diff options
Diffstat (limited to 'crypto/kerberosIV/man')
32 files changed, 0 insertions, 3390 deletions
diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in deleted file mode 100644 index a1b6e741c46e1..0000000000000 --- a/crypto/kerberosIV/man/Makefile.in +++ /dev/null @@ -1,95 +0,0 @@ -# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp - -srcdir = @srcdir@ -VPATH = @srcdir@ - -SHELL = /bin/sh - -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -MKINSTALLDIRS = @top_srcdir@/mkinstalldirs - -prefix = @prefix@ -mandir = @mandir@ -transform=@program_transform_name@ -EXECSUFFIX=@EXECSUFFIX@ - -MANRX = .*\.\([0-9]\) -CATRX = \(.*\)\.cat\([0-9]\) -CATSUFFIX=@CATSUFFIX@ - -MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \ - login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \ - rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \ - des.1 movemail.1 \ - otp.1 otpprint.1 - -CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \ - pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \ - rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \ - otp.cat1 otpprint.cat1 - -MAN3 = acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \ - krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \ - tf_util.3 - -CAT3 = getusershell.cat3 kafs.cat3 - -MAN5 = krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5 - -CAT5 = login.access.cat5 krb.equiv.cat5 ftpusers.cat5 - -MAN8 = ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \ - kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \ - popper.8 kxd.8 kerberos.8 - -CAT8 = ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \ - kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8 - -all: - -cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8) - -%.cat1: %.1 - `grog -Tascii $<` > $@ -%.cat3: %.3 - `grog -Tascii $<` > $@ -%.cat5: %.5 - `grog -Tascii $<` > $@ -%.cat8: %.8 - `grog -Tascii $<` > $@ - - -Wall: - -install: all - for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \ - $(MKINSTALLDIRS) $(mandir)/$$x; done - (cd $(srcdir); \ - for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ - s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ - $(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\ - for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ - s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ - b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ - $(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\ - done ) - -uninstall: - for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ - s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ - rm -f $(mandir)/man$$s/$$x; done - for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ - s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ - b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ - rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done - -clean: - -mostlyclean: clean - -distclean: - rm -f Makefile *~ - -realclean: - diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3 deleted file mode 100644 index 53bb7c8bf9613..0000000000000 --- a/crypto/kerberosIV/man/acl_check.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, -acl_delete, acl_initialize \- Access control list routines -.SH SYNOPSIS -.nf -.nj -.ft B -cc <files> \-lacl \-lkrb -.PP -.ft B -#include <krb.h> -.PP -.ft B -acl_canonicalize_principal(principal, buf) -char *principal; -char *buf; -.PP -.ft B -acl_check(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_exact_match(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_add(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_delete(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_initialize(acl_file, mode) -char *acl_file; -int mode; -.fi -.ft R -.SH DESCRIPTION -.SS Introduction -.PP -An access control list (ACL) is a list of principals, where each -principal is represented by a text string which cannot contain -whitespace. The library allows application programs to refer to named -access control lists to test membership and to atomically add and -delete principals using a natural and intuitive interface. At -present, the names of access control lists are required to be Unix -filenames, and refer to human-readable Unix files; in the future, when -a networked ACL server is implemented, the names may refer to a -different namespace specific to the ACL service. -.PP -.SS Principal Names -.PP -Principal names have the form -.nf -.in +5n -<name>[.<instance>][@<realm>] -.in -5n -e.g.: -.in +5n -asp -asp.root -asp@ATHENA.MIT.EDU -asp.