Previous:
Function and Data Index
, Up:
Top
Concept Index
3DES
:
Cryptographic Overview
abbreviations for months
:
Calendar date items
AES
:
Cryptographic Overview
AIX
:
Supported Platforms
anonymous tls
:
Kerberos via TLS
Application Programming Interface (API)
:
Programming Manual
ARCFOUR
:
Cryptographic Overview
authenticated tls
:
Kerberos via TLS
Authentication
:
Glossary of terms
Authentication header
:
Glossary of terms
Authentication path
:
Glossary of terms
Authenticator
:
Glossary of terms
Authorization
:
Glossary of terms
authors of
get_date
:
Authors of get_date
Autoconf tests
:
Autoconf tests
beginning of time, for
POSIX
:
Seconds since the Epoch
Bellovin, Steven M.
:
Authors of get_date
Berets, Jim
:
Authors of get_date
Berry, K.
:
Authors of get_date
calendar date item
:
Calendar date items
Capability
:
Glossary of terms
case, ignored in dates
:
General date syntax
certificate authority (
CA
)
:
Kerberos via TLS
Ciphertext
:
Glossary of terms
Client
:
Glossary of terms
client authentication
:
Kerberos via TLS
comments, in dates
:
General date syntax
Compiling your application
:
Building the source
concurrent writers
:
Multiple servers
configuration file
:
Shishi Configuration
Configure tests
:
Autoconf tests
Contributing
:
Contributing
Credentials
:
Glossary of terms
database definition
:
Shisa Configuration
Database interface
:
Kerberos Database Functions
date format,
iso
8601
:
Calendar date items
date input formats
:
Date input formats
day of week item
:
Day of week items
Debian
:
Supported Platforms
DES
:
Cryptographic Overview
Diffie Hellman key exchange
:
Kerberos via TLS
displacement of dates
:
Relative items in date strings
Download
:
Downloading and Installing
Eggert, Paul
:
Authors of get_date
Encryption Type (etype)
:
Glossary of terms
End-user Shishi usage
:
User Manual
epoch, for
POSIX
:
Seconds since the Epoch
Error Handling
:
Error Handling
Examples
:
Examples
fail over
:
Multiple servers
FDL, GNU Free Documentation License
:
GNU Free Documentation License
FreeBSD
:
Supported Platforms
general date syntax
:
General date syntax
Generic Security Service
:
Generic Security Service
GNUTLS
:
Kerberos via TLS
GPL, GNU General Public License
:
GNU GPL
GSS-API
:
Generic Security Service
GSSLib
:
Generic Security Service
Hacking
:
Contributing
High Availability
:
Multiple servers
HP-UX
:
Supported Platforms
Installation
:
Downloading and Installing
IPSEC
:
Multiple servers
IRIX
:
Supported Platforms
iso
8601 date format
:
Calendar date items
items in date strings
:
General date syntax
KDC
:
Glossary of terms
Kerberos
:
Glossary of terms
Kerberos Ticket
:
Glossary of terms
Key Version Number (kvno)
:
Glossary of terms
language, in dates
:
General date syntax
LDAP
:
Multiple servers
License, GNU GPL
:
GNU GPL
MacKenzie, David
:
Authors of get_date
MacOS X
:
Supported Platforms
Mandrake
:
Supported Platforms
master server
:
Multiple servers
Meyering, Jim
:
Authors of get_date
minutes, time zone correction by
:
Time of day items
month names in date strings
:
Calendar date items
months, written-out
:
General date syntax
Motorola Coldfire
:
Supported Platforms
NetBSD
:
Supported Platforms
NFS
:
Multiple servers
numbers, written-out
:
General date syntax
OpenBSD
:
Supported Platforms
ordinal numbers
:
General date syntax
Pinard, F.
:
Authors of get_date
Plaintext
:
Glossary of terms
Principal
:
Glossary of terms
Principal identifier
:
Glossary of terms
pure numbers in date strings
:
Pure numbers in date strings
RedHat
:
Supported Platforms
RedHat Advanced Server
:
Supported Platforms
relative items in date strings
:
Relative items in date strings
remote databases
:
Multiple servers
Reporting Bugs
:
Bug Reports
rsync
:
Multiple servers
Salz, Rich
:
Authors of get_date
Seal
:
Glossary of terms
secondary server
:
Multiple servers
Secret key
:
Glossary of terms
Server
:
Glossary of terms
server authentication
:
Kerberos via TLS
Service
:
Glossary of terms
Session key
:
Glossary of terms
Shisa API
:
Kerberos Database Functions
Solaris
:
Supported Platforms
specifying user database
:
Shisa Configuration
SQL
:
Multiple servers
STARTTLS
:
Kerberos via TLS
Sub-session key
:
Glossary of terms
SuSE
:
Supported Platforms
SuSE Linux
:
Supported Platforms
Ticket
:
Glossary of terms
time of day item
:
Time of day items
time zone correction
:
Time of day items
time zone item
:
Time zone items
time zone item
:
General date syntax
TLS
:
Kerberos via TLS
tls resume
:
Kerberos via TLS
Tru64
:
Supported Platforms
uClibc
:
Supported Platforms
uClinux
:
Supported Platforms
user database definition
:
