[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shishi/doc shishi.texi
From: |
shishi-commit |
Subject: |
shishi/doc shishi.texi |
Date: |
Sun, 14 Sep 2003 12:23:07 -0400 |
CVSROOT: /cvsroot/shishi
Module name: shishi
Branch:
Changes by: Simon Josefsson <address@hidden> 03/09/14 12:23:07
Modified files:
doc : shishi.texi
Log message:
Fix @cartouche.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/doc/shishi.texi.diff?tr1=1.79&tr2=1.80&r1=text&r2=text
Patches:
Index: shishi/doc/shishi.texi
diff -u shishi/doc/shishi.texi:1.79 shishi/doc/shishi.texi:1.80
--- shishi/doc/shishi.texi:1.79 Thu Sep 11 09:27:40 2003
+++ shishi/doc/shishi.texi Sun Sep 14 12:23:07 2003
@@ -773,8 +773,8 @@
(user name in the Kerberos realm) or realm is. In the example, I
specify the client name @code{simon@@JOSEFSSON.ORG}.
address@hidden
@cartouche
address@hidden
$ shishi simon@@JOSEFSSON.ORG
Enter password for `simon@@JOSEFSSON.ORG':
simon@@JOSEFSSON.ORG:
@@ -784,8 +784,8 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: INITIAL (512)
$
address@hidden cartouche
@end example
address@hidden cartouche
As you can see, Shishi also prints a short description of the ticket
received.
@@ -795,8 +795,8 @@
@file{~/.shishi/tickets}). This is achieved by typing @command{shishi
--list}.
address@hidden
@cartouche
address@hidden
$ shishi --list
Tickets in `/home/jas/.shishi/tickets':
@@ -816,8 +816,8 @@
2 tickets found.
$
address@hidden cartouche
@end example
address@hidden cartouche
As you can see, I had a ticket for the server
@samp{host/latte.josefsson.org} which was generated by
@@ -829,8 +829,8 @@
getting a ticket for the appropriate server, so you normally wouldn't
need this command.
address@hidden
@cartouche
address@hidden
$ shishi --server-name=user/billg --encryption-type=des-cbc-md4
jas@@JOSEFSSON.ORG:
Authtime: Fri Aug 15 04:49:46 2003
@@ -839,8 +839,8 @@
Server: user/billg key des-cbc-md4 (2)
Ticket key: des-cbc-md4 (2) protected by des-cbc-md5 (3)
$
address@hidden cartouche
@end example
address@hidden cartouche
As you can see, I acquired a ticket for @samp{user/billg} with a
@samp{des-cbc-md4} (@pxref{Cryptographic Overview}) encryption key
@@ -855,8 +855,8 @@
file, you must contact your administrator and have them reset your
account, simply using this parameter is not sufficient.
address@hidden
@cartouche
address@hidden
$ shishi --server-name=imap/latte.josefsson.org --destroy
1 ticket removed.
$ shishi --server-name=foobar --destroy
@@ -864,8 +864,8 @@
$ shishi --destroy
3 tickets removed.
$
address@hidden cartouche
@end example
address@hidden cartouche
Since the @samp{--server-name} parameter takes a long to type, it is
possible to type the server name directly, after the client name. The
@@ -873,8 +873,8 @@
specific server (assuming you did not have any tickets from the
start).
address@hidden
@cartouche
address@hidden
$ src/shishi simon@@latte.josefsson.org imap/latte.josefsson.org
Enter password for `simon@@latte.josefsson.org':
simon@@latte.josefsson.org:
@@ -884,8 +884,8 @@
Ticket key: aes256-cts-hmac-sha1-96 (18) protected by
aes256-cts-hmac-sha1-96 (18)
Ticket flags: FORWARDED PROXIABLE (12)
$
address@hidden cartouche
@end example
address@hidden cartouche
Refer to the reference manual for all available parameters
(@pxref{Parameters for shishi}). The rest of this section contains
@@ -934,8 +934,8 @@
Here is how you would acquire a PROXY ticket for the service
@samp{imap/latte.josefsson.org}:
address@hidden
@cartouche
address@hidden
$ shishi jas@@JOSEFSSON.ORG imap/latte.josefsson.org --proxy
Enter password for `jas@@JOSEFSSON.ORG':
libshishi: warning: KDC bug: Reply encrypted using wrong key.
@@ -947,8 +947,8 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: PROXY (16)
$
address@hidden cartouche
@end example
address@hidden cartouche
As you noticed, this asked for your password. The reason is that
proxy tickets must be acquired using a proxiable ticket granting
@@ -956,8 +956,8 @@
tickets, you may acquire a proxiable ticket granting ticket from the
start:
address@hidden
@cartouche
address@hidden
$ shishi --proxiable
Enter password for `jas@@JOSEFSSON.ORG':
jas@@JOSEFSSON.ORG:
@@ -966,14 +966,14 @@
Server: krbtgt/JOSEFSSON.ORG key des3-cbc-sha1-kd (16)
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: PROXIABLE INITIAL (520)
address@hidden cartouche
@end example
address@hidden cartouche
Then you should be able to acquire proxy tickets based on that ticket
granting ticket, as follows:
address@hidden
@cartouche
address@hidden
$ shishi jas@@JOSEFSSON.ORG imap/latte.josefsson.org --proxy
libshishi: warning: KDC bug: Reply encrypted using wrong key.
jas@@JOSEFSSON.ORG:
@@ -984,8 +984,8 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: PROXY (16)
$
address@hidden cartouche
@end example
address@hidden cartouche
@section Forwardable and Forwarded Tickets
@@ -1023,8 +1023,8 @@
Here is how you would acquire a FORWARDED ticket for the service
@samp{host/latte.josefsson.org}:
address@hidden
@cartouche
address@hidden
$ shishi jas@@JOSEFSSON.ORG host/latte.josefsson.org --forwarded
Enter password for `jas@@JOSEFSSON.ORG':
libshishi: warning: KDC bug: Reply encrypted using wrong key.