@ATHENA.MIT.EDU -asp.root@ATHENA.MIT.EDU -.in -5n -.fi -It is possible for principals to be underspecified. If an instance is -missing, it is assumed to be "". If realm is missing, it is assumed -to be the local realm as determined by -.IR krb_get_lrealm (3). -The canonical form contains all of name, instance, -and realm; the acl_add and acl_delete routines will always -leave the file in that form. Note that the canonical form of -asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. -.SS Routines -.PP -.I acl_canonicalize_principal -stores the canonical form of -.I principal -in -.IR buf . -.I Buf -must contain enough -space to store a principal, given the limits on the sizes of name, -instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, -respectively, in -.IR /usr/include/krb.h . -.PP -.I acl_check -returns nonzero if -.I principal -appears in -.IR acl . -Returns 0 if principal -does not appear in acl, or if an error occurs. Canonicalizes -principal before checking, and allows the ACL to contain wildcards. The -only supported wildcards are entries of the form -name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the -its component field. For example, "jtkohl.*@*" would match principal -jtkohl, with any instance and any realm. -.PP -.I acl_exact_match -performs like -.IR acl_check , -but does no canonicalization or wildcard matching. -.PP -.I acl_add -atomically adds -.I principal -to -.IR acl . -Returns 0 if successful, nonzero otherwise. It is considered a failure -if -.I principal -is already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_delete -atomically deletes -.I principal -from -.IR acl . -Returns 0 if successful, -nonzero otherwise. It is considered a failure if -.I principal -is not -already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_initialize -initializes -.IR acl_file . -If the file -.I acl_file -does not exist, -.I acl_initialize -creates it with mode -.IR mode . -If the file -.I acl_file -exists, -.I acl_initialize -removes all members. Returns 0 if successful, -nonzero otherwise. WARNING: Mode argument is likely to change with -the eventual introduction of an ACL service. -.SH NOTES -In the presence of concurrency, there is a very small chance that -.I acl_add -or -.I acl_delete -could report success even though it would have -had no effect. This is a necessary side effect of using lock files -for concurrency control rather than flock(2), which is not supported -by NFS. -.PP -The current implementation caches ACLs in memory in a hash-table -format for increased efficiency in checking membership; one effect of -the caching scheme is that one file descriptor will be kept open for -each ACL cached, up to a maximum of 8. -.SH SEE ALSO -kerberos(3), krb_get_lrealm(3) -.SH AUTHOR -James Aspnes (MIT Project Athena) diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8 deleted file mode 100644 index 4f2c12006be55..0000000000000 --- a/crypto/kerberosIV/man/ext_srvtab.8 +++ /dev/null @@ -1,62 +0,0 @@ -.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ext_srvtab \- extract service key files from Kerberos key distribution center database -.SH SYNOPSIS -ext_srvtab [ -.B \-n -] [ -.B \-r realm -] [ -.B hostname ... -] -.SH DESCRIPTION -.I ext_srvtab -extracts service key files from the Kerberos key distribution center -(KDC) database. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -For each -.I hostname -specified on the command line, -.I ext_srvtab -creates the service key file -.IR hostname -new-srvtab, -containing all the entries in the database with an instance field of -.I hostname. -This new file contains all the keys registered for Kerberos-mediated -service providing programs which use the -.IR krb_get_phost (3) -principal and instance conventions to run on the host -.IR hostname . -If the -.B \-r -option is specified, the realm fields in the extracted file will -match the given realm rather than the local realm. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -.IR hostname -new-srvtab -Service key file generated for -.I hostname -.TP -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. -.SH SEE ALSO -read_service_key(3), krb_get_phost(3) diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3 deleted file mode 100644 index 84dc3ad932ba6..0000000000000 --- a/crypto/kerberosIV/man/getusershell.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $ -.\" -.\" Copyright (c) 1985, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)getusershell.3 8.1 (Berkeley) 6/4/93 -.