diff options
Diffstat (limited to 'crypto/heimdal/kdc/kdc.8')
| -rw-r--r-- | crypto/heimdal/kdc/kdc.8 | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 deleted file mode 100644 index 181a3cea15a7f..0000000000000 --- a/crypto/heimdal/kdc/kdc.8 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $Id: kdc.8,v 1.5 2000/02/13 21:04:32 assar Exp $ -.\" -.Dd July 27, 1997 -.Dt KDC 8 -.Os HEIMDAL -.Sh NAME -.Nm kdc -.Nd -Kerberos 5 server -.Sh SYNOPSIS -.Nm -.Op Fl c Ar file -.Op Fl -config-file= Ns Ar file -.Op Fl p | Fl -no-require-preauth -.Op Fl -max-request= Ns Ar size -.Op Fl H | Fl -enable-http -.Op Fl K | Fl -no-kaserver -.Op Fl r Ar realm -.Op Fl -v4-realm= Ns Ar realm -.Oo Fl P Ar string \*(Ba Xo -.Fl -ports= Ns Ar string Oc -.Xc -.Op Fl -addresses= Ns Ar list of addresses - -.Sh DESCRIPTION -.Nm -serves requests for tickets. When it starts, it first checks the flags -passed, any options that are not specified with a command line flag is -taken from a config file, or from a default compiled-in value. -.Pp -Options supported: -.Bl -tag -width Ds -.It Fl c Ar file -.It Fl -config-file= Ns Ar file -Specifies the location of the config file, the default is -.Pa /var/heimdal/kdc.conf . -This is the only value that can't be specified in the config file. -.It Fl p -.It Fl -no-require-preauth -Turn off the requirement for pre-autentication in the initial AS-REQ -for all principals. The use of pre-authentication makes it more -difficult to do offline password attacks. You might want to turn it -off if you have clients that doesn't do pre-authentication. Since the -version 4 protocol doesn't support any pre-authentication, so serving -version 4 clients is just about the same as not requiring -pre-athentication. The default is to require -pre-authentication. Adding the require-preauth per principal is a more -flexible way of handling this. -.It Xo -.Fl -max-request= Ns Ar size -.Xc -Gives an upper limit on the size of the requests that the kdc is -willing to handle. -.It Xo -.Fl H Ns , -.Fl -enable-http -.Xc -Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. -.It Xo -.Fl K Ns , -.Fl -no-kaserver -.Xc -Disables kaserver emulation (in case it's compiled in). -.It Fl r Ar realm -.It Fl -v4-realm= Ns Ar realm -What realm this server should act as when dealing with version 4 -requests. The database can contain any number of realms, but since the -version 4 protocol doesn't contain a realm for the server, it must be -explicitly specified. The default is whatever is returned by -.Fn krb_get_lrealm . -This option is only availabe if the KDC has been compiled with version -4 support. -.It Xo -.Fl P Ar string Ns , -.Fl -ports= Ns Ar string -.Xc -Specifies the set of ports the KDC should listen on. It is given as a -white-space separated list of services or port numbers. -.It Xo -.Fl -addresses= Ns Ar list of addresses -.Xc -The list of addresses to listen for requests on. By default, the kdc -will listen on all the locally configured addresses. If only a subset -is desired, or the automatic detection fails, this option might be used. -.El -.Pp -All activities , are logged to one or more destinations, see -.Xr krb5.conf 5 , -and -.Xr krb5_openlog 3 . -The entity used for logging is -.Nm kdc . -.Sh CONFIGURATION FILE -The configuration file has the same syntax as the -.Pa krb5.conf -file (you can actually put the configuration in -.Pa /etc/krb5.conf , -and then start the KDC with -.Fl -config-file= Ns Ar /etc/krb5.conf ) . -All options should be in a section called -.Dq kdc . -Options are called the same as the long option name, and takes the -same arguments. The only difference is the pre-authentication flag, -that has to be specified as: -.Pp -.Dl require-preauth = no -.Pp -(in fact you can specify the option as -.Fl -require-preauth=no ) . -.Pp -An example of a config file: -.Bd -literal -offset indent -[kdc] - require-preauth = no - v4-realm = FOO.SE - key-file = /key-file -.Ed -.Sh SEE ALSO -.Xr kinit 1 |