From owner-doc-jp@jp.freebsd.org  Sun Aug  4 22:16:50 1996
Received: by mail.jp.freebsd.org (8.7.3+2.6Wbeta5/8.7.3) id WAA21805
	Sun, 4 Aug 1996 22:16:50 +0900 (JST)
Received: by mail.jp.freebsd.org (8.7.3+2.6Wbeta5/8.7.3) with ESMTP id WAA21800
	for <doc-jp@jp.freebsd.org>; Sun, 4 Aug 1996 22:16:49 +0900 (JST)
Received: from localhost by sirius.sr3.t.u-tokyo.ac.jp (8.7.5/3.3W9) with SMTP id WAA01711; Sun, 4 Aug 1996 22:16:44 +0900 (JST)
Message-Id: <199608041316.WAA01711@sirius.sr3.t.u-tokyo.ac.jp>
To: hanai@astec.co.jp
Cc: doc-jp@jp.freebsd.org
In-Reply-To: Your message of "Wed, 31 Jul 1996 11:37:00 +0900"
References: <199607310237.LAA25913@steffi.sr3.t.u-tokyo.ac.jp>
X-Mailer: Mew version 1.06 on Emacs 19.28.1, Mule 2.3
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
	boundary="--Next_Part(Sun_Aug__4_22:15:25_1996)--"
Date: Sun, 04 Aug 1996 22:16:44 +0900
From: Mitsuharu ARIMURA <arimura@sr3.t.u-tokyo.ac.jp>
Reply-To: doc-jp@jp.freebsd.org
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=19]
X-Sequence: doc-jp 244
Subject: [doc-jp 244] Re: kerberos.sgml
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org

----Next_Part(Sun_Aug__4_22:15:25_1996)--
Content-Type: Text/Plain; charset=iso-2022-jp

$BM-B<!wElBg$G$9!%(B

<199607310237.LAA25913@steffi.sr3.t.u-tokyo.ac.jp> $B$G(B
  Mitsuharu ARIMURA <arimura@sr3.t.u-tokyo.ac.jp>$B$5$s$,=q$-$^$7$?(B:
arimura> kerberos.sgml $B$r;O$a$?$$$H;W$$$^$9!%(B
arimura> $B$h$m$7$/$*4j$$$7$^$9!%(B

$B=*$o$j$^$7$?!@(B(^o^)$B!?(B

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
$BEl5~Bg3XBg3X1!(B $B9)3X7O8&5f2J(B $B>pJs9)3X@l96(B $BGn;N(B1$BG/!JM-K\!&;3K\8&5f<<!KM-B<(B $B8w@2(B
    TEL: 03-3812-2111 ex.6934      E-mail: arimura@sr3.t.u-tokyo.ac.jp
    URL: http://www.sr3.t.u-tokyo.ac.jp/~arimura/

----Next_Part(Sun_Aug__4_22:15:25_1996)--
Content-Type: Text/Plain; charset=iso-2022-jp

<!-- $Id: kerberos.sgml,v 1.7 1996/05/16 23:18:02 mpp Exp $ -->
<!-- The FreeBSD Documentation Project -->

<sect><heading>Kerberos<label id="kerberos"></heading>

<p><em>Contributed by &a.markm; (based on contribution by &a.md;).</em>

    Kerberos$B$O(B, $B%f!<%6$,0BA4$J%5!<%P$N%5!<%S%9$K$h$C$FG'>Z$r<u$1$i$l$k(B
    $B$h$&$K$9$k$?$a$N(B, $B%M%C%H%o!<%/$NIU2C%7%9%F%`5Z$S%W%m%H%3%k$G$9(B.
    remote login, remote copy, $B%7%9%F%`4V$G$N0BA4$J%U%!%$%k$N%3%T(B
    $B!<$d$=$NB>$N%j%9%/$N9b$$;E;v$,$+$J$j0BA4$K(B, $B$=$7$F$h$j@)8f2DG=$K$J(B
    $B$j$^$9(B. 