@@ -1036,8 +1036,8 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: FORWARDED (4)
$
address@hidden cartouche
@end example
address@hidden cartouche
As you noticed, this asked for your password. The reason is that
forwarded tickets must be acquired using a forwardable ticket granting
@@ -1045,8 +1045,8 @@
tickets, you may acquire a forwardable ticket granting ticket from the
start:
address@hidden
@cartouche
address@hidden
$ shishi --forwardable
Enter password for `jas@@JOSEFSSON.ORG':
jas@@JOSEFSSON.ORG:
@@ -1056,14 +1056,14 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: FORWARDABLE INITIAL (514)
$
address@hidden cartouche
@end example
address@hidden cartouche
Then you should be able to acquire forwarded tickets based on that
ticket granting ticket, as follows:
address@hidden
@cartouche
address@hidden
$ shishi jas@@JOSEFSSON.ORG host/latte.josefsson.org --forwarded
libshishi: warning: KDC bug: Reply encrypted using wrong key.
jas@@JOSEFSSON.ORG:
@@ -1074,8 +1074,8 @@
Ticket key: des3-cbc-sha1-kd (16) protected by des3-cbc-sha1-kd (16)
Ticket flags: FORWARDED (4)
$
address@hidden cartouche
@end example
address@hidden cartouche
@c **********************************************************
@@ -1097,8 +1097,8 @@
Create a random key for the Kerberos Ticket Granting Service for your
realm:
address@hidden
@cartouche
address@hidden
$ shishi --string-to-key --random \
krbtgt/latte.josefsson.org@@latte.josefsson.org | \
tee /usr/local/etc/shishid.keys
@@ -1110,13 +1110,13 @@
oconxMTf59B5bvTylY+KE4mchA/gtmYI2Qok+48tnSM=
-----END SHISHI KEY-----
$
address@hidden cartouche
@end example
address@hidden cartouche
Create a key for a user from a specified password:
address@hidden
@cartouche
address@hidden
$ shishi --string-to-key=fnord \
simon@@latte.josefsson.org | tee --append \
/usr/local/etc/shishid.keys
@@ -1128,8 +1128,8 @@
c1rqwvYwuDFrABvqWVq9bWUsQWg/xbErsIUmLN+3lYM=
-----END SHISHI KEY-----
$
address@hidden cartouche
@end example
address@hidden cartouche
There is nothing special with a ticket granting key, you could have
created it based on a password similar to the user key. However,
@@ -1137,8 +1137,8 @@
Finally, create a random key for a service:
address@hidden
@cartouche
address@hidden
$ shishi --string-to-key --random \
imap/latte.josefsson.org@@latte.josefsson.org | \
tee --append /usr/local/etc/shishid.keys
@@ -1150,25 +1150,25 @@
ts2v0QHWyW9FyXbWtCvLPqdEc60qPq5Yvat3p82rp5c=
-----END SHISHI KEY-----
$
address@hidden cartouche
@end example
address@hidden cartouche
You are now ready to start the KDC. Refer to the reference manual for
available parameters (@pxref{Parameters for shishid}).
address@hidden
@cartouche
address@hidden
$ shishid
address@hidden cartouche
@end example
address@hidden cartouche
Then you can use @samp{shishi} as usual to acquire tickets
(@pxref{User Manual}). The following example demonstrate a AS-REQ for
@samp{krbtgt/latte.josefsson.org} followed by a TGS-REQ for
@samp{imap/latte.josefsson.org}.
address@hidden
@cartouche
address@hidden
$ shishi simon@@latte.josefsson.org imap/latte.josefsson.org
Enter password for `simon@@latte.josefsson.org':
simon@@latte.josefsson.org:
@@ -1178,8 +1178,8 @@
Ticket key: aes256-cts-hmac-sha1-96 (18) protected by
aes256-cts-hmac-sha1-96 (18)
Ticket flags: FORWARDED PROXIABLE (12)
$
address@hidden cartouche
@end example
address@hidden cartouche
@c **********************************************************
@c **************** Reference Manual **********************
- shishi/doc shishi.texi,
shishi-commit <=
- shishi/doc shishi.texi, shishi-commit, 2003/09/14
- shishi/doc shishi.texi, shishi-commit, 2003/09/22
- shishi/doc shishi.texi, shishi-commit, 2003/09/26
- shishi/doc shishi.texi, shishi-commit, 2003/09/26
- shishi/doc shishi.texi, shishi-commit, 2003/09/28
- shishi/doc shishi.texi, shishi-commit, 2003/09/28
- shishi/doc shishi.texi, shishi-commit, 2003/09/29
- shishi/doc shishi.texi, shishi-commit, 2003/09/29