\" -.Dd June 4, 1993 -.Dt GETUSERSHELL 3 -.Os BSD 4.3 -.Sh NAME -.Nm getusershell , -.Nm setusershell , -.Nm endusershell -.Nd get legal user shells -.Sh SYNOPSIS -.Ft char * -.Fn getusershell void -.Ft void -.Fn setusershell void -.Ft void -.Fn endusershell void -.Sh DESCRIPTION -The -.Fn getusershell -function -returns a pointer to a legal user shell as defined by the -system manager in the file -.Pa /etc/shells . -If -.Pa /etc/shells -is unreadable or does not exist, -.Fn getusershell -behaves as if -.Pa /bin/sh -and -.Pa /bin/csh -were listed in the file. -.Pp -The -.Fn getusershell -function -reads the next -line (opening the file if necessary); -.Fn setusershell -rewinds the file; -.Fn endusershell -closes it. -.Sh FILES -.Bl -tag -width /etc/shells -compact -.It Pa /etc/shells -.El -.Sh DIAGNOSTICS -The routine -.Fn getusershell -returns a null pointer (0) on -.Dv EOF . -.Sh SEE ALSO -.Xr shells 5 -.Sh HISTORY -The -.Fn getusershell -function appeared in -.Bx 4.3 . -.Sh BUGS -The -.Fn getusershell -function leaves its result in an internal static object and returns -a pointer to that object. Subsequent calls to -.Fn getusershell -will modify the same object. diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8 deleted file mode 100644 index 3139b2513cc80..0000000000000 --- a/crypto/kerberosIV/man/kadmin.8 +++ /dev/null @@ -1,176 +0,0 @@ -.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmin \- network utility for Kerberos database administration -.SH SYNOPSIS -.B kadmin [-u user] [-r default_realm] [-m] [-t] -.SH DESCRIPTION -This utility provides a unified administration interface to -the -Kerberos -master database. -Kerberos -administrators -use -.I kadmin -to register new users and services to the master database, -and to change information about existing database entries. -For instance, an administrator can use -.I kadmin -to change a user's -Kerberos -password. -A Kerberos administrator is a user with an ``admin'' instance -whose name appears on one of the Kerberos administration access control -lists. If the \-u option is used, -.I user -will be used as the administrator instead of the local user. -If the \-r option is used, -.I default_realm -will be used as the default realm for transactions. Otherwise, -the local realm will be used by default. -If the \-m option is used, multiple requests will be permitted -on only one entry of the admin password. Some sites won't -support this option. The \-t option is used to tell kadmin to use the -existing ticket file instead of creating a new one. - -The -.I kadmin -program communicates over the network with the -.I kadmind -program, which runs on the machine housing the Kerberos master -database. -The -.I kadmind -creates new entries and makes modifications to the database. - -When you enter the -.I kadmin -command, -the program displays a message that welcomes you and explains -how to ask for help. -Then -.I kadmin -waits for you to enter commands (which are described below). -It then asks you for your -.I admin -password before accessing the database. - -All commands can be abbreviated as long as they are unique. Some -short versions of the commands are also recognized for backwards -compatibility. - -Use the -.I add_new_key -(or -.I ank -for short) -command to register a new principal -with the master database. -The command requires one argument, -the principal's name. The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's -new password. If no realm is specified, -the local realm is used unless another was -given on the commandline with the \-r flag. -If no instance is -specified, a null instance is used. If -a realm other than the default realm is specified, -you will need to supply your admin password for -the other realm. - -Use the -.I change_password (cpw) -to change a principal's -Kerberos -password. -The command requires one argument, -the principal's -name. -You are asked to enter your -.I admin -password, -then prompted twice to enter the principal's new password. -The name -given can be fully qualified using -the standard -.I name.instance@realm -convention. - -Use the -.I change_key (ckey) -if you have a need to change the raw key of a particular principal. -In other words, if you do not want to input a DES key instead of a -password that will get converted into a DES key. - -Use the -.I change_admin_password (cap) -to change your -.I admin -instance password. -This command requires no arguments. -It prompts you for your old -.I admin -password, then prompts you twice to enter the new -.I admin -password. If this is your