Sun Enterprise Authentication Mechanism 1.0.1 Guide

Previous: Glossary


A

	-a option to Kerberized commands ( )

	access
		getting to server, with SEAM ( )
		granting to your account ( ) ( )
		obtaining for a specific service ( )
		restricting for KDC servers ( )

	access, granting to your account ( )

	Access Control List
		See ACL

	access control list
		See ACL

	ACL ( ) ( ) ( ) ( )

	adding administration principals ( )

	adding service principal to keytab file ( )

	admin_server ( )

	administering
		adding service principal to keytab file ( )
		allowable operations ( ) ( ) ( ) ( )
		creating new policy ( ) ( )
		creating new principal ( )
		deleting policies ( )
		deleting principal ( )
		keytab file with ktremove command ( )
		keytab file with ktutil command ( )
		keytabs ( )
		modifying a principal ( )
		modifying policies ( )
		policies ( )
		principals ( )
		principals and policies ( )
		removing service principal from keytab file ( )
		setting up principal defaults ( )
		viewing list of policies ( )
		viewing list of principals ( )
		viewing policy attributes ( )
		viewing principal attributes ( )
		viewing sublist of principals ( )

	administering keytab files ( )

	application server
		configuring ( )
		definition ( ) ( )

	authentication ( )
		configuring cross-realm ( )
		definition ( )
		disabling with -X option ( )
		overview of Kerberos ( )
		root ( )
		terminology ( )

	authenticator ( )
		definition ( ) ( )

	authorization ( )

	automatic login ( )
		disabling ( )

	automating principal creation ( )


B

	back-end mechanism ( )

	backing up the Kerberos database ( )

	backup
		Kerberos database ( )
		slave KDC ( )


C

	cache, credential ( )

	Cerberus
		See Kerberos

	changepw principal ( )

	changing your password ( )
		with kpasswd command ( )
		with passwd command ( )

	choosing your password ( )

	clear protection level ( )

	client ( )
		configuring ( )
		definition ( )
		planning for names ( )

	client principal, definition ( )

	clock
		skew ( )
		synchronization ( )
		synchronizing ( ) ( ) ( )

	clock skew ( ) ( )
		definition ( )

	clock synchronization ( )

	command
		ftp ( )
		options to ( )
		overview of ( )
		rcp ( )
		rlogin ( )
		rsh ( )
		table of SEAM ( )
		telnet ( )

	command-line equivalents of SEAM Administration Tool ( )

	configuration decisions ( )
		client and service principal names ( )
		clock skew ( )
		clock synchronization ( )
		database propagation ( )
		mapping hostnames onto realms ( )
		number of realms ( )
		ports ( )
		realm hierarchy ( )
		realm names ( )
		realms ( )
		slave KDCs ( )

	configuring a slave KDC ( )

	configuring application servers ( )

	configuring cross-realm authentication ( )

	configuring master KDC server ( )

	configuring NFS servers ( )

	configuring SEAM ( )
		adding administration principals ( )
		kdb5_util command ( )

	configuring SEAM clients
		See also configuration decisions

	context-sensitive help ( )

	creating a credential table ( )

	creating a keytab file ( )

	creating a new policy ( )

	creating a new principal ( )

	creating new policy ( )

	creating stash file ( )

	creating tickets ( )
		with kinit ( )

	credential ( )
		cache ( )
		definition ( ) ( )
		obtaining for a server ( )
		obtaining for a TGS ( )
		vs. ticket ( )

	credential cache ( )
		definition ( )

	credential table
		adding single entry to ( )
		changing the back-end mechanism ( )
		creating ( )

	cron ( )
		backing up using ( )

	cross-realm authentication, configuring ( )


D

	daemon
		krb5kdc ( )
		table of ( )

	database
		backing up and propagating ( )
		backing up and propagating Kerberos ( )
		creating ( )
		planning ( )
		propagation ( )

	default_realm ( )

	delete_entry command ( )

	deleting a host's service with delete_entry ( )

	deleting a principal ( )

	deleting policies ( )

	destroying tickets ( )

	dfstab file ( )
		kerberos option ( )

	direct realms ( )

	disabling service on a host ( )

	displaying a sublist of principals ( )