    $B0J2<$NJ8>O$O(B, FreeBSD$BMQ$H$7$FG[I[$5$l$F$$$k(BKerberos$B$r%;%C%H%"%C%W(B
    $B$9$k:]$N%,%$%I$H$7$FFI$`$3$H$,$G$-$^$9(B. 
    $B$7$+$7(B, $B40A4$J5-=R$N$?$a$K$O(B, $B%^%K%e%"%k%Z!<%8$rFI$s$@J}$,NI$$(B
    $B$G$7$g$&(B. 

    FreeBSD$B$N(BKerberos$B$O(B, $B%*%j%8%J%k$N(B4.4BSD$B$NG[I[$K4^$^$l$F$$$k(B
    $B$b$N$G$O$J$/(B, FreeBSD 1.1.5.1$B$N;~$K(Bport$B$5$l$?(BeBones$B$G$9(B. 
    $B$3$l$O%"%a%j%+(B/$B%+%J%@$N30$G:n@.$5$l$F$*$j(B, $B$3$l$i0J30$N9q$N?M!9$K$b(B
    $B<j$KF~$l$i$l$k$b$N$G$9(B. 

    $B$3$N%=%U%H%&%'%"$r9gK!E*$JG[I[J*$H$7$FF@$k0Y$K(B, $B%"%a%j%+$b(B
    $B$7$/$O%+%J%@$N%5%$%H$+$i;}$C$FMh(B<em>$B$J$$$G$/$@$5$$(B</em>.  
    $B$G$J$$$H(B, $B$=$N%5%$%H$,(B<em>$BBgJQ$J(B</em>$BLdBj$K4,$-9~$^$l$^$9(B. 
    $B9gK!E*$JG[I[$O(B, $BFn%"%U%j%+$N(B<tt>skeleton.mikom.csir.co.za</tt>$B$+$i(B
    $BF@$k;v$,$G$-$^$9(B.  

 <sect1>
 <heading>$B=i4|%G!<%?%Y!<%9$N:n@.(B</heading>

 <p>$B$3$N:n6H$O(BKerberos$B%5!<%P$@$1$G9T$$$^$9(B. $B$^$:(B, $B8E$$(BKerberos$B$N(B
    $B%G!<%?%Y!<%9$,B8:_$7$J$$$3$H$r3NG'$7$F$/$@$5$$(B. 
    $B%G%#%l%/%H%j(B<tt>/etc/kerberosIV</tt>$B$K0\$C$F(B, $B<!$N%U%!%$%k$@$1$,(B
    $BB8:_$9$k;v$r%A%'%C%/$9$Y$-$G$7$g$&(B:

<tscreen><verb>
grunt# cd /etc/kerberosIV
grunt# ls
README          krb.conf        krb.realms
</verb></tscreen>

 <p>$B$b$7B>$N%U%!%$%k(B(<tt>principal.*</tt>$B$d(B<tt>master_key</tt>)$B$,(B
    $BB8:_$9$k>l9g$K$O(B, <tt>kdb_destroy</tt>$B$H$$$&%3%^%s%I$G8E$$(B
    Kerberos$B%G!<%?%Y!<%9$r>C$7$F$/$@$5$$(B. 
    Kerberos$B$,Av$C$F$$$J$1$l$P(B, $BC1$K(B<tt>rm</tt>$B$GM>7W$J%U%!%$%k$r>C$;(B
    $B$P$h$$$G$9(B.  

