Units
Translation components API.
See the Weblate's Web API documentation for detailed description of the API.
GET /api/translations/documentation/bookshandbooksecurity_index/es/units/?format=api&page=4
{ "count": 596, "next": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/units/?format=api&page=5", "previous": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/units/?format=api&page=3", "results": [ { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "%webteam ALL=(ALL) NOPASSWD: /usr/sbin/service webservice *\n" ], "previous_source": "", "target": [ "%webteam ALL=(ALL) NOPASSWD: /usr/sbin/service webservice *\n" ], "id_hash": -5877298361647312106, "content_hash": -5877298361647312106, "location": "documentation/content/en/books/handbook/security/_index.adoc:375", "context": "", "note": "type: delimited block . 4", "flags": "no-wrap", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 99, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 6, "source_unit": "https://translate-dev.freebsd.org/api/units/352511/?format=api", "priority": 100, "id": 405081, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=2e6fa4478306d316", "url": "https://translate-dev.freebsd.org/api/units/405081/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-02-23T11:40:51.441970Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "When setting up [.filename]#krb5.dict# to prevent specific bad passwords from being used as described in man:kadmind[8], remember that it only applies to principals that have a password policy assigned to them. The format used in [.filename]#krb5.dict# is one string per line. Creating a symbolic link to [.filename]#/usr/share/dict/words# might be useful." ], "previous_source": "", "target": [ "" ], "id_hash": 3602413636742949283, "content_hash": 3602413636742949283, "location": "documentation/content/en/books/handbook/security/_index.adoc:1502", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 388, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 50, "source_unit": "https://translate-dev.freebsd.org/api/units/426338/?format=api", "priority": 100, "id": 426339, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=b1fe581dc01629a3", "url": "https://translate-dev.freebsd.org/api/units/426339/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-02-24T01:22:40.003180Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "After the installation [.filename]#/usr/local/etc/doas.conf# must be configured to grant access for users for specific commands, or roles." ], "previous_source": "", "target": [ "Después de la instalación [.filename]#/usr/local/etc/doas.conf# debe ser configurado para otorgar acceso a usuarios para comandos específicos, o roles." ], "id_hash": 6834041865723593482, "content_hash": 6834041865723593482, "location": "documentation/content/en/books/handbook/security/_index.adoc:395", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 104, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 17, "source_unit": "https://translate-dev.freebsd.org/api/units/609554/?format=api", "priority": 100, "id": 609555, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=ded764de5a9a430a", "url": "https://translate-dev.freebsd.org/api/units/609555/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-03-14T14:07:47.319135Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "permit nopass local_user as root\n" ], "previous_source": "", "target": [ "permit nopass local_user as root\n" ], "id_hash": -7453667091060535236, "content_hash": -7453667091060535236, "location": "documentation/content/en/books/handbook/security/_index.adoc:401", "context": "", "note": "type: delimited block . 4", "flags": "no-wrap", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 106, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 5, "source_unit": "https://translate-dev.freebsd.org/api/units/609558/?format=api", "priority": 100, "id": 609559, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=188f41459b51503c", "url": "https://translate-dev.freebsd.org/api/units/609559/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-03-14T14:07:47.378441Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "For more configuration examples, please read man:doas.conf[5]." ], "previous_source": "", "target": [ "Para más ejemplos de configuración, por favor lea man:doas.conf[5]." ], "id_hash": 7930007083943118084, "content_hash": 7930007083943118084, "location": "documentation/content/en/books/handbook/security/_index.adoc:411", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 109, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 7, "source_unit": "https://translate-dev.freebsd.org/api/units/609560/?format=api", "priority": 100, "id": 609561, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=ee0d0b6d88c2c504", "url": "https://translate-dev.freebsd.org/api/units/609561/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-03-14T14:07:47.411689Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "$ doas vi /etc/rc.conf\n" ], "previous_source": "", "target": [ "$ doas vi /etc/rc.conf\n" ], "id_hash": -1230004815607061157, "content_hash": -1230004815607061157, "location": "documentation/content/en/books/handbook/security/_index.adoc:408", "context": "", "note": "type: delimited block . 4", "flags": "no-wrap", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 108, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 4, "source_unit": "https://translate-dev.freebsd.org/api/units/609564/?format=api", "priority": 100, "id": 609565, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=6eee252315b8a55b", "url": "https://translate-dev.freebsd.org/api/units/609565/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-03-14T14:07:47.470387Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Hundreds of standard practices have been authored about how to secure systems and networks, and as a user of FreeBSD, understanding how to protect against attacks and intruders is a must" ], "previous_source": "", "target": [ "Se han escrito cientos de prácticas estándar sobre cómo asegurar sistemas y redes, y como usuario de FreeBSD, entender cómo protegerse contra ataques e intrusos es imprescindible" ], "id_hash": -6394832467106137598, "content_hash": -6394832467106137598, "location": "documentation/content/en/books/handbook/security/_index.adoc:1", "context": "", "note": "type: YAML Front Matter: description", "flags": "no-wrap", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 1, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 31, "source_unit": "https://translate-dev.freebsd.org/api/units/1182660/?format=api", "priority": 100, "id": 1182662, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=2740fdc0a000fa02", "url": "https://translate-dev.freebsd.org/api/units/1182662/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-03T23:29:08.808920Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "In this chapter, several fundamentals and techniques will be discussed. The FreeBSD system comes with multiple layers of security, and many more third party utilities may be added to enhance security." ], "previous_source": "", "target": [ "En este capítulo se discutirán varios fundamentos y técnicas. El sistema FreeBSD viene con múltiples capas de seguridad, y pueden añadirse muchas más utilidades de terceros para mejorar la seguridad." ], "id_hash": -9058176717096460817, "content_hash": -9058176717096460817, "location": "documentation/content/en/books/handbook/security/_index.adoc:58", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 7, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 31, "source_unit": "https://translate-dev.freebsd.org/api/units/1230242/?format=api", "priority": 100, "id": 1230669, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=024ae444a0c05def", "url": "https://translate-dev.freebsd.org/api/units/1230669/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.451509Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Security is everyone's responsibility. A weak entry point in any system could allow intruders to gain access to critical information and cause havoc on an entire network. One of the core principles of information security is the CIA triad, which stands for the Confidentiality, Integrity, and Availability of information systems." ], "previous_source": "", "target": [ "La seguridad es responsabilidad de todos. Un punto de entrada débil en cualquier sistema podría permitir a los intrusos acceder a información crítica y causar estragos en toda una red. Uno de los principios básicos de la seguridad de la información es la tríada CIA, que significa Confidencialidad, Integridad y Disponibilidad de los sistemas de información." ], "id_hash": 5444372052318565954, "content_hash": 5444372052318565954, "location": "documentation/content/en/books/handbook/security/_index.adoc:82", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 23, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 50, "source_unit": "https://translate-dev.freebsd.org/api/units/1230246/?format=api", "priority": 100, "id": 1230671, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=cb8e4b893b833642", "url": "https://translate-dev.freebsd.org/api/units/1230671/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.664155Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "To provide CIA, security professionals apply a defense in depth strategy. The idea of defense in depth is to add several layers of security to prevent one single layer failing and the entire security system collapsing. For example, a system administrator cannot simply turn on a firewall and consider the network or system secure. One must also audit accounts, check the integrity of binaries, and ensure malicious tools are not installed. To implement an effective security strategy, one must understand threats and how to defend against them." ], "previous_source": "", "target": [ "Para proporcionar CIA, los profesionales de la seguridad aplican una estrategia de defensa en profundidad. La idea de la defensa en profundidad es añadir varias capas de seguridad para evitar que una sola falle y todo el sistema de seguridad se venga abajo. Por ejemplo, un administrador de sistemas no puede limitarse a activar un cortafuegos y considerar que la red o el sistema son seguros. También hay que auditar las cuentas, comprobar la integridad de los binarios y asegurarse de que no se instalan herramientas maliciosas. Para aplicar una estrategia de seguridad eficaz, hay que comprender las amenazas y cómo defenderse de ellas." ], "id_hash": -2281642667798455912, "content_hash": -2281642667798455912, "location": "documentation/content/en/books/handbook/security/_index.adoc:91", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 25, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 87, "source_unit": "https://translate-dev.freebsd.org/api/units/1230250/?format=api", "priority": 100, "id": 1230673, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=6055fa15117f9998", "url": "https://translate-dev.freebsd.org/api/units/1230673/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.678629Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "What is a threat as it pertains to computer security? Threats are not limited to remote attackers who attempt to access a system without permission from a remote location. Threats also include employees, malicious software, unauthorized network devices, natural disasters, security vulnerabilities, and even competing corporations." ], "previous_source": "", "target": [ "¿Qué es una amenaza en el ámbito de la seguridad informática? Las amenazas no se limitan a atacantes remotos que intentan acceder a un sistema sin permiso desde una ubicación remota. Las amenazas también incluyen a empleados, software malicioso, dispositivos de red no autorizados, desastres naturales, vulnerabilidades de seguridad e incluso empresas competidoras." ], "id_hash": -6235706575994113423, "content_hash": -6235706575994113423, "location": "documentation/content/en/books/handbook/security/_index.adoc:94", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 26, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 46, "source_unit": "https://translate-dev.freebsd.org/api/units/1230252/?format=api", "priority": 100, "id": 1230674, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=297651e8464db271", "url": "https://translate-dev.freebsd.org/api/units/1230674/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.685713Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Systems and networks can be accessed without permission, sometimes by accident, or by remote attackers, and in some cases, via corporate espionage or former employees. As a user, it is important to prepare for and admit when a mistake has led to a security breach and report possible issues to the security team. As an administrator, it is important to know of the threats and be prepared to mitigate them." ], "previous_source": "", "target": [ "Se puede acceder a los sistemas y redes sin permiso, a veces por accidente, o por atacantes remotos y, en algunos casos, a través del espionaje corporativo o de antiguos empleados. Como usuario, es importante prepararse y admitir cuándo un error ha provocado una brecha de seguridad e informar de los posibles problemas al equipo de seguridad. Como administrador, es importante conocer las amenazas y estar preparado para mitigarlas." ], "id_hash": 5776472788127573707, "content_hash": 5776472788127573707, "location": "documentation/content/en/books/handbook/security/_index.adoc:98", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 27, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 70, "source_unit": "https://translate-dev.freebsd.org/api/units/1230254/?format=api", "priority": 