README: CSS GetTicket v2.3.x

The following readme is for GetTicket version 2.3.2. Some of the packages available for download are version 2.3.1 or 2.3. For the most part, the readme files are the same for the three versions. However, there are a few differences. Please check the readme file included in the package you download for specific information.

Table of Contents

Contact Us View Section
Installing the Files View Section
Configuration View Section
Description of Functionality View Section
Examples View Section
Change History View Section
Known Issues View Section
Notices View Section

=====================================================================
css_gettkt v2.3.2 BETA
February 2007
=====================================================================
Copyright (c) 2003-2007 Certified Security Solutions, Inc.

This document describes the installation and usage of the
css_adkadmin utility.

The utility is designed for operation on:
* Solaris version 8 and higher
* Solaris x86 version 10 and higher
* HP-UX version 11 and higher
* RedHat Linux version 7 and higher
* Windows XP, 2000 and higher
* AIX 5.1 and higher

======================================================================
Contact Us
======================================================================

Certified Security Solutions, Inc.
6050 Oak Tree Blvd, suite 390
Independence, OH 44131
Phone: 216.674.0700
Fax: 216.674.0701


Email: comments@css-security.com
URL: www.css-security.com

======================================================================
Installing the Files
======================================================================
This release includes the files listed below:

   css_gettkt
   install.sh
   README
   LICENSE

Run this command with root privilege to install css_gettkt:

   ./install.sh

This is the directory structure of the installed components:

   File                                   Perms   Owner  Group
   ----                                   -----   -----  -----
   /opt/cssi/gettkt_2.3.2/install.sh      755     root   root    /opt/cssi/gettkt_2.3.2/bin/css_gettkt  755     root   root
   /opt/cssi/gettkt_2.3.2/doc/LICENSE     644     root   root
   /opt/cssi/gettkt_2.3.2/doc/README      644     root   root
Additionally, the symbolic link /usr/bin/css_gettkt is created.

The ownership, group and permissions can be tailored to meet the needs
of your environment (to restrict access to a limited group of users).

Should you desire to uninstall css_gettkt, run this command with
root privilege:

   ./install.sh -u

======================================================================
Configuration
======================================================================
Each system with css_gettkt installed must have the Kerberos
configuration file set up. This file is typically found in
/etc/krb5.conf or krb5.ini. At a minimum, each Kerberos realm must
have a KDC configured.

This is an example entry for the realm "COMPANY.COM" that is
serviced by the KDC "dc1.company.com":

   COMPANY.COM = {
         kdc = dc1.company.com:88
   }
======================================================================
Description of Functionality
======================================================================
The css_gettkt utility is designed to perform two functions not
covered by standard Kerberos utilities which are useful when debugging
Kerberos configurations. The tool provides the ability to:
   1. Acquire a TGT using a key table entry.
   2. Acquire a service ticket using an existing TGT.

It does not acquire TGTs using passwords as that functionality is
provided by kinit.

A common problem that is encountered when using Kerberos applications
is that it can be difficult to determine the source of problems. This
tool isolates the function of acquiring credentials and allows
Kerberos configuration and principals to be tested separately from
applications.


Usage:
      css_gettkt [-v] [-c cache] [-k keytab] -p principal gettgt
      css_gettkt [-v] [-c cache] [-p principal] -s service getsrvtkt

   -c cache
         Specifies which credentials cache to use for storing
         tickets and obtaining service tickets.

   -k keytab
         Specifies which key table to use for obtaining TGTs.

   -p principal
         Specifies the client principal to be used to obtain a TGT
         or service ticket. If not specified, the default
         principal in the credentials cache will be used.

   -s service
         Specifies the service principal for which to obtain a
         service ticket.

   -v
         Specifies verbose output.

   gettgt
         Use the key table to obtain a TGT.

   getsrvtkt
         Use the credentials cache to obtain a service ticket for
         the specified service.


======================================================================
Examples
======================================================================
1. From the command line acquire a TGT using the default key table
which has an entry for principal igloo/machine2.mydomain.com:

   css_gettkt -p igloo/machine2.mydomain.com gettgt


2. From the command line acquire a service ticket for principal
igloo/machine2.mydomain.com using the default TGT in the default
credentials cache:

   css_gettkt -s igloo/machine2.mydomain.com getsrvtkt

======================================================================
Change History
======================================================================
Version 2.3.2:
   - Add support for Solaris x86.

Version 2.3.1:
   - Add support for AIX.

Version 2.3:
   - Initial release.

======================================================================
Known Issues
======================================================================

======================================================================
Notices
======================================================================
This product includes software developed at the Massachusetts
Institute of Technology (http://www.mit.edu/).

======================================================================
Certified Security Solutions Notices
======================================================================
Copyright (c) 2003-2007 Certified Security Solutions, Inc.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Certified Security Solutions nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
======================================================================
MIT Notices
======================================================================
Copyright (C) 1985-2005 by the Massachusetts Institute of Technology.

All rights reserved.

Export of this software from the United States of America may require
a specific license from the United States Government. It is the
responsibility of any person or organization contemplating export to
obtain such a license before exporting.

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original MIT software.
M.I.T. makes no representations about the suitability of this software
for any purpose. It is provided "as is" without express or implied
warranty.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Individual source code files are copyright MIT, Cygnus Support,
OpenVision, Oracle, Sun Soft, FundsXpress, and others.

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
and Zephyr are trademarks of the Massachusetts Institute of Technology
(MIT). No commercial use of these trademarks may be made without
prior written permission of MIT.

"Commercial use" means use of a name in a product or other for-profit
manner. It does NOT prevent a commercial firm from referring to the
MIT trademarks in order to convey information (although in doing so,
recognition of their trademark status should be given).

----

Portions contributed by Matt Crawford (crawdad@fnal.gov) were
work performed at Fermi National Accelerator Laboratory, which is
operated by Universities Research Association, Inc., under
contract DE-AC02-76CHO3000 with the U.S. Department of Energy.

---- The implementation of the Yarrow pseudo-random number generator
in src/lib/crypto/yarrow has the following copyright:

Copyright 2000 by Zero-Knowledge Systems, Inc.

Permission to use, copy, modify, distribute, and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of Zero-Knowledge Systems,
Inc. not be used in advertising or publicity pertaining to
distribution of the software without specific, written prior
permission. Zero-Knowledge Systems, Inc. makes no representations
about the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.

ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR
ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

---- The implementation of the AES encryption algorithm in
src/lib/crypto/aes has the following copyright:

Copyright (c) 2001, Dr Brian Gladman (brg@gladman.uk.net), Worcester, UK.
All rights reserved.

LICENSE TERMS

The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:

   1. distributions of this source code include the above copyright
   notice, this list of conditions and the following disclaimer;

   2. distributions in binary form include the above copyright
   notice, this list of conditions and the following disclaimer
   in the documentation and/or other associated materials;

   3. the copyright holder's name is not used to endorse products
   built using this software without specific written permission.

DISCLAIMER

This software is provided 'as is' with no explcit or implied warranties
in respect of any properties, including, but not limited to, correctness
and fitness for purpose.

----

Copyright 1987, 1989 by the Student Information Processing Board
   of the Massachusetts Institute of Technology

Permission to use, copy, modify, and distribute this software
and its documentation for any purpose and without fee is
hereby granted, provided that the above copyright notice
appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.
Furthermore if you modify this software you must label
your software as modified software and not distribute it in such a
fashion that it might be confused with the original M.I.T. software.
M.I.T. and the M.I.T. S.I.P.B. make no representations about
the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.