	DNS ( ) ( )

	domain_realm ( ) ( )

	duplicating a principal ( )


E

	enabling only Kerberized applications ( )

	encryption
		privacy service ( )
		with -x option ( )

	error message, with kpasswd ( )

	/etc/dfs/dfstab file, kerberos option ( )

	export restrictions ( )


F

	-f option to Kerberized commands ( ) ( )

	-F option to Kerberized commands ( ) ( )

	-F option
		vs. -f ( ) ( )

	-f option
		vs. -F option ( ) ( )

	file
		kdc.conf ( )
		table of SEAM ( )

	flavor, definition ( )

	forwardable ticket ( ) ( ) ( )
		definition ( )
		-F option vs. -f ( ) ( )
		with -F ( ) ( )
		with -f ( ) ( )

	FQDN (Fully Qualified Domain Name) ( )

	ftp command ( ) ( )
		setting protection level in ( )

	ftpd daemon ( )


G

	Generic Security Service API
		See GSS-API

	getting a credential for a server ( )

	getting a credential for a TGS ( )

	getting access to a specific service ( )

	gkadmin command
		See also SEAM Administration Tool

	.gkadmin file ( ) ( )

	granting access to your account ( )

	GSS-API ( ) ( )
		definition ( )

	gsscred command ( )

	gsscred.conf file ( ) ( )

	gsscred file, changing backend mechanism ( )

	gssd daemon ( )


H

	help
		context-sensitive ( )
		Help Contents ( )
		SEAM Administration Tool ( )

	Help button ( )

	hierarchical realms ( ) ( ) ( )

	host
		definition ( )
		disabling service on ( )
		mapping names onto realms ( )

	host principal
		and DNS ( )
		creating ( )
		definition ( )

	hostnames, mapping onto realms ( )


I

	ID
		principals vs. UNIX IDs ( )
		UNIX ( )

	initial ticket ( )
		definition ( )

	installation, post-installation ( )

	instance ( )
		definition ( )

	integrity ( ) ( )
		definition ( )

	invalid ticket ( )
		definition ( )


K

	-k option to Kerberized commands ( )

	-K option to Kerberized commands ( )

	.k5.REALM file ( )

	.k5login file ( ) ( )
		vs. revealing password ( )

	kadm5.acl ( ) ( ) ( ) ( )
		format of entries ( )

	kadm5.acl file ( ) ( )

	kadm5.keytab file ( ) ( )

	kadmin command ( ) ( ) ( )
		ktadd command ( )
		ktremove command ( )
		removing principals from keytab with ( )

	kadmin.local command ( ) ( ) ( ) ( )

	kadmin.log file ( )

	kadmind daemon ( ) ( )

	kadmind principal ( )

	kdb5_util command ( ) ( ) ( )

	KDC ( )
		adding entries to propagation file ( )
		adding slave names to cron job ( )
		backing up and propagating ( )
		configuring master ( )
		configuring server ( )
		configuring slave ( )
		copying administration files from slave to master ( )
		creating database ( )
		creating host principal ( )
		creating root principal ( ) ( )
		definition ( )
		master ( )
		planning ( )
		ports ( )
		propagating database with kprop_util ( )
		restricting access to servers ( )
		slave ( ) ( )
		slave vs. master ( ) ( )
		starting daemon ( )
		swapping master and slave ( )
		synchronizing clocks ( ) ( )

	kdc.conf file ( ) ( )

	kdc file ( )

	kdc.log file ( )

	kdc.master file ( )

	kdc start command ( )

	kdestroy command ( ) ( )

	KERB authentication, dfstab file option ( )

	Kerberos
		and Kerberos V5 ( )
		and SEAM ( ) ( )
		origin of name ( )
		terminology ( )

	kerberos, dfstab file option ( )

	Kerberos (KERB) authentication ( )

	key
		definition ( ) ( )
		private ( )
		service ( )
		service key ( )
		session ( ) ( )