    $B$^$:(B<tt>krb.conf</tt>$B$H(B<tt>krb.realms</tt>$B$rJT=8$7$F(BKerberos$B$N(B
    realm($B2&9q(B)$B$rDj5A$7$F$/$@$5$$(B. $B$3$3$G$O(Brealm$B$,(B<it>GRONDAR.ZA</it>
    $B$G(B, $B%5!<%PL>$,(B<it>grunt.grondar.za</it>$B$G$"$k$H$7$^$9(B. 
    <tt>krb.conf</tt>$B$H$$$&%U%!%$%k$r<!$N$h$&$KJT=8$7$F$/$@$5$$(B:

<tscreen><verb>
grunt# cat krb.conf
GRONDAR.ZA
GRONDAR.ZA grunt.grondar.za admin server
CS.BERKELEY.EDU okeeffe.berkeley.edu
ATHENA.MIT.EDU kerberos.mit.edu
ATHENA.MIT.EDU kerberos-1.mit.edu
ATHENA.MIT.EDU kerberos-2.mit.edu
ATHENA.MIT.EDU kerberos-3.mit.edu
LCS.MIT.EDU kerberos.lcs.mit.edu
TELECOM.MIT.EDU bitsy.mit.edu
ARC.NASA.GOV trident.arc.nasa.gov
</verb></tscreen>

 <p>$B$3$NNc$K$"$k$h$&$JB>$N(Brealm$B$O<B:]$K$OI,MW$"$j$^$;$s(B. 
    $B$3$NNc$OJ#?t$N(Brealm$B$rG'<1$9$kJ}K!$r<($7$?$b$N$G$9$N$G(B, 
    $B$3$l$i$N9T$O4^$a$J$/$F$b7k9=$G$9(B. 

    1$B9TL\$O$3$N%7%9%F%`$,F0$$$F$$$k(Brealm$B$NL>A0$G$9(B. 
    $BB>$N9T$O(Brealm$B$H%[%9%HL>$N%(%s%H%j$G$9(B. 
    $B9T$N(B1$B$D$a$NC18l$,(Brealm$B$G(B, 2$B$D$a$,$=$N(Brealm$B$NCf$G(B
    ``$B80G[I[%;%s%?!<(B''(Key Distribution Center)$B$H$7$FF/$/%[%9%HL>$G$9(B.
    $B%[%9%HL>$N<!$K(B``admin server''$B$H=q$$$F$"$k>l9g$K$O(B, $B$=$N%[%9%H$,(B
    ``$B4IM}%G!<%?%Y!<%9!&%5!<%P(B''(Administrative Database Server)$B$bDs6!(B
    $B$9$k$3$H$r0UL#$7$^$9(B.  
    $B$3$l$i$NC18l$K$D$$$F>\$7$/CN$j$?$$>l9g$K$O(BKerberos$B$N%^%K%e%"%k(B
    $B%Z!<%8$r8+$F$/$@$5$$(B. 

    $B$3$3$G(B<it>GRONDAR.ZA</it>$B$H$$$&(Brealm$B$K(B<it>grunt.grondar.za</it>$B5Z(B
    $B$S$=$NB>$N(B<it>.grondar.za</it>$B%I%a%$%s$NA4$F$N%[%9%H$rDI2C$7$J$1$l(B
    $B$P$J$j$^$;$s(B. <tt>krb.realms</tt>$B$O<!$N$h$&$K$J$j$^$9(B:

<tscreen><verb>
 grunt# cat krb.realms
 grunt.grondar.za GRONDAR.ZA
 .grondar.za GRONDAR.ZA
 .berkeley.edu CS.BERKELEY.EDU
 .MIT.EDU ATHENA.MIT.EDU
 .mit.edu ATHENA.MIT.EDU
</verb></tscreen>

 <p>$B$b$&0lEYCm0U$7$^$9$,(B, $BB>$N(Brealm$B$r=q$/I,MW$O$"$j$^$;$s(B. 
    $B$3$l$i$OJ#?t$N(Brealm$B$rG'<1$G$-$k$h$&$K%^%7%s$r@_Dj$9$kJ}K!$r(B
    $B<($7$?Nc$G$9$N$G(B, $B$3$l$i$N9T$O>C$7$F9=$$$^$;$s(B. 

