Updated "MIT Kerberos defaults" with references to the internet drafts/standards...
authorZhanna Tsitkov <tsitkova@mit.edu>
Fri, 21 Oct 2011 19:31:41 +0000 (19:31 +0000)
committerZhanna Tsitkov <tsitkova@mit.edu>
Fri, 21 Oct 2011 19:31:41 +0000 (19:31 +0000)
On the unrelated note, commiting the reference to the new API krb5_pac_sign in  krb_appldev/refs/api/index.rst

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25404 dc483132-0cff-0310-8789-dd5450dbe970

doc/rst_source/index.rst
doc/rst_source/krb_appldev/refs/api/index.rst
doc/rst_source/mitK5defaults.rst [new file with mode: 0644]
doc/rst_source/mitK5features.rst
doc/rst_source/mitK5license.rst

index f983c8fe3f815ec8d67f3ff1033bc716b8946b18..53712a47f9e85a22b11818c7ce2c98a100a4cd66 100644 (file)
@@ -11,6 +11,7 @@ Contents
    krb_appldev/index.rst
    krb_admins/index.rst
    krb_users/index.rst
+   krb_build/index.rst
 
 .. toctree::
    :maxdepth: 1
index 9e172afc2473b1fa43831453e0dc5b6daf61c08c..2d493f061f84470e6d15bd80fe4d8274db92d425 100644 (file)
@@ -234,6 +234,7 @@ Rarely used public interfaces
    krb5_pac_get_types.rst
    krb5_pac_init.rst
    krb5_pac_parse.rst
+   krb5_pac_sign.rst
    krb5_pac_verify.rst
    krb5_principal2salt.rst
    krb5_rd_cred.rst
diff --git a/doc/rst_source/mitK5defaults.rst b/doc/rst_source/mitK5defaults.rst
new file mode 100644 (file)
index 0000000..995590e
--- /dev/null
@@ -0,0 +1,98 @@
+.. _mitK5defaults:
+
+MIT Kerberos defaults
+============================
+
+
+The list of the site- and OS- dependent configuration
+-------------------------------------------------------
+
+
+ ================================================== ================================
+ Keytab file                                        FILE\:/etc/krb5.keytab
+ Path to Kerberos configuration file                /etc/krb5.conf:SYSCONFDIR/krb5.conf
+ KDC configuration file                             LOCALSTATEDIR/krb5kdc/kdc.conf
+ The location of the default database               LOCALSTATEDIR/krb5kdc/principal
+ Master key stash file location and prefix          LOCALSTATEDIR/krb5kdc/.k5.  (for example, /usr/local/var/krb5kdc/.k5.YOURREALM)
+ Admin Access Control List (ACL) file               LOCALSTATEDIR/krb5kdc/krb5_adm.acl
+ Admin ACL file used by old admin server            LOCALSTATEDIR/krb5kdc/kadm_old.acl
+ Kerberos database library path                     MODULEDIR/kdb
+ Base directory where plugins are located           LIBDIR/krb5/plugins
+ Master key default enctype                         ENCTYPE_AES256_CTS_HMAC_SHA1_96
+ The name of the rcache used by KDC                 dfl:krb5kdc_rcache
+ KDC portname used for /etc/services or equiv.      "kerberos" 
+ KDC secondary portname for backward compatibility  "kerberos-sec"
+ KDC default port                                   88
+ KDC default port for authentication                750
+ Admin change password port                         464
+ KDC UDP default portlist                           "88,750"
+ ================================================== ================================
+
+
+MAC OS specific
+-----------------
+
+ ============================================================ ================================
+ Path to Kerberos config file                                   ~/Library/Preferences/edu.mit.Kerberos:/etc/krb5.conf:SYSCONFDIR/krb5.conf
+ Base directory where krb5 plugins are located                  /System/Library/KerberosPlugins/KerberosFrameworkPlugins
+ Base directory where Kerberos databadse plugins are located    /System/Library/KerberosPlugins/KerberosDatabasePlugins