	Key Distribution Center
		See KDC

	keytab, definition ( )

	keytab file
		adding master KDC's host principal to ( )
		adding service principal to ( ) ( )
		administering ( )
		administering with ktutil command ( )
		creating ( )
		disabling a host's service with delete_entry command ( )
		read into keytab buffer with with read_kt command ( )
		read into keytab with read_kt command ( )
		removing principals with ktremove command ( )
		removing service principal from ( )
		viewing contents with ktutil command ( ) ( )
		viewing keylist buffer with list command ( )
		viewing keylist buffer with the list command ( )

	kinds of tickets ( )

	kinit command ( ) ( )
		`-F` ( )
		ticket lifetime ( )

	klist command ( ) ( )
		-f option ( )

	kpasswd command ( ) ( )
		error message ( )
		vs. passwd command ( )

	kprop command ( )

	kprop_script script ( )

	kpropd.acl file ( ) ( )

	kpropd daemon ( )

	krb5.conf file ( ) ( )
		domain_realm ( )
		editing ( )
		ports ( )

	krb5.keytab file ( )

	krb5cc_uid file ( )

	krb5kdc command ( )

	krb5kdc daemon ( ) ( )

	ktadd command ( ) ( )
		syntax ( )

	ktkt_warnd daemon ( )

	ktremove command ( )

	ktutil command ( ) ( )
		delete_entry command ( )
		list command ( ) ( )
		read_kt command ( ) ( )
		viewing list of principals ( ) ( )


L

	lifetime of ticket ( )

	list command ( ) ( )

	list privileges in SEAM Administration Tool ( )


M

	-m option to Kerberized commands ( )

	managing passwords ( )

	mapping hostnames onto realms ( )

	master and slave KDCs ( )

	master KDC ( )
		configuring ( )
		definition ( )
		swapping with slave KDC ( )
		vs. slave ( )

	max_life ( )

	max_renewable_life ( )

	mech file ( )

	mechanism, defnition ( )

	modifying a principal ( )

	modifying a principal's password ( )

	modifying policies ( )

	mounting NFS Files systems ( )


N

	network application server
		See application server

	Network Time Protocol
		See NTP

	NFS, mounting systems ( )

	NFS server ( )
		configuring ( )

	non-hierarchical realms ( )

	NTP ( ) ( ) ( )
		setting up client ( )
		setting up server ( )


O

	obtaining a credential for a server ( )

	obtaining a credential for a TGS ( )

	obtaining access to a specific service ( )

	obtaining forwardable tickets ( )

	obtaining tickets ( )
		with kinit ( )

	online help
		context-sensitive ( )
		Help Contents ( )
		SEAM Administration Tool ( )

	options to Kerberized commands ( )
		-f ( ) ( )
		-a ( )
		-F ( ) ( )
		-K ( )
		-m ( )
		-X ( )
		-x ( )

	ovsec_adm.xxxxx file ( )


P

	PAM ( ) ( ) ( )
		configuration file ( )
		try_first_pass ( )

	pam.conf file ( ) ( )

	panels, table of SEAM Administration Tool ( )

	passwd command ( )
		try_first_pass ( )
		vs. kpasswd command ( )

	password ( )
		and policies ( )
		changing ( )
		changing with kpasswd command ( )
		changing with passwd command ( )
		granting access without revealing ( )
		management ( )
		modifying a principal's ( )
		suggestions on choosing ( )
		UNIX vs. Kerberos ( )

	password management ( )

	path ( )
		MANPATH variable ( )
		updating ( )

	planning ( )
		client and service principal names ( )
		clock skew ( )
		clock synchronization ( )
		configuration decisions ( )
		database propagation ( )
		number of realms ( )
		ports ( )
		realm hierarchy ( )
		realm names ( )
		realms ( )
		slave KDCs ( )

	planning for SEAM
		See planning

	Pluggable Authentication Module
		See PAM

	policy
		administering ( ) ( )
		and passwords ( )
		creating ( )
		creating new ( )
		definition ( )
		deleting ( )
		modifying ( )
		SEAM Administration Tool panels for ( )
		task map for administering ( )
		viewing attributes ( )
		viewing list of ( )