Shisa Configuration
X.509 authentication
:
Kerberos via TLS
Short Contents
Shishi
1 Introduction
2 User Manual
3 Administration Manual
4 Reference Manual
5 Programming Manual
6 Acknowledgements
Appendix A Criticism of Kerberos
Appendix B Protocol Extensions
Appendix C Copying Information
Function and Data Index
Concept Index
Table of Contents
Shishi
1 Introduction
1.1 Getting Started
1.2 Features and Status
1.3 Overview
1.4 Cryptographic Overview
1.5 Supported Platforms
1.6 Getting help
1.7 Commercial Support
1.8 Downloading and Installing
1.9 Bug Reports
1.10 Contributing
2 User Manual
2.1 Proxiable and Proxy Tickets
2.2 Forwardable and Forwarded Tickets
3 Administration Manual
3.1 Introduction to Shisa
3.2 Configuring Shisa
3.3 Using Shisa
3.4 Starting Shishid
3.5 Configuring DNS for KDC
3.5.1 DNS vs. Kerberos - Case Sensitivity of Realm Names
3.5.2 Overview - KDC location information
3.5.3 Example - KDC location information
3.5.4 Security considerations
3.6 Kerberos via TLS
3.6.1 Setting up TLS resume
3.6.2 Setting up Anonymous TLS
3.6.3 Setting up X.509 authenticated TLS
3.6.3.1 Create a Kerberos Certificate Authority
3.6.3.2 Create a Kerberos KDC Certificate
3.6.3.3 Create a Kerberos Client Certificate
3.6.3.4 Starting KDC with X.509 authentication support
3.7 Multiple servers
3.8 Developer information
4 Reference Manual
4.1 Environmental Assumptions
4.2 Glossary of terms
4.3 Realm and Principal Naming
4.3.1 Realm Names
4.3.2 Principal Names
4.3.2.1 Name of server principals
4.3.2.2 Name of the TGS
4.3.3 Choosing a principal with which to communicate
4.3.4 Principal Name Form
4.4 Shishi Configuration
4.4.1 `
default-realm
'
4.4.2 `
default-principal
'
4.4.3 `
client-kdc-etypes
'
4.4.4 `
verbose
', `
verbose-asn1
', `
verbose-noise
', `
verbose-crypto
', `
verbose-crypto-noise
'
4.4.5 `
realm-kdc
'
4.4.6 `
server-realm
'
4.4.7 `
kdc-timeout
', `
kdc-retries
'
4.4.8 `
stringprocess
'
4.4.9 `
ticket-life
'
4.4.10 `
renew-life
'
4.5 Shisa Configuration
4.5.1 `
db
'
4.6 Parameters for shishi
4.7 Parameters for shishid
4.8 Parameters for shisa
4.9 Environment variables
4.10 Date input formats
4.10.1 General date syntax
4.10.2 Calendar date items
4.10.3 Time of day items
4.10.4 Time zone items
4.10.5 Day of week items
4.10.6 Relative items in date strings
4.10.7 Pure numbers in date strings
4.10.8 Seconds since the Epoch
4.10.9 Specifying time zone rules
4.10.10 Authors of
get_date
5 Programming Manual
5.1 Preparation
5.1.1 Header
5.1.2 Initialization
5.1.3 Version Check
5.1.4 Building the source
5.1.5 Autoconf tests
5.1.5.1 Autoconf test via `
pkg-config
'
5.1.5.2 Standalone Autoconf test using Libtool
5.1.5.3 Standalone Autoconf test
5.2 Initialization Functions
5.3 Ticket Set Functions
5.4 AP-REQ and AP-REP Functions
5.5 SAFE and PRIV Functions
5.6 Ticket Functions
5.7 AS Functions
5.8 TGS Functions
5.9 Ticket (ASN.1) Functions
5.10 AS/TGS Functions
5.11 Authenticator Functions
5.12 KRB-ERROR Functions
5.13 Cryptographic Functions
5.14 X.509 Functions
5.15 Utility Functions
5.16 ASN.1 Functions
5.17 Error Handling
5.17.1 Error Values
5.17.2 Error Functions
5.18 Examples
5.19 Kerberos Database Functions
5.20 Generic Security Service
6 Acknowledgements
Appendix A Criticism of Kerberos
Appendix B Protocol Extensions
B.1 STARTTLS protected KDC exchanges
B.1.1 TCP/IP transport with TLS upgrade (STARTTLS)
B.1.2 Extensible typed hole based on reserved high bit
B.1.3 STARTTLS requested by client (extension mode 1)
B.1.4 STARTTLS request accepted by server (extension mode 2)
B.1.5 Proceeding after successful TLS negotiation
B.1.6 Proceeding after failed TLS negotiation
B.1.7 Interaction with KDC addresses in DNS
B.1.8 Using TLS authentication logic in Kerberos
B.1.9 Security considerations
B.2 Telnet encryption with AES-CCM
B.2.1 Command Names and Codes
B.2.2 Command Meanings
B.2.3 Implementation Rules
B.2.4 Integration with the AUTHENTICATION telnet option
B.2.5 Security Considerations
B.2.5.1 Telnet Encryption Protocol Security Considerations
B.2.5.2 AES-CCM Security Considerations
B.2.6 Acknowledgments
B.3 Kerberized rsh and rlogin
B.3.1 Establish connection
B.3.2 Kerberos identification
B.3.3 Kerberos authentication
B.3.4 Extended authentication
B.3.5 Window size
B.3.6 End of authentication
B.3.7 Encryption
B.3.8 KCMDV0.3
B.3.9 MIT/Heimdal authorization
B.4 Key as initialization vector
B.5 The Keytab Binary File Format
B.6 The Credential Cache Binary File Format
Appendix C Copying Information
C.1 GNU Free Documentation License
C.2 GNU General Public License
Function and Data Index
Concept Index