    1$B9TL\$OL>IU$1$i$l$?(Brealm$B$K(B<it>$BFCDj$N(B</it>$B%7%9%F%`$r4^$a$k$?$a$N(B
    $B$b$N$G$9(B. $B;D$j$N9T$OL>IU$1$i$l$?(Brealm$B$K%5%V%I%a%$%s$N%G%U%)%k%H$N(B
    $B%7%9%F%`$r4^$a$k$?$a$N$b$N$G$9(B. 

    $B$3$l$G%G!<%?%Y!<%9$r:n@.$9$k=`Hw$,$G$-$^$7$?(B. $B$3$NA`:n$O(BKerberos
    $B%5!<%P(B($B80G[I[%;%s%?!<(B)$B$r5/F0$9$k$@$1$G$9(B. <tt>kdb_init</tt>$B%3(B
    $B%^%s%I$r<!$N$h$&$K<B9T$7$F$/$@$5$$(B:

<tscreen><verb>
grunt# kdb_init
Realm name [default  ATHENA.MIT.EDU ]: GRONDAR.ZA
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.

Enter Kerberos master key: 
</verb></tscreen>

 <p>$B$3$l$G%m!<%+%k$N%^%7%s$K$"$k%5!<%P$,<h$j=P$;$k$h$&$K(B, $B80$rJ]B8$7$F(B
    $B$/$@$5$$(B. $B$=$l$K$O(B<tt>kstash</tt>$B%3%^%s%I$r;HMQ$7$^$9(B. 

<tscreen><verb>
grunt# kstash

Enter Kerberos master key: 

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
</verb></tscreen>

 <p>$B$3$l$G0E9f2=$5$l$?%^%9%?!<%Q%9%o!<%I$,(B
    <tt>/etc/kerberosIV/master_key</tt>$B$KJ]B8$5$l$^$7$?(B. 

 <sect1>
  <heading>$BA4$F$,F0$/$h$&$K$9$k$?$a$N@_Dj(B</heading>

 <p>Kerberos$B$rF3F~$9$k(B<it>$B$=$l$>$l$N(B</it>$B%7%9%F%`$N%G!<%?%Y!<%9$K(B, 2$B$D(B
    $B$N(Bprincipal($B<gBNL>(B)$B$rDI2C$9$kI,MW$,$"$j$^$9(B. $B$=$NL>A0$O(B
    <tt>kpasswd</tt>$B$H(B<tt>rcmd</tt>$B$G$9(B. $B$3$l$i(B2$B$D$N(Bprincipal$B$O(B, $B8D!9(B
    $B$N%7%9%F%`$K$*$$$F(B, $B%7%9%F%`L>$HF1$8L>A0$N(Binstance$B$HAH$K$7$F:n@.(B
    $B$5$l$^$9(B. 

    $B$3$l$i$N(B<tt>kpasswd</tt>$B$H(B<tt>rcmd</tt>$B$H$$$&%G!<%b%s$K$h$C$F(B, $BB>$N(B
    $B%7%9%F%`$+$i(BKerberos$B$N%Q%9%o!<%I$rJQ99$7$?$j(B, <tt>rcp</tt>$B$d(B
    <tt>rlogin</tt>, <tt>rsh</tt>$B$H$$$C$?%3%^%s%I$r<B9T$7$?$j$G$-$k$h(B
    $B$&$K$J$j$^$9(B. 

    $B$=$l$G$O<B:]$K$3$l$i$N%(%s%H%j!<$rDI2C$7$^$7$g$&(B:

<tscreen><verb>
grunt# kdb_edit
Opening database...

Enter Kerberos master key: 

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.

Principal name: passwd
Instance: grunt

<Not found>, Create [y] ? y

Principal: passwd, Instance: grunt, kdc_key_ver: 1
New Password:                    <---- $B$3$3$O(BRANDOM$B$KF~NO$7$F$/$@$5$$(B
Verifying password

New Password:                    <---- $B$3$3$O(BRANDOM$B$KF~NO$7$F$/$@$5$$(B

Random password [y] ? y

Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? 
Max ticket lifetime (*5 minutes) [ 255 ] ? 
Attributes [ 0 ] ? 
Edit O.K.
Principal name: rcmd
Instance: grunt

<Not found>, Create [y] ? 