+ Base directory where authorization data plugins are located    /System/Library/KerberosPlugins/KerberosAuthDataPlugins
+ ============================================================ ================================
+
+
+Windows specific
+----------------------
+
+ ======================================= ====================================================
+ Kerberos config file name                krb5.ini
+ Keytab file name                         FILE\:%s\\krb5kt (for example, C:\\WINDOWS\\krb5kt)
+ ======================================= ====================================================
+
+
+Defaults for the KADM5 admin system
+---------------------------------------
+
+ ====================================================================== ================================
+ Admin keytab file                                                       LOCALSTATEDIR/krb5kdc/kadm5.keytab
+ Admin ACL file that defines access rights to the Kerberos database      LOCALSTATEDIR/krb5kdc/kadm5.acl
+ Admin server default port                                               749 
+ Default supported enctype/salttype matrix                               aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal
+ Max datagram size                                                       4096
+ Directory to store replay caches                                        KRB5RCTMPDIR
+ Kerberized login program                                                SBINDIR/login.krb5
+ Kerberized remote login program                                         BINDIR/rlogin
+ ====================================================================== ================================
+
+
+krb5 *slave* support
+-----------------------------
+
+ ============================================================ ================================
+ kprop  database dump file                                     LOCALSTATEDIR/krb5kdc/slave_datatrans
+ kpropd temporary database file                                LOCALSTATEDIR/krb5kdc/from_master
+ Location of the utility used to load the principal database   SBINDIR/kdb5_util
+ kpropd default kprop                                          SBINDIR/kprop
+ kpropd principal database location                            LOCALSTATEDIR/krb5kdc/principal
+ kpropd ACL file                                               LOCALSTATEDIR/krb5kdc/kpropd.acl
+ ============================================================ ================================
+
+
+Site- and system-wide initialization for the code compiled on Linux or Solaris
+-----------------------------------------------------------------------------------
+ ===================== ============================== =================
+ BINDIR                /usr/local/bin/
+ KRB5RCTMPDIR          /var/tmp
+ LIBDIR                /usr/local/lib/                 krb5 library directory
+ LOCALSTATEDIR         /usr/local/var/
+ MODULEDIR             /usr/local/lib/krb5/plugins/    krb5 static plugins directory
+ SBINDIR               /usr/local/sbin/
+ SYSCONFDIR            /usr/local/etc/
+ ===================== ============================== =================
+
+Report the problem
+------------------
+
+
+Please, provide your feedback on this document at krb5-bugsmit.edu?subject=Documentation___krb5_implementation_features
+
index 71b83c629d9cda633f5d6f62e29e03f68c37a0fd..319e0073276e1cd82d5e81b3102c7ac03c4e2011 100644 (file)
@@ -10,45 +10,39 @@ http://web.mit.edu/kerberos
 Quick facts
 -----------------------
 