	port
		for KDC and admin services ( )
		KDC administration daemon ( )

	post-installation ( )

	postdatable ticket ( )

	postdated ticket ( )
		definition ( )

	primary ( )
		definition ( )

	principal ( )
		adding administration ( )
		adding service principal to keytab ( ) ( )
		administering ( ) ( )
		automating creation of ( )
		creating ( )
		creating host ( )
		creating root ( ) ( )
		definition ( )
		deleting ( )
		duplicating ( )
		instance ( )
		modifiying ( )
		name ( )
		primary ( )
		principal name ( )
		realm ( )
		removing from keytab file ( )
		removing service principal from keytab ( )
		root ( )
		SEAM Administration Tool panels for ( )
		service ( )
		setting up defaults ( )
		task map for administering ( )
		user ( )
		viewing attributes ( )
		viewing list of ( )
		viewing sublist of principals ( )
		vs. UNIX ID ( )

	principal.db file ( )

	principal.kadm5 file ( )

	principal.kadm5.lock file ( )

	principal name ( )
		definition ( )

	principal.ok file ( )

	privacy ( ) ( )
		availability ( ) ( )
		definition ( )

	private key ( )
		definition ( )

	private protection level ( )

	privilege ( )
		effects on SEAM Administration Tool ( )

	propagating KDC database with kprop_util ( )

	propagating the Kerberos database ( )

	propagation ( )
		database ( )
		Kerberos database ( )

	propagation file, adding entries to ( )

	protection level
		clear ( )
		private ( )
		safe ( )
		setting in ftp ( )

	proxiable ticket ( )
		definition ( )

	proxy ticket ( )


Q

	qop file ( )


R

	rcp command ( ) ( )

	read into keytab buffer with read_kt command ( )

	read into keytab with read_kt command ( )

	read_kt command ( ) ( )

	realm ( ) ( ) ( )
		and servers ( )
		configuration decisions ( )
		configuring cross-realm authentication ( )
		contents of ( )
		definition ( )
		direct ( )
		hierarchical ( )
		hierarchical vs. non-hierarchical ( )
		hierarchy ( )
		in principal names ( )
		mapping hostnames onto ( )
		names ( )
		number of ( )
		requesting tickets for specific ( )

	realms and servers ( )

	removing principals with ktremove command ( )

	removing service principal from keytab file ( )

	renewable ticket ( )
		definition ( )

	restricting access for KDC servers ( )

	rlogin command ( ) ( )

	rlogind daemon ( )

	root
		adding principal to host's keytab ( )
		setting up authentication for NFS ( )

	root principal
		creating ( ) ( )

	RPCSEC_GSS API ( )

	rsh command ( ) ( )

	rshd daemon ( )


S

	safe protection level ( )

	SEAM
		acronym ( )
		administering ( )
		Administration Tool ( )
		and Kerberos V5 ( ) ( )
		commands ( ) ( )
		components of ( )
		configuration decisions ( )
		configuring ( )
		configuring KDC servers ( )
		daemons ( )
		enabling only kerberized applications ( )
		examples of using Kerberized commands ( )
		files ( )
		files, commands, and daemons ( )
		gaining access to server ( )
		granting access to your account ( )
		options to Kerberized commands ( )
		overview ( )
		overview of authentication ( )
		overview of kerberized commands ( )
		password management ( )
		planning for ( )
		post-installation ( )
		reference ( )
		SEAM-based commands, list of ( )
		table of command options ( )
		table of commands ( )
		table of daemons ( )
		table of files ( )
		terminology ( )
		using ( )