Principal: rcmd, Instance: grunt, kdc_key_ver: 1
New Password:                    <---- $B$3$3$O(BRANDOM$B$KF~NO$7$F$/$@$5$$(B
Verifying password

New Password:                    <---- $B$3$3$O(BRANDOM$B$KF~NO$7$F$/$@$5$$(B

Random password [y] ? 

Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? 
Max ticket lifetime (*5 minutes) [ 255 ] ? 
Attributes [ 0 ] ? 
Edit O.K.
Principal name:                  <---- $B2?$bF~NO$7$J$$$H=*N;$7$^$9(B
</verb></tscreen>

 <sect1>
  <heading>$B%5!<%P!&%U%!%$%k$N:n@.(B</heading>

 <p>$B<!$K(B, $B3F%^%7%s$G$N%5!<%S%9$rDj5A$7$F$$$kA4$F$N(Binstance$B$rE83+$7$J(B
    $B$1$l$P$J$j$^$;$s(B. $B$=$l$K$O(B<tt>ext_srvtab</tt>$B$H$$$&%3%^%s%I$r;HMQ(B
    $B$7$^$9(B. $B$3$l$K$h$C$F:n@.$5$l$k%U%!%$%k$O(B, <it>$B0BA4$JJ}K!$G(B</it>
    Kerberos$B$N3F%/%i%$%"%s%H$N(B/etc/kerberosIV$B%G%#%l%/%H%j$K%3%T!<$^$?(B
    $B$O0\F0$5$l$J$1$l$P$J$j$^$;$s(B. $B$3$N%U%!%$%k$O$=$l$>$l$N%5!<%P$H%/%i(B
    $B%$%"%s%H$KB8:_$7$J$1$l$P$J$i$:(B, $B$^$?(BKerberos$B$N1?MQ$K$*$$$F=EMW$J$b(B
    $B$N$G$9(B.  

<tscreen><verb>
grunt# ext_srvtab grunt

Enter Kerberos master key: 

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
Generating 'grunt-new-srvtab'....
</verb></tscreen>

 <p>$B$3$N%3%^%s%I$O0l;~E*$J%U%!%$%k$r:n@.$9$k$@$1$G$9(B. $B%U%!%$%kL>$rA4(B
    $B$F$N%5!<%P$,FI$a$k$h$&$J(B<tt>srvtab</tt>$B$H$$$&L>A0$KJQ99$7$J(B
    $B$1$l$P$J$j$^$;$s(B. <tt>mv</tt>$B%3%^%s%I$rMQ$$$F%7%9%F%`$N>l=j$K0\F0(B
    $B$7$F$/$@$5$$(B. 

<tscreen><verb>
grunt# mv grunt-new-srvtab srvtab
</verb></tscreen>

 <p>$B$=$N%U%!%$%k$,%/%i%$%"%s%H$KG[$k$?$a$NJ*$G(B, $B%M%C%H%o!<%/$,0BA4$G$O$J$$$H(B
    $B;W$o$l$k>l9g$K$O(B, <tt>&lt;client&gt;-new-srvtab</tt>$B$r0\F02DG=$J(B
    $B%a%G%#%"$K%3%T!<$7$FJ*M}E*$K0BA4$JJ}K!$G1?$s$G$/$@$5$$(B. $B%/%i%$%"%s(B
    $B%H$N(B<tt>/etc/kerberosIV</tt>$B%G%#%l%/%H%j$G(B, $BL>A0$r(B<tt>srvtab</tt>
    $B$KJQ99$7(B, mode$B$r(B600$B$K$9$k$N$rK:$l$J$$$G$/$@$5$$(B:

<tscreen><verb>
grumble# mv grumble-new-srvtab srvtab
grumble# chmod 600 srvtab
</verb></tscreen>

