Shishi

This manual is last updated 1 November 2003 for version 0.0.9 of Shishi.

Copyright © 2002, 2003 Simon Josefsson.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections including "Criticism of Kerberos", with the Front-Cover Texts being "A GNU Manual," and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled "GNU Free Documentation License."

(a) The FSF's Back-Cover Text is: "You have freedom to copy and modify this GNU Manual, like GNU software. Copies published by the Free Software Foundation raise funds for GNU development."


Table of Contents
1. Shishi
2. Introduction
2.1. Getting Started
2.2. Features and Status
2.3. Overview
2.4. Cryptographic Overview
2.5. Supported Platforms
2.6. Downloading and Installing
2.7. Bug Reports
2.8. Contributing
3. User Manual
3.1. Proxiable and Proxy Tickets
3.2. Forwardable and Forwarded Tickets
4. Administration Manual
5. Reference Manual
5.1. Configuration file
5.1.1. default-realm
5.1.2. default-principal
5.1.3. client-kdc-etypes
5.1.4. verbose, verbose-asn1, verbose-noice, verbose-crypto
5.1.5. realm-kdc
5.1.6. server-realm
5.1.7. kdc-timeout, kdc-retries
5.1.8. stringprocess
5.1.9. ticket-life
5.1.10. renew-life
5.2. Parameters for shishi
5.3. Parameters for shishid
6. Programming Manual
6.1. Preparation
6.1.1. Header
6.1.2. Initialization
6.1.3. Version Check
6.1.4. Building the source
6.1.5. Autoconf tests
6.2. Initialization Functions
6.3. Ticket Set Functions
6.4. AP-REQ and AP-REP Functions
6.5. SAFE and PRIV Functions
6.6. Ticket Functions
6.7. AS Functions
6.8. TGS Functions
6.9. Ticket (ASN.1) Functions
6.10. AS/TGS Functions
6.11. Authenticator Functions
6.12. Cryptographic Functions
6.13. Utility Functions
6.14. Error Handling
6.14.1. Error Values
6.14.2. Error Functions
6.15. Examples
6.16. Generic Security Service
7. Acknowledgements
A. Criticism of Kerberos
B. Protocol Extensions
B.1. STARTTLS protected KDC exchanges
B.1.1. TCP/IP transport with TLS upgrade (STARTTLS)
B.1.2. Extensible typed hole based on reserved high bit
B.1.3. STARTTLS requested by client (extension mode 1)
B.1.4. STARTTLS request accepted by server (extension mode 2)
B.1.5. Proceeding after successful TLS negotiation
B.1.6. Proceeding after failed TLS negotiation
B.2. Telnet encryption with AES-CCM
B.2.1. Command Names and Codes
B.2.2. Command Meanings
B.2.3. Implementation Rules
B.2.4. Integration with the AUTHENTICATION telnet option
B.2.5. Security Considerations
B.2.6. Acknowledgments
B.3. Kerberized rsh and rlogin
B.3.1. Establish connection
B.3.2. Kerberos identification
B.3.3. Kerberos authentication
B.3.4. Extended authentication
B.3.5. Window size
B.3.6. End of authentication
B.3.7. Encryption
B.3.8. KCMDV0.3
B.3.9. MIT/Heimdal authorization
C. Copying This Manual
C.1. GNU Free Documentation License
C.1.1. ADDENDUM: How to use this License for your documents
D. GNU GENERAL PUBLIC LICENSE
D.1. Preamble
D.2. How to Apply These Terms to Your New Programs
Concept Index
Function and Data Index