-   +---------------------------------+------------------------+
-   |                                 |       MIT              |
-   +=================================+========================+
-   | Latest stable  version          | 1.9.1                  |
-   +---------------------------------+------------------------+
-   | Supported versions              | 1.7.2, 1.8.4, 1.9.1    |
-   +---------------------------------+------------------------+
-   | Release cycle                   | 9 - 12 months          |
-   +---------------------------------+------------------------+
-   | Supported platforms/            | - Solaris              | 
-   | OS distributions                |    - SPARC             |
-   |                                 |    - x86_64/x86        |
-   |                                 | - GNU/Linux            | 
-   |                                 |    - Debian x86_64/x86 | 
-   |                                 |    - Ubuntu x86_64/x86 | 
-   |                                 |    - RedHat x86_64/x86 | 
-   |                                 | - BSD                  | 
-   |                                 |    - NetBSD x86_64/x86 | 
-   +---------------------------------+------------------------+
-   | Crypto backends                 | - OSSL 1.0+            |
-   |                                 | - builtin              |
-   |                                 | - NSS 3.12.9+          |
-   +---------------------------------+------------------------+
-   | Database backends               | - LDAP                 |
-   |                                 | - DB2                  | 
-   +---------------------------------+------------------------+
-   | krb4 support                    |  < 1.8                 |
-   +---------------------------------+------------------------+
-   | DES support                     |  configurable          |
-   +---------------------------------+------------------------+
-   | Extensions (1.8+)               | - S4U2Self             |
-   |                                 | - S4U2Proxy            |
-   |                                 | - GSS naming exts      |
-   |                                 | - GSS to store creds   | 
-   +---------------------------------+------------------------+
-   | License                         |  .. toctree::          | 
-   |                                 |                        | 
-   |                                 |      mitK5license.rst  |
-   +---------------------------------+------------------------+
+
+   ====================================================== ======================================= =============================================================================
+    Latest stable  version                                 1.9.1                  
+    Supported versions                                     1.7.2, 1.8.4, 1.9.1    
+    Release cycle                                          9 - 12 months          
+    Supported platforms/OS distributions                   Solaris               
+                                                               - SPARC             
+                                                               - x86_64/x86                                               
+                                                           GNU/Linux                                                                 
+                                                               - Debian       x86_64/x86                                         
+                                                               - Ubuntu       x86_64/x86                                        
+                                                               - RedHat       x86_64/x86                                                        
+                                                           BSD                   
+                                                               - NetBSD x86_64/x86  
+    Crypto backends                                        - OpenSSL 1.0\+                          - http://www.openssl.org       
+                                                           - builtin                                - MIT Kerberos native crypto library  
+                                                           - NSS 3.12.9\+                           - Mozilla's Network Security Services. 
+                                                                                                      http://www.mozilla.org/projects/security/pki/nss
+    Database backends                                      - LDAP                                                                  
+                                                           - DB2                  
+    krb4 support                                           < 1.8                 
+    DES support                                            configurable                             http://k5wiki.kerberos.org/wiki/Projects/Disable_DES
+    GSS-API S4U extensions                                 1.8+                                     http://msdn.microsoft.com/en-us/library/cc246071
+                                                               - S4U2Proxy                         
+                                                               - S4U2Proxy 
+    GSS-API naming extensions                              1.8+                                     http://tools.ietf.org/html/draft-ietf-kitten-gssapi-naming-exts-11
+                                                                                                    
+    GSS-API extensions for storing delegated credentials   1.8+                                     :rfc:`5588`
+
+    License                                                :ref:`mitK5license`
+    Defaults                                               :ref:`mitK5defaults`
+   ====================================================== ======================================= =============================================================================
+
 