 <sect1>
  <heading>$B%G!<%?%Y!<%9$X$N%f!<%6$NDI2C(B</heading>

 <p>$B$3$3$G(B, $B%f!<%6$N%(%s%H%j$r%G!<%?%Y!<%9$KDI2C$9$kI,MW$,$"$j$^$9(B. 
    $B;O$a$K(B, $B%f!<%6(B<it>jane</it>$B$N%(%s%H%j$r:n@.$7$F$_$^$7$g$&(B. 
    <tt>kdb_edit</tt>$B$rMQ$$$F<!$N$h$&$K:n@.$7$F$/$@$5$$(B:

<tscreen><verb>
grunt# kdb_edit
Opening database...

Enter Kerberos master key: 

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.

Principal name: jane
Instance:

<Not found>, Create [y] ? y

Principal: jane, Instance: , kdc_key_ver: 1
New Password:                    <---- $B0BA4$J%Q%9%o!<%I$rF~$l$F$/$@$5$$(B
Verifying password

New Password:                    <---- $B$b$&0lEY%Q%9%o!<%I$rF~$l$F$/$@$5$$(B

Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? 
Max ticket lifetime (*5 minutes) [ 255 ] ? 
Attributes [ 0 ] ? 
Edit O.K.
Principal name:                  <---- $B2?$bF~NO$7$J$$$H=*N;$7$^$9(B
</verb></tscreen>

 <sect1>
  <heading>$BA4$F$N%F%9%H(B</heading>

 <p>$B$^$:;O$a$K(BKerberos$B%G!<%b%s$r5/F0$9$kI,MW$,$"$j$^$9(B. 
    <tt>/etc/sysconfig</tt>$B%U%!%$%k$r@5$7$/JT=8$7$F$"$l$P(B, $B%^%7%s$r:F(B
    $B5/F0$9$k;v$K$h$C$F<+F0E*$K%G!<%b%s$,5/F0$7$^$9(B. $B$3$l$O(BKerberos$B%5!<(B
    $B%P$N$_$GI,MW$G$9(B. Kerberos$B%/%i%$%"%s%H$O(B<tt>/etc/kerberosIV</tt>$B$+(B
    $B$iI,MW$JJ*$r<+F0E*$KF@$^$9(B. 

<tscreen><verb>
grunt# kerberos &
grunt# Kerberos server starting
        Sleep forever on error
        Log file is /var/log/kerberos.log
Current Kerberos master key version is 1.

Master key entered.  BEWARE!

Current Kerberos master key version is 1
Local realm: GRONDAR.ZA
grunt# kadmind -n &
grunt# KADM Server KADM0.0A initializing
Please do not use 'kill -9' to kill this job, use a
regular kill instead

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
</verb></tscreen>

 <p>$B$5$"(B, $B$3$l$G>e$G:n@.$7$?(B<it>jane</it>$B$H$$$&(BID$B$N(Bticket$B$r(B
    <tt>kinit</tt>$B%3%^%s%I$G(B $BF@$k$3$H$,$G$-$^$9(B:

<tscreen><verb>
grunt$ kinit jane
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane"
Password: 
</verb></tscreen>

 <p><tt>klist</tt>$B%3%^%s%I$rMQ$$$F(Btoken$B$r8+$F(B, $B$-$A$s$H(Bticket$B$r;}$C$F(B
    $B$$$k$+$I$&$+3NG'$7$F$/$@$5$$(B: 

<tscreen><verb>
grunt$ klist
Ticket file:    /tmp/tkt245
Principal:    jane@GRONDAR.ZA

  Issued           Expires          Principal
Apr 30 11:23:22  Apr 30 19:23:22  krbtgt.GRONDAR.ZA@GRONDAR.ZA
</verb></tscreen>

