Similar to the MIT distribution of the Kerberos V5 product, the Kerberos service in the Oracle Solaris release includes the following:
Key Distribution Center (KDC):
Kerberos database administration daemon – kadmind.
Kerberos ticket processing daemon – krb5kdc.
Database administration programs – kadmin (master only), kadmin.local and kdb5_util.
Database propagation software – kprop (slave only) and kpropd.
User programs for managing credentials – kinit, klist, and kdestroy.
User program for changing your Kerberos password – kpasswd.
Network applications – ftp, rcp, rlogin, rsh, scp, sftp, ssh, and telnet.
Remote application daemons – ftpd, rlogind, rshd, sshd, and telnetd.
Keytab administration utility – ktutil.
Generic Security Service Application Programming Interface (GSS-API) – Enables applications to use multiple security mechanisms without requiring you to recompile the application every time a new mechanism is added. The GSS-API uses standard interfaces that enable applications to be portable to many operating systems. GSS-API provides applications with the ability to include the integrity and privacy security services as well as authentication. Both ftp and ssh use the GSS-API.
RPCSEC_GSS Application Programming Interface (API) – Enables NFS services to use Kerberos authentication. The RPCSEC_GSS API provides security services that are independent of the mechanisms being used. RPCSEC_GSS sits on top of the GSS-API layer. Any pluggable GSS_API-based security mechanism can be used by applications that use RPCSEC_GSS.
In addition, the Kerberos service in Oracle Solaris includes the following:
Kerberos V5 service modules for PAM – Provides authentication, account management, session management and password management for the Kerberos service. The modules make Kerberos authentication transparent to the user.
Kerberos V5 per-user PAM stacks – Provides PAM configuration files for different scenarios in the /etc/security/pam_policy directory.
Kernel modules – Provides kernel-based implementations of the Kerberos service for use by the NFS service, which greatly improves performance.
Kerberos Administration GUI (gkadmin) – Enables you to administer the principals and principal policies in a Java technology-based GUI as an alternative to the kadmin command.
For more information, see Chapter 7, Kerberos Service Reference.