 
 
@@ -87,85 +81,52 @@ Heimdal
 * Support for reading Heimdal database  starting from version 1.8
 
 
-Feature list
---------------------------
-
-
-   +-----------------------------------------------+-----------+-------------------+
-   |                                               | Available | Additional        | 
-   |                                               |           | information       | 
-   +===============================================+===========+===================+
-   | PKINIT                                        | 1.7       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Anonymous PKINIT                              | 1.8       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | IPv6 support in iprop                         |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | kadmin over IPv6                              |  1.9      |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Trace logging                                 |  1.9      |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | IAKERB                                        |  1.8      |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | GSSAPI/KRB5  multi-realm support              |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Plugins to test password quality              | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Plugins to synchronize password changes       | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Parallel KDC                                  |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Credentials delegation                        | 1.7       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Constrained delegation                        | 1.8       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Cross-realm auth and referrals                |  1.7      |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | GS2                                           | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Purging old keys                              | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Naming extensions for delegation chain        | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Password expiration API                       | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Windows client support   (build-only)         | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | pre-auth mechanisms:                          | |         | |                 |
-   |                                               | |         | |                 |
-   |  - PW-SALT                                    | |         | | :rfc:`4120`     |
-   |  - ENC-TIMESTAMP                              | |         | | :rfc:`4120`     |
-   |  - SAM-2                                      | |         | |                 |
-   |  - FAST negotiation framework                 | | 1.8     | |                 |
-   |  - PKINIT                                     | |         | |                 |
-   |  - FX-COOKIE                                  | |         | |                 |
-   |  - S4U-X509-USER                              | |         | |                 |
-   |                                               |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | KDC support for SecurID preauthentication     | 1.9       | SAM-2 protocol    |
-   +-----------------------------------------------+-----------+-------------------+
-   | Account lockout on bad login attempts         | 1.8       |                   | 
-   +-----------------------------------------------+-----------+-------------------+
-   | Camellia encryption (CTS-MAC mode)            | 1.9       | experimental      |
-   |                                               |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | PRNG                                          | |         |                   |
-   |                                               | |         |                   |
-   | - modularity:                                 | | 1.9     |                   |
-   | - Yarrow PRNG                                 | | < 1.10  |                   |
-   | - Fortuna PRNG                                | | 1.9     |                   |
-   | - OS PRNG                                     | | 1.10    |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Advance warning on password expiry            | 1.9       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Heimdal bridge plugin for KDC backend         | 1.8       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Zero configuration                            |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   | Master key migration                          | 1.7       |                   |
-   +-----------------------------------------------+-----------+-------------------+
-   |                                              |           |                   |
-   +-----------------------------------------------+-----------+-------------------+
+Feature list 
+~~~~~~~~~~~~~~~
+
+   =============================================== =========== ============================================
+    \                                              Available    Additional information        
+   =============================================== =========== ============================================
+    Credentials delegation                         1.7          :rfc:`5896` 
+    Cross-realm authentication and referrals       1.7          http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-12
+    Master key migration                           1.7          http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
+    PKINIT                                         1.7          :rfc:`4556`       
+    Anonymous PKINIT                               1.8          :rfc:`6112` http://k5wiki.kerberos.org/wiki/Projects/Anonymous_pkinit
+    Constrained delegation                         1.8          http://k5wiki.kerberos.org/wiki/Projects/ConstrainedDelegation                 
+    IAKERB                                         1.8          http://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02                
+    Heimdal bridge plugin for KDC backend          1.8                          
+    Advance warning on password expiry             1.9                          
+    Camellia encryption (CTS-CMAC mode)            1.9          experimental http://tools.ietf.org/html/draft-ietf-krb-wg-camellia-cts-00      
+    KDC support for SecurID preauthentication      1.9          http://k5wiki.kerberos.org/wiki/Projects/SecurID_SAM_support
+    kadmin over IPv6                               1.9                         
+    Trace logging                                  1.9          http://k5wiki.kerberos.org/wiki/Projects/Trace_logging                 
+    GSSAPI/KRB5 multi-realm support                                            
+    Plugins to test password quality               1.9          http://k5wiki.kerberos.org/wiki/Projects/Password_quality_pluggable_interface
+    Plugins to synchronize password changes        1.9          
+    Parallel KDC                                   1.9
+    GS2                                            1.9          :rfc:`5801` :rfc:`5587` http://k5wiki.kerberos.org/wiki/Projects/GS2                 
+    Purging old keys                               1.9                          
+    Naming extensions for delegation chain         1.9                          
+    Password expiration API                        1.9                          
+    Windows client support   (build-only)          1.9                          
+    pre-auth mechanisms:                                                      
+     - PW-SALT                                                  :rfc:`4120#section-5.2.7.3`     
+     - ENC-TIMESTAMP                                            :rfc:`4120#section-5.2.7.2`
+     - SAM-2                                                                  
+     - FAST negotiation framework                  1.8          :rfc:`6113`     
+     - PKINIT                                                   :rfc:`4556`     
+     - FX-COOKIE                                                :rfc:`6113#section-5.2`              
+     - S4U-X509-USER                               1.8          http://msdn.microsoft.com/en-us/library/cc246091              
+                                                                                
+    PRNG                                                                       
+      - modularity:                                   1.9                        
+      - Yarrow PRNG                                   < 1.10                     
+      - Fortuna PRNG                                  1.9                        
+      - OS PRNG                                       1.10                       
+    Zero configuration                                                          
+    IPv6 support in iprop                                                       
+   =============================================== =========== ============================================
+
 
 
 
index 1d61b834016916021827f889833954b5a35ec696..d41a3403b8d9618d17d9293046fa95847806e6d2 100644 (file)
@@ -1,3 +1,5 @@
+.. _mitK5license:
+
 MIT Kerberos License information
 ===================================