 <p><tt>passwd</tt>$B%3%^%s%I$rMQ$$$F%Q%9%o!<%I$rJQ99$7$F(B, kpasswd$B%G!<%b(B
    $B%s$,(BKerberos$B%G!<%?%Y!<%9$KBP$7$FG'>Z$rF@$k;v$,$G$-$k$+%A%'%C%/$7$F(B
    $B$/$@$5$$(B: 


<tscreen><verb>
grunt$ passwd
realm GRONDAR.ZA
Old password for jane:
New Password for jane:
Verifying password
New Password for jane:
Password changed.
</verb></tscreen>

 <sect1>
  <heading><tt>su</tt>$BFC8"$NDI2C(B</heading>

 <p>root$B$NFC8"$,I,MW$J(B<it>$B$=$l$>$l$N(B</it>$B%f!<%6$O(B, Kerberos$B$K$h$C(B
    $B$F(B<it>$BFHN)$7$?(B</it><tt>su</tt>$B%3%^%s%I$N%Q%9%o!<%I$r;}$D;v$,(B
    $B$G$-$^$9(B.  
    <it>root</it>$B$K(B<tt>su</tt>$B$G$-$k8"Mx$rM?$($i$l$?(Bid$B$rDI2C$7$^$9(B. 
    $B$3$l$O(B, principal$B$K4XO"$E$1$i$l$?(B<it>root</it> instance$B$K$h$C$F@)8f(B
    $B$5$l$F$$$^$9(B. <tt>kdb_edit</tt>$B$rMQ$$$F(B<it>jane.root</it>$B$H$$$&%((B
    $B%s%H%j$r(BKerberos$B%G!<%?%Y!<%9$K:n@.$7$^$9(B:

<tscreen><verb>
grunt# kdb_edit
Opening database...

Enter Kerberos master key: 

Current Kerberos master key version is 1.

Master key entered.  BEWARE!
Previous or default values are in [brackets] ,
enter return to leave the same, or new value.

Principal name: jane
Instance: root

<Not found>, Create [y] ? y

Principal: jane, Instance: root, kdc_key_ver: 1
New Password:                    <---- $B0BA4$J%Q%9%o!<%I$rF~$l$^$9(B
Verifying password

New Password:                    <---- $B$b$&0l2s%Q%9%o!<%I$rF~$l$^$9(B

Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? 
Max ticket lifetime (*5 minutes) [ 255 ] ? 12 <--- $B$3$3$OC;$/$7$F$/$@$5$$(B
Attributes [ 0 ] ? 
Edit O.K.
Principal name:                  <---- $B2?$bF~NO$7$J$$$H=*N;$7$^$9(B
</verb></tscreen>

 <p>$B<B:]$K(Btoken$B$r$b$i$C$F(B, $B$A$c$s$HF/$$$F$$$k$+$I$&$+3NG'$7$^$7$g$&(B:

<tscreen><verb>
grunt# kinit jane.root
MIT Project Athena (grunt.grondar.za)
Kerberos Initialization for "jane.root"
Password: 
 </verb></tscreen>

 <p>$B$3$3$G(Broot$B%f!<%6$N(B<tt>.klogin</tt>$B%U%!%$%k$K%f!<%6$rDI2C$9$kI,MW$,(B
    $B$"$j$^$9(B. 

<tscreen><verb>
grunt# cat /root/.klogin
jane.root@GRONDAR.ZA
</verb></tscreen>

 <p><tt>su</tt>$B$7$F$_$^$7$g$&(B:

<tscreen><verb>
[jane@grunt 10407] su
Password: 
grunt#
</verb></tscreen>

    $B$I$N(Btoken$B$r;}$C$F$$$k$+8+$F$_$^$7$g$&(B:

<tscreen><verb>
grunt# klist
Ticket file:	/tmp/tkt_root_245
Principal:	jane.root@GRONDAR.ZA

  Issued           Expires          Principal
May  2 20:43:12  May  3 04:43:12  krbtgt.GRONDAR.ZA@GRONDAR.ZA
</verb></tscreen>