100, "id": 1230675, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=d02a27654f0de6cb", "url": "https://translate-dev.freebsd.org/api/units/1230675/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.751018Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "When applying security to systems, it is recommended to start by securing the basic accounts and system configuration, and then to secure the network layer so that it adheres to the system policy and the organization's security procedures. Many organizations already have a security policy that covers the configuration of technology devices. The policy should include the security configuration of workstations, desktops, mobile devices, phones, production servers, and development servers. In many cases, standard operating procedures (SOPs) already exist. When in doubt, ask the security team." ], "previous_source": "", "target": [ "Cuando se aplica la seguridad a los sistemas, se recomienda empezar por asegurar las cuentas básicas y la configuración del sistema, y después asegurar la capa de red para que se adhiera a la política del sistema y a los procedimientos de seguridad de la organización. Muchas organizaciones ya tienen una política de seguridad que cubre la configuración de los dispositivos tecnológicos. La política debe incluir la configuración de seguridad de estaciones de trabajo, ordenadores de sobremesa, dispositivos móviles, teléfonos, servidores de producción y servidores de desarrollo. En muchos casos, ya existen procedimientos operativos estándar (PNT). En caso de duda, pregunte al equipo de seguridad." ], "id_hash": -4310980285277546024, "content_hash": -4310980285277546024, "location": "documentation/content/en/books/handbook/security/_index.adoc:104", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 28, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 86, "source_unit": "https://translate-dev.freebsd.org/api/units/1230256/?format=api", "priority": 100, "id": 1230676, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=442c52456651d9d8", "url": "https://translate-dev.freebsd.org/api/units/1230676/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.757653Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Blowfish is not part of AES and is not considered compliant with any Federal Information Processing Standards (FIPS). Its use may not be permitted in some environments." ], "previous_source": "", "target": [ "Blowfish no forma parte de AES y no se considera que cumpla ninguna de las Normas Federales de Procesamiento de la Información (FIPS). Su uso puede no estar permitido en algunos entornos." ], "id_hash": 9130351102653078451, "content_hash": 9130351102653078451, "location": "documentation/content/en/books/handbook/security/_index.adoc:153", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 43, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 27, "source_unit": "https://translate-dev.freebsd.org/api/units/1230274/?format=api", "priority": 100, "id": 1230685, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=feb585f4043b9bb3", "url": "https://translate-dev.freebsd.org/api/units/1230685/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:21.983193Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Enforcing a strong password policy for local accounts is a fundamental aspect of system security. In FreeBSD, password length, password strength, and password complexity can be implemented using built-in Pluggable Authentication Modules (PAM)." ], "previous_source": "", "target": [ "Imponer una política de contraseñas fuerte para las cuentas locales es un aspecto fundamental de la seguridad del sistema. En FreeBSD, la longitud, seguridad y complejidad de las contraseñas pueden implementarse usando Módulos de Autenticación Conectables (PAM)." ], "id_hash": -8921012794123810613, "content_hash": -8921012794123810613, "location": "documentation/content/en/books/handbook/security/_index.adoc:215", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 59, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 33, "source_unit": "https://translate-dev.freebsd.org/api/units/1230284/?format=api", "priority": 100, "id": 1230690, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=04323221198908cb", "url": "https://translate-dev.freebsd.org/api/units/1230690/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:22.170797Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "As seen here, an expiration date is set in the form of day, month, and year. For more information, see man:pw[8]." ], "previous_source": "", "target": [ "Como se ve aquí, se establece una fecha de caducidad en forma de día, mes y año. Para obtener más información, consulte man:pw[8]." ], "id_hash": 8226909441280472083, "content_hash": 8226909441280472083, "location": "documentation/content/en/books/handbook/security/_index.adoc:283", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 76, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 21, "source_unit": "https://translate-dev.freebsd.org/api/units/1230296/?format=api", "priority": 100, "id": 1230696, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=f22bda8c7ed47413", "url": "https://translate-dev.freebsd.org/api/units/1230696/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:22.455175Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Verification of system files and binaries is important because it provides the system administration and security teams information about system changes. A software application that monitors the system for changes is called an Intrusion Detection System (IDS)." ], "previous_source": "", "target": [ "La verificación de los archivos y binarios del sistema es importante porque proporciona a la administración del sistema y a los equipos de seguridad información sobre los cambios en el sistema. Una aplicación de software que supervisa el sistema en busca de cambios se denomina Sistema de Detección de Intrusiones (IDS)." ], "id_hash": 7694705866388889777, "content_hash": 7694705866388889777, "location": "documentation/content/en/books/handbook/security/_index.adoc:417", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 111, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 37, "source_unit": "https://translate-dev.freebsd.org/api/units/1230308/?format=api", "priority": 100, "id": 1230702, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=eac91637993960b1", "url": "https://translate-dev.freebsd.org/api/units/1230702/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:22.588547Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "It is recommended to create specifications for the directories which contain binaries and configuration files, as well as any directories containing sensitive data. Typically, specifications are created for [.filename]#/bin#, [.filename]#/sbin#, [.filename]#/usr/bin#, [.filename]#/usr/sbin#, [.filename]#/usr/local/bin#, [.filename]#/etc#, and [.filename]#/usr/local/etc#." ], "previous_source": "", "target": [ "Se recomienda crear especificaciones para los directorios que contienen archivos binarios y de configuración, así como para cualquier directorio que contenga datos confidenciales. Normalmente, se crean especificaciones para [.filename]#/bin#, [.filename]#/sbin#, [.filename]#/usr/bin#, [.filename]#/usr/sbin#, [.filename]#/usr/local/bin#, [.filename]#/etc#, y [.filename]#/usr/local/etc#." ], "id_hash": -5433432239199575245, "content_hash": -5433432239199575245, "location": "documentation/content/en/books/handbook/security/_index.adoc:436", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 20, "fuzzy": false, "translated": true, "approved": false, "position": 116, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 36, "source_unit": "https://translate-dev.freebsd.org/api/units/1230322/?format=api", "priority": 100, "id": 1230709, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=3498922a7f5aa333", "url": "https://translate-dev.freebsd.org/api/units/1230709/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:22.861620Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "In the simplest configuration, daemon connection policies are set to either permit or block, depending on the options in [.filename]#/etc/hosts.allow#. The default configuration in FreeBSD is to allow all connections to the daemons started with inetd." ], "previous_source": "", "target": [ "" ], "id_hash": 6854132551726978993, "content_hash": 6854132551726978993, "location": "documentation/content/en/books/handbook/security/_index.adoc:1566", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 409, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 36, "source_unit": "https://translate-dev.freebsd.org/api/units/1230376/?format=api", "priority": 100, "id": 1230736, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=df1ec53db520d7b1", "url": "https://translate-dev.freebsd.org/api/units/1230736/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:23.869715Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Kerberos is a network authentication protocol which was originally created by the Massachusetts Institute of Technology (MIT) as a way to securely provide authentication across a potentially hostile network. The Kerberos protocol uses strong cryptography so that both a client and server can prove their identity without sending any unencrypted secrets over the network. Kerberos can be described as an identity-verifying proxy system and as a trusted third-party authentication system. After a user authenticates with Kerberos, their communications can be encrypted to assure privacy and data integrity." ], "previous_source": "", "target": [ "" ], "id_hash": 1187916453875716130, "content_hash": 1187916453875716130, "location": "documentation/content/en/books/handbook/security/_index.adoc:1169", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 308, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 87, "source_unit": "https://translate-dev.freebsd.org/api/units/1230392/?format=api", "priority": 100, "id": 1230744, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=907c53b8901a9022", "url": "https://translate-dev.freebsd.org/api/units/1230744/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.172087Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The only function of Kerberos is to provide the secure authentication of users and servers on the network. It does not provide authorization or auditing functions. It is recommended that Kerberos be used with other security methods which provide authorization and audit services." ], "previous_source": "", "target": [ "" ], "id_hash": 3998815460019340264, "content_hash": 3998815460019340264, "location": "documentation/content/en/books/handbook/security/_index.adoc:1173", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 309, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 43, "source_unit": "https://translate-dev.freebsd.org/api/units/1230394/?format=api", "priority": 100, "id": 1230745, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=b77ea57968cb03e8", "url": "https://translate-dev.freebsd.org/api/units/1230745/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.179347Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The current version of the protocol is version 5, described in RFC 4120. Several free implementations of this protocol are available, covering a wide range of operating systems. MIT continues to develop their Kerberos package. It is commonly used in the US as a cryptography product, and has historically been subject to US export regulations. In FreeBSD, MITKerberos is available as the package:security/krb5[] package or port. The Heimdal Kerberos implementation was explicitly developed outside of the US to avoid export regulations. The Heimdal Kerberos distribution is included in the base FreeBSD installation, and another distribution with more configurable options is available as package:security/heimdal[] in the Ports Collection." ], "previous_source": "", "target": [ "" ], "id_hash": 2767838691396332106, "content_hash": 2767838691396332106, "location": "documentation/content/en/books/handbook/security/_index.adoc:1181", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 310, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 107, "source_unit": "https://translate-dev.freebsd.org/api/units/1230396/?format=api", "priority": 100, "id": 1230746, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=a66956a00c42aa4a", "url": "https://translate-dev.freebsd.org/api/units/1230746/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.186059Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "In Kerberos users and services are identified as \"principals\" which are contained within an administrative grouping, called a \"realm\". A typical user principal would be of the form `_user_@_REALM_` (realms are traditionally uppercase)." ], "previous_source": "", "target": [ "" ], "id_hash": -7973506911154751263, "content_hash": -7973506911154751263, "location": "documentation/content/en/books/handbook/security/_index.adoc:1184", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 311, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 33, "source_unit": "https://translate-dev.freebsd.org/api/units/1230398/?format=api", "priority": 100, "id": 1230747, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=115869b5b27fb8e1", "url": "https://translate-dev.freebsd.org/api/units/1230747/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.248265Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Use real domain names when setting up Kerberos, even if it will run internally. This avoids DNS problems and assures