	SEAM Administration Tool ( )
		and limited administration privileges ( )
		and list privileges ( )
		and X Window system ( )
		command-line equivalents ( )
		context-sensitive help ( )
		creating a new principal ( )
		creating new policy ( ) ( )
		default values ( )
		deleting a principal ( )
		deleting policies ( )
		displaying sublist of principals ( )
		duplicating a principal ( )
		files modified by ( )
		Filter Pattern field ( )
		gkadmin command ( )
		gkadmin command vs. kadmin ( ) ( )
		.gkadmin file ( )
		help (print) ( )
		Help button ( )
		Help Contents ( )
		how affected by privileges ( )
		kadmin command vs. gkadmin ( ) ( )
		login window ( )
		modifying a principal ( )
		modifying policies ( )
		online help ( )
		panel descriptions ( )
		privileges ( )
		setting up principal defaults ( )
		starting ( )
		table of panels ( )
		viewing a principal's attributes ( )
		viewing list of policies ( )
		viewing list of principals ( )
		viewing policy attributes ( )
		vs. kadmin command ( )

	SEAM commands ( ) ( )
		enabling only Kerberized ( )
		examples of ( )

	SEAM files ( )

	security, KERB authentication ( )

	security mechanism, specifying with -m ( )

	security mode, setting up environment with multiple ( )

	security service ( )
		export restrictions on ( )
		integrity ( )
		privacy ( )

	server
		and realms ( )
		definition ( ) ( )
		gaining access with SEAM ( )
		obtaining credential for ( )

	server principal, definition ( )

	servers and realms ( )

	service
		definition ( ) ( )
		disabling on a host ( )
		obtaining access for specific service ( )

	service, security
		See security service

	service key ( ) ( )
		definition ( )

	service principal ( )
		adding to keytab file ( ) ( )
		definition ( )
		planning for names ( )
		removing from keytab file ( )

	session key ( ) ( )
		definition ( )

	setting up principal defaults ( )

	single-sign-on system ( ) ( )

	slave and master KDCs ( )

	slave_datatrans file ( ) ( )

	slave KDC ( )
		adding names to cron job ( )
		configuring ( )
		definition ( )
		planning for ( )
		swapping with master KDC ( )
		vs. master ( )

	starting KDC daemon ( )

	stash file ( )
		creating ( )
		definition ( )

	Sun Enterprise Authentication Manager
		See SEAM

	swapping master and slave KDCs ( )

	synchronizing clocks ( ) ( ) ( )


T

	table of SEAM daemons ( )

	task map
		administering policies ( )
		administering principals ( )

	telnet command ( ) ( )

	telnetd daemon ( )

	terminology
		authentication-specific ( )
		Kerberos-specific ( )
		SEAM ( )

	TGS ( )
		getting credential for ( )

	TGT ( ) ( )

	ticket ( ) ( )
		-F option vs. -f ( )
		-k option ( )
		creating ( )
		creating with kinit ( )
		definition ( ) ( )
		destroying ( )
		file
			See credential cache
		forwardable ( ) ( ) ( ) ( ) ( ) ( ) ( )
		initial ( )
		invalid ( )
		klist command ( )
		lifetime ( )
		maximum renewable lifetime ( )
		obtaining ( )
		postdatable ( )
		postdated ( )
		proxiable ( )
		proxy ( )
		renewable ( )
		requesting for specific realm ( )
		types of ( )
		viewing ( )
		vs. credential ( )
		warning about expiration ( )

	ticket file
		See credential cache

	ticket-granting service
		See TGS

	Ticket-Granting Ticket
		See TGT

	transparency ( )

	try_first_pass ( )

	types of tickets ( )


U

	UNIX
		IDs, in NFS services ( )
		IDs, vs. principals ( )

	user principal ( )
		definition ( )


V

	view keylist buffer with list command ( )

	viewing a principal's attributes ( )

	viewing keylist buffer with list command ( )

	viewing list of policies ( )

	viewing list of principals ( )

	viewing policy attributes ( )

	viewing tickets ( )


W

	warn.conf file ( )

	warning about ticket expiration ( )


X

	-x option to Kerberized commands ( )

	-X option to Kerberized commands ( )

	X Window system, and SEAM Administration Tool ( )

	xfn ( )

	xfn_files ( )

	xfn_nis ( )

	xfn_nisplus ( )

Previous: Glossary