc.html" title="Installing KDCs"
- >previous</a> |
- <a href="install_appl_srv.html" title="UNIX Application Servers"
- >next</a> |
- <a href="../genindex.html" title="General Index"
- >index</a> |
- <a href="../search.html" title="Enter search criteria"
- >Search</a> |
- <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Installing and configuring UNIX client machines">feedback</a>
- </div>
- </div>
- </div>
-
- </body>
-</html> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-28 06:35:04 +0000