inter-operation with other Kerberos realms." ], "previous_source": "", "target": [ "" ], "id_hash": -7712563167821460517, "content_hash": -7712563167821460517, "location": "documentation/content/en/books/handbook/security/_index.adoc:1196", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 316, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 25, "source_unit": "https://translate-dev.freebsd.org/api/units/1230400/?format=api", "priority": 100, "id": 1230748, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=14f778a96a3d8bdb", "url": "https://translate-dev.freebsd.org/api/units/1230748/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.270650Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The Key Distribution Center (KDC) is the centralized authentication service that Kerberos provides, the \"trusted third party\" of the system. It is the computer that issues Kerberos tickets, which are used for clients to authenticate to servers. As the KDC is considered trusted by all other computers in the Kerberos realm, it has heightened security concerns. Direct access to the KDC should be limited." ], "previous_source": "", "target": [ "" ], "id_hash": 4855471763009490634, "content_hash": 4855471763009490634, "location": "documentation/content/en/books/handbook/security/_index.adoc:1204", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 318, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 64, "source_unit": "https://translate-dev.freebsd.org/api/units/1230402/?format=api", "priority": 100, "id": 1230749, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=c36219d7d31ececa", "url": "https://translate-dev.freebsd.org/api/units/1230749/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.281805Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "In this example, the KDC will use the fully-qualified hostname `kerberos.example.org`. The hostname of the KDC must be resolvable in the DNS." ], "previous_source": "", "target": [ "" ], "id_hash": -6299701859689561912, "content_hash": -6299701859689561912, "location": "documentation/content/en/books/handbook/security/_index.adoc:1239", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 326, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 22, "source_unit": "https://translate-dev.freebsd.org/api/units/1230404/?format=api", "priority": 100, "id": 1230750, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=2892f6892e5600c8", "url": "https://translate-dev.freebsd.org/api/units/1230750/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.449656Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Kerberos can also use the DNS to locate KDCs, instead of a `[realms]` section in [.filename]#/etc/krb5.conf#. For large organizations that have their own DNS servers, the above example could be trimmed to:" ], "previous_source": "", "target": [ "" ], "id_hash": 1254137956648942675, "content_hash": 1254137956648942675, "location": "documentation/content/en/books/handbook/security/_index.adoc:1242", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 327, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 32, "source_unit": "https://translate-dev.freebsd.org/api/units/1230406/?format=api", "priority": 100, "id": 1230751, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=916797d3ad64fc53", "url": "https://translate-dev.freebsd.org/api/units/1230751/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.457195Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "In order for clients to be able to find the Kerberos services, they _must_ have either a fully configured [.filename]#/etc/krb5.conf# or a minimally configured [.filename]#/etc/krb5.conf# _and_ a properly configured DNS server." ], "previous_source": "", "target": [ "" ], "id_hash": -2629306332656430204, "content_hash": -2629306332656430204, "location": "documentation/content/en/books/handbook/security/_index.adoc:1265", "context": "", "note": "type: delimited block = 4", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 331, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 31, "source_unit": "https://translate-dev.freebsd.org/api/units/1230408/?format=api", "priority": 100, "id": 1230752, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=5b82d3d234541384", "url": "https://translate-dev.freebsd.org/api/units/1230752/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.478491Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Next, create the Kerberos database which contains the keys of all principals (users and hosts) encrypted with a master password. It is not required to remember this password as it will be stored in [.filename]#/var/heimdal/m-key#; it would be reasonable to use a 45-character random password for this purpose. To create the master key, run `kstash` and enter a password:" ], "previous_source": "", "target": [ "" ], "id_hash": 2890018663154877726, "content_hash": 2890018663154877726, "location": "documentation/content/en/books/handbook/security/_index.adoc:1271", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 332, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 59, "source_unit": "https://translate-dev.freebsd.org/api/units/1230410/?format=api", "priority": 100, "id": 1230753, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=a81b68a98398851e", "url": "https://translate-dev.freebsd.org/api/units/1230753/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.484504Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Once the master key has been created, the database should be initialized. The Kerberos administrative tool man:kadmin[8] can be used on the KDC in a mode that operates directly on the database, without using the man:kadmind[8] network service, as `kadmin -l`. This resolves the chicken-and-egg problem of trying to connect to the database before it is created. At the `kadmin` prompt, use `init` to create the realm's initial database:" ], "previous_source": "", "target": [ "" ], "id_hash": 3479606284247044148, "content_hash": 3479606284247044148, "location": "documentation/content/en/books/handbook/security/_index.adoc:1289", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 335, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 69, "source_unit": "https://translate-dev.freebsd.org/api/units/1230412/?format=api", "priority": 100, "id": 1230754, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=b04a0b7ad2c31034", "url": "https://translate-dev.freebsd.org/api/units/1230754/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.572314Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Lastly, while still in `kadmin`, create the first principal using `add`. Stick to the default options for the principal for now, as these can be changed later with `modify`. Type `?