 <sect1>
  <heading>$BB>$N%3%^%s%I$N;HMQ(B</heading>

 <p>$B$3$3$^$G$NNc$G$O(B, <tt>jane</tt>$B$H$$$&(Bprincipal$B$r(B<tt>root</tt>$B$H$$(B
    $B$&(Binstance$BIU$-$G:n@.$7$^$7$?(B. $B$3$l$O%f!<%6$HF1$8L>A0$r(Bprincipal$B$H(B
    $B$7$F$*$j(BKerberos$B$N%G%U%)%k%H$NCM$G$9(B;
    <em>&lt;username&gt;.</em><tt>root</tt>$B$H$$$&7A<0$N(B
    <em>&lt;principal&gt;.&lt;instance&gt;</em>$B$K$h$C$F(B, $BI,MW$J%(%s%H(B
    $B%j$,(B<tt>root</tt>$B$N%[!<%`%G%#%l%/%H%j$N(B<tt>.klogin</tt>$B%U%!%$%k$K(B
    $B$"$l$P(B, <em>&lt;username&gt;</em>$B$,(Broot$B$K(B<tt>su</tt>$B$9$k;v$,$G$-$^(B
    $B$9(B. 

<tscreen><verb>
grunt# cat /root/.klogin
jane.root@GRONDAR.ZA
</verb></tscreen>

 <p>$BF1MM$K(B, $B%f!<%6$N%[!<%`%G%#%l%/%H%j$N(B<tt>.klogin</tt>$B%U%!%$%k$K<!$N(B
    $B$h$&$J9T$,$"$k>l9g$K$O(B: 

<tscreen><verb>
[jane@grunt 10543] cat ~/.klogin
jane@GRONDAR.ZA
jack@GRONDAR.ZA
</verb></tscreen>

 <p><em>jane</em>$B$^$?$O(B<em>jack</em>$B$H$$$&L>A0$G(B($BA0=R$N(B<tt>kinit</tt>
    $B$K$h$C$F(B)$BG'>Z$5$l$F$$$k(B<em>GRONDAR.ZA</em>realm$B$N%f!<%6$J$iC/$G$b(B
    <tt>rlogin</tt>$B$d(B<tt>rsh</tt>, <tt>rcp</tt>$BEy$K$h$C$F$3$N%7%9%F%`(B
    (<em>grunt</em>)$B$N(B<em>jane</em>$B$N%"%+%&%s%H$^$?$O%U%!%$%k$K%"%/%;(B
    $B%9$G$-$^$9(B.  

    $BNc$($P(B, Jane$B$,B>$N%7%9%F%`$K(BKerberos$B$rMQ$$$F(Blogin$B$7$^$9(B:

<tscreen><verb>
[jane@grumble 573] kinit
MIT Project Athena (grunt.grondar.za)
Password: 
[jane@grumble 574] rlogin grunt
Last login: Mon May  1 21:14:47 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.   All rights reserved.

FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995

[jane@grunt 10567]
</verb></tscreen>

 <p>$B<!$NNc$G$O(B, Jack$B$,F1$8%^%7%s$N(BJane$B$N%"%+%&%s%H$K(Blogin$B$7$^$9(B. Jane$B$O(B
    <tt>.klogin</tt>$B%U%!%$%k$rA0=R$N$h$&$K@_Dj$7$F$*$j(B, 
    Kerberos$B$K$h$C$F(B<em>jack</em>principal$B$r(Bnull instance$B$G@_Dj$7$F$"(B
    $B$j$^$9(B. 

<tscreen><verb>
[jack@grumble 573] kinit
[jack@grumble 574] rlogin grunt -l jane
MIT Project Athena (grunt.grondar.za)
Password: 
Last login: Mon May  1 21:16:55 from grumble
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
	The Regents of the University of California.   All rights reserved.

FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995

[jane@grunt 10578]
</verb></tscreen>

----Next_Part(Sun_Aug__4_22:15:25_1996)----