` at the prompt to see the available options." ], "previous_source": "", "target": [ "" ], "id_hash": -2383692750242055504, "content_hash": -2383692750242055504, "location": "documentation/content/en/books/handbook/security/_index.adoc:1300", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 337, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 39, "source_unit": "https://translate-dev.freebsd.org/api/units/1230414/?format=api", "priority": 100, "id": 1230755, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=5eeb6c12b025fab0", "url": "https://translate-dev.freebsd.org/api/units/1230755/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.585986Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The first step in configuring a server to use Kerberos authentication is to ensure that it has the correct configuration in [.filename]#/etc/krb5.conf#. The version from the KDC can be used as-is, or it can be regenerated on the new system." ], "previous_source": "", "target": [ "" ], "id_hash": -4443374487102083400, "content_hash": -4443374487102083400, "location": "documentation/content/en/books/handbook/security/_index.adoc:1370", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 352, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 40, "source_unit": "https://translate-dev.freebsd.org/api/units/1230416/?format=api", "priority": 100, "id": 1230756, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=4255f6722c3f2eb8", "url": "https://translate-dev.freebsd.org/api/units/1230756/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.860527Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Next, create [.filename]#/etc/krb5.keytab# on the server. This is the main part of \"Kerberizing\" a service - it corresponds to generating a secret shared between the service and the KDC. The secret is a cryptographic key, stored in a \"keytab\". The keytab contains the server's host key, which allows it and the KDC to verify each others' identity. It must be transmitted to the server in a secure fashion, as the security of the server can be broken if the key is made public. Typically, the [.filename]#keytab# is generated on an administrator's trusted machine using `kadmin`, then securely transferred to the server, e.g., with man:scp[1]; it can also be created directly on the server if that is consistent with the desired security policy. It is very important that the keytab is transmitted to the server in a secure fashion: if the key is known by some other party, that party can impersonate any user to the server! Using `kadmin` on the server directly is convenient, because the entry for the host principal in the KDC database is also created using `kadmin`." ], "previous_source": "", "target": [ "" ], "id_hash": -783664798394117746, "content_hash": -783664798394117746, "location": "documentation/content/en/books/handbook/security/_index.adoc:1379", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 353, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 180, "source_unit": "https://translate-dev.freebsd.org/api/units/1230418/?format=api", "priority": 100, "id": 1230757, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=751fdd0494bd918e", "url": "https://translate-dev.freebsd.org/api/units/1230757/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.879328Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Of course, `kadmin` is a kerberized service; a Kerberos ticket is needed to authenticate to the network service, but to ensure that the user running `kadmin` is actually present (and their session has not been hijacked), `kadmin` will prompt for the password to get a fresh ticket. The principal authenticating to the kadmin service must be permitted to use the `kadmin` interface, as specified in [.filename]#/var/heimdal/kadmind.acl#. See the section titled \"Remote administration\" in `info heimdal` for details on designing access control lists. Instead of enabling remote `kadmin` access, the administrator could securely connect to the KDC via the local console or man:ssh[1], and perform administration locally using `kadmin -l`." ], "previous_source": "", "target": [ "" ], "id_hash": 1126053153122258966, "content_hash": 1126053153122258966, "location": "documentation/content/en/books/handbook/security/_index.adoc:1383", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 354, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 109, "source_unit": "https://translate-dev.freebsd.org/api/units/1230420/?format=api", "priority": 100, "id": 1230758, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=8fa08b606e0f9016", "url": "https://translate-dev.freebsd.org/api/units/1230758/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.893049Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "After installing [.filename]#/etc/krb5.conf#, use `add --random-key` in `kadmin`. This adds the server's host principal to the database, but does not extract a copy of the host principal key to a keytab. To generate the keytab, use `ext` to extract the server's host principal key to its own keytab:" ], "previous_source": "", "target": [ "" ], "id_hash": 1225273965811926699, "content_hash": 1225273965811926699, "location": "documentation/content/en/books/handbook/security/_index.adoc:1387", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 355, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 48, "source_unit": "https://translate-dev.freebsd.org/api/units/1230422/?format=api", "priority": 100, "id": 1230759, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=91010c2e1cc106ab", "url": "https://translate-dev.freebsd.org/api/units/1230759/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.953544Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Note that `ext_keytab` stores the extracted key in [.filename]#/etc/krb5.keytab# by default. This is good when being run on the server being kerberized, but the `--keytab _path/to/file_` argument should be used when the keytab is being extracted elsewhere:" ], "previous_source": "", "target": [ "" ], "id_hash": 1036780782829362136, "content_hash": 1036780782829362136, "location": "documentation/content/en/books/handbook/security/_index.adoc:1409", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 358, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 37, "source_unit": "https://translate-dev.freebsd.org/api/units/1230424/?format=api", "priority": 100, "id": 1230760, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=8e6362a0fe7edbd8", "url": "https://translate-dev.freebsd.org/api/units/1230760/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.966728Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The keytab can then be securely copied to the server using man:scp[1] or a removable media. Be sure to specify a non-default keytab name to avoid inserting unneeded keys into the system's keytab." ], "previous_source": "", "target": [ "" ], "id_hash": -6770383057639812581, "content_hash": -6770383057639812581, "location": "documentation/content/en/books/handbook/security/_index.adoc:1425", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 360, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 33, "source_unit": "https://translate-dev.freebsd.org/api/units/1230426/?format=api", "priority": 100, "id": 1230761, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=220ac47ae80e521b", "url": "https://translate-dev.freebsd.org/api/units/1230761/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.981920Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "At this point, the server can read encrypted messages from the KDC using its shared key, stored in [.filename]#krb5.keytab#. It is now ready for the Kerberos-using services to be enabled. One of the most common such services is man:sshd[8], which supports Kerberos via the GSS-API. In [.filename]#/etc/ssh/sshd_config#, add the line:" ], "previous_source": "", "target": [ "" ], "id_hash": 1422490166270823016, "content_hash": 1422490166270823016, "location": "documentation/content/en/books/handbook/security/_index.adoc:1430", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 361, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 50, "source_unit": "https://translate-dev.freebsd.org/api/units/1230428/?format=api", "priority": 100, "id": 1230762, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=93bdb345010f0a68", "url": "https://translate-dev.freebsd.org/api/units/1230762/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:24.990031Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "As it was for the server, the client requires configuration in [.filename]#/etc/krb5.conf#. Copy the file in place (securely) or re-enter it as needed." ], "previous_source": "", "target": [ "" ], "id_hash": -6111782415444546186, "content_hash": -6111782415444546186, "location": "documentation/content/en/books/handbook/security/_index.adoc:1442", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 365, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 23, "source_unit": "https://translate-dev.freebsd.org/api/units/1230430/?format=api", "priority": 100, "id": 1230763, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=2b2e964656f2ed76", "url": "https://translate-dev.freebsd.org/api/units/1230763/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.080746Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Test the client by using `kinit`, `klist`, and `kdestroy` from the client to obtain, show, and then delete a ticket for an existing principal. Kerberos applications should also be able to connect to Kerberos enabled servers. If that does not work but obtaining a ticket does, the problem is likely with the server and not with the client or the KDC. In the case of kerberized man:ssh[1], GSS-API is disabled by default, so test using `ssh -o GSSAPIAuthentication=yes _hostname_`." ], "previous_source": "", "target": [ "" ], "id_hash": -1091144811653693872, "content_hash": -1091144811653693872, "location": "documentation/content/en/books/handbook/security/_index.adoc:1447", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 366, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 79, "source_unit": "https://translate-dev.freebsd.org/api/units/1230432/?format=api", "priority": 100, "id": 1230764, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=70db79932edefe50", "url": "https://translate-dev.freebsd.org/api/units/1230764/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.088574Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Various Kerberos client applications are available. With the advent of a bridge so that applications using SASL for authentication can use GSS-API mechanisms as well, large classes of client applications can use Kerberos for authentication, from Jabber clients to IMAP clients." ], "previous_source": "", "target": [ "" ], "id_hash": -4037793259195718373, "content_hash": -4037793259195718373, "location": "documentation/content/en/books/handbook/security/_index.adoc:1452", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 368, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 41, "source_unit": "https://translate-dev.freebsd.org/api/units/1230434/?format=api", "priority": 100, "id": 1230765, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=47f6e06c852c251b", "url": "https://translate-dev.freebsd.org/api/units/1230765/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.173687Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Users within a realm typically have their Kerberos principal mapped to a local user account. Occasionally, one needs to grant access to a local user account to someone who does not have a matching Kerberos principal. For example, `tillman@EXAMPLE.ORG` may need access to the local user account `webdevelopers`. Other principals may also need access to that local account." ], "previous_source": "", "target": [ "" ], "id_hash": -7070853204030097065, "content_hash": -7070853204030097065, "location": "documentation/content/en/books/handbook/security/_index.adoc:1457", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 369, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 58, "source_unit": "https://translate-dev.freebsd.org/api/units/1230436/?format=api", "priority": 100, "id": 1230766, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=1ddf487952da7957", "url": "https://translate-dev.freebsd.org/api/units/1230766/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.182139Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The [.filename]#.k5login# and [.filename]#.k5users# files, placed in a user's home directory, can be used to solve this problem. For example, if the following [.filename]#.k5login# is placed in the home directory of `webdevelopers`, both principals listed will have access to that account without requiring a shared password:" ], "previous_source": "", "target": [ "" ], "id_hash": 5181033422899440890, "content_hash": 5181033422899440890, "location": "documentation/content/en/books/handbook/security/_index.adoc:1460", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 370, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 46, "source_unit": "https://translate-dev.freebsd.org/api/units/1230438/?format=api", "priority": 100, "id": 1230767, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=c7e6ba72a558ecfa", "url": "https://translate-dev.freebsd.org/api/units/1230767/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.190158Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The major difference between the MIT and Heimdal implementations is that `kadmin` has a different, but equivalent, set of commands and uses a different protocol. If the KDC is MIT, the Heimdal version of `kadmin` cannot be used to administer the KDC remotely, and vice versa." ], "previous_source": "", "target": [ "" ], "id_hash": 7008953569567908770, "content_hash": 7008953569567908770, "location": "documentation/content/en/books/handbook/security/_index.adoc:1473", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 374, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 46, "source_unit": "https://translate-dev.freebsd.org/api/units/1230440/?format=api", "priority": 100, "id": 1230768, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=e144ce22f14d23a2", "url": "https://translate-dev.freebsd.org/api/units/1230768/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.267806Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Client applications may also use slightly different command line options to accomplish the same tasks. Following the instructions at http://web.mit.edu/Kerberos/www/[http://web.mit.edu/Kerberos/www/] is recommended. Be careful of path issues: the MIT port installs into [.filename]#/usr/local/# by default, and the FreeBSD system applications run instead of the MIT versions if `PATH` lists the system directories first." ], "previous_source": "", "target": [ "" ], "id_hash": -497739978487907030, "content_hash": -497739978487907030, "location": "documentation/content/en/books/handbook/security/_index.adoc:1477", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 375, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 53, "source_unit": "https://translate-dev.freebsd.org/api/units/1230442/?format=api", "priority": 100, "id": 1230769, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=7917ac206fb7bd2a", "url": "https://translate-dev.freebsd.org/api/units/1230769/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.274496Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Since Kerberos is an all or nothing approach, every service enabled on the network must either be modified to work with Kerberos or be otherwise secured against network attacks. This is to prevent user credentials from being stolen and re-used. An example is when Kerberos is enabled on all remote shells but the non-Kerberized POP3 mail server sends passwords in plain text." ], "previous_source": "", "target": [ "" ], "id_hash": -8657259377529477493, "content_hash": -8657259377529477493, "location": "documentation/content/en/books/handbook/security/_index.adoc:1508", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 390, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 62, "source_unit": "https://translate-dev.freebsd.org/api/units/1230444/?format=api", "priority": 100, "id": 1230770, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=07db3c76d9efa68b", "url": "https://translate-dev.freebsd.org/api/units/1230770/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.549238Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "The KDC is a single point of failure. By design, the KDC must be as secure as its master password database. The KDC should have absolutely no other services running on it and should be physically secure. The danger is high because Kerberos stores all passwords encrypted with the same master key which is stored as a file on the KDC." ], "previous_source": "", "target": [ "" ], "id_hash": -1189142049331270206, "content_hash": -1189142049331270206, "location": "documentation/content/en/books/handbook/security/_index.adoc:1513", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 391, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 61, "source_unit": "https://translate-dev.freebsd.org/api/units/1230446/?format=api", "priority": 100, "id": 1230771, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=6f7f519b42212dc2", "url": "https://translate-dev.freebsd.org/api/units/1230771/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.557745Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "A compromised master key is not quite as bad as one might fear. The master key is only used to encrypt the Kerberos database and as a seed for the random number generator. As long as access to the KDC is secure, an attacker cannot do much with the master key." ], "previous_source": "", "target": [ "" ], "id_hash": -625696613217192576, "content_hash": -625696613217192576, "location": "documentation/content/en/books/handbook/security/_index.adoc:1517", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 392, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 51, "source_unit": "https://translate-dev.freebsd.org/api/units/1230448/?format=api", "priority": 100, "id": 1230772, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=7751143ed0063580", "url": "https://translate-dev.freebsd.org/api/units/1230772/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.564631Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "If the KDC is unavailable, network services are unusable as authentication cannot be performed. This can be alleviated with a single master KDC and one or more slaves, and with careful implementation of secondary or fall-back authentication using PAM." ], "previous_source": "", "target": [ "" ], "id_hash": 7647522505304126065, "content_hash": 7647522505304126065, "location": "documentation/content/en/books/handbook/security/_index.adoc:1520", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 393, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 39, "source_unit": "https://translate-dev.freebsd.org/api/units/1230450/?format=api", "priority": 100, "id": 1230773, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=ea21753344753271", "url": "https://translate-dev.freebsd.org/api/units/1230773/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.571769Z" }, { "translation": "https://translate-dev.freebsd.org/api/translations/documentation/bookshandbooksecurity_index/es/?format=api", "source": [ "Kerberos allows users, hosts and services to authenticate between themselves. It does not have a mechanism to authenticate the KDC to the users, hosts, or services. This means that a trojaned `kinit` could record all user names and passwords. File system integrity checking tools like package:security/tripwire[] can alleviate this." ], "previous_source": "", "target": [ "" ], "id_hash": 5236217438020492993, "content_hash": 5236217438020492993, "location": "documentation/content/en/books/handbook/security/_index.adoc:1525", "context": "", "note": "type: Plain text", "flags": "", "labels": [], "state": 0, "fuzzy": false, "translated": false, "approved": false, "position": 394, "has_suggestion": false, "has_comment": false, "has_failing_check": false, "num_words": 49, "source_unit": "https://translate-dev.freebsd.org/api/units/1230452/?format=api", "priority": 100, "id": 1230774, "web_url": "https://translate-dev.freebsd.org/translate/documentation/bookshandbooksecurity_index/es/?checksum=c8aac80467eadec1", "url": "https://translate-dev.freebsd.org/api/units/1230774/?format=api", "explanation": "", "extra_flags": "", "pending": false, "timestamp": "2021-06-08T13:39:25.578387Z" } ] }