first command, -the default realm is used. Otherwise, the realm -used in the last command is used. - -Use the -.I del_entry (del) -to remove an entry from the kerberos database. - -Use the -.I mod_entry (mod) -to modify a particular entry, for example to change the expire date. - -Use the -.I destroy_tickets (dest) -command to destroy your admin tickets explicitly. - -Use the -.I list_requests (lr) -command to get a list of possible commands. - -Use the -.I help -command to display -.IR kadmin's -various help messages. -If entered without an argument, -.I help -displays a general help message. -You can get detailed information on specific -.I kadmin -commands -by entering -.I help -.IR command_name . - -To quit the program, type -.IR quit . - -.SH BUGS -The user interface is primitive, and the command names could be better. - -.SH "SEE ALSO" -kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) -.br -``A Subsystem Utilities Package for UNIX'' by Ken Raeburn -.SH AUTHORS -Jeffrey I. Schiller, MIT Project Athena -.br -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8 deleted file mode 100644 index 477511bb1d332..0000000000000 --- a/crypto/kerberosIV/man/kadmind.8 +++ /dev/null @@ -1,125 +0,0 @@ -.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-m -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it fetches the master key from the key cache file. -.PP -If the -.B \-m -option is specified, it instead prompts the user to enter the master -key string for the database. -.PP -The -.B \-n -option is a no-op and is left for compatibility reasons. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently four distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.TP -Deletions -(.del ACL file). If a principal is on this list, if may delete -entries from the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/kerberos/admin_server.syslog -Default log file. -.TP -/kerberos -Default access control list directory. -.TP -admin_acl.{add,get,mod} -Access control list files (within the directory) -.TP -/kerberos/principal.pag, /kerberos/principal.dir -Default DBM files containing database -.TP -/.k -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3 deleted file mode 100644 index 041fd23517b9a..0000000000000 --- a/crypto/kerberosIV/man/kafs.3 +++ /dev/null @@ -1,122 +0,0 @@ -.\" $Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $ -.\" -.Dd May 7, 1997 -.Os KTH-KRB -.Dt KAFS 3 -.Sh NAME -.Nm k_hasafs , -.Nm k_afsklog , -.Nm k_afsklog_uid , -.Nm k_pioctl , -.Nm k_unlog , -.Nm k_setpag , -.Nm k_afs_cell_of_file -.Nd AFS library -.Sh SYNOPSIS -.Fd #include <kafs.h> -.Ft int -.Fn k_afsklog "char *cell" "char *realm" -.Ft int -.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid" -.Ft int -.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" -.Ft int -.Fn k_hasafs -.Ft int -.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" -.Ft int -.Fn k_setpag -.Ft int -.Fn k_unlog -.Sh DESCRIPTION -.Fn k_hasafs -initializes some library internal structures, and tests for the -presense of AFS in the kernel, none of the other functions should be -called before -.Fn k_hasafs -is called, or if it fails. - -.Fn k_afsklog , -and -.Fn k_afsklog_uid -obtains new tokens (and possibly tickets) for the specified -.Fa cell -and -.Fa realm . -If -.Fa cell -is -.Dv NULL , -the local cell is used. If -.Fa realm -is -.Dv NULL , -the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass -.Dv NULL . -.Fn k_afsklog -will use the real user-id for the -.Dv ViceId -field in the token, -.Fn k_afsklog_uid -will use -.Fa uid . - -.Fn k_afs_cell_of_file -will in -.Fa cell -return the cell of a specified file, no more than -.Fa len -characters is put in -.Fa cell . - -.Fn k_pioctl -does a -.Fn pioctl -syscall with the specified arguments. This function is equivalent to -.Fn lpioctl . - -.Fn k_setpag -initializes a new PAG. - -.Fn k_unlog -removes destroys all tokens in the current PAG. - -.Sh RETURN VALUES -.Fn k_hasafs -returns 1 if AFS is present in the kernel, 0 otherwise. -.Fn k_afsklog -and -.Fn k_afsklog_uid -returns 0 on success, or a kerberos error number on failure. -.Fn k_afs_cell_of_file , -.Fn k_pioctl , -.Fn k_setpag , -and -.Fn k_unlog -all return the value of the underlaying system call, 0 on success. -.Sh EXAMPLES -The following code from -.Nm login -will obtain a new PAG and tokens for the local cell and the cell of -the users home directory. -.Bd -literal -if (k_hasafs()) { - char cell[64]; - k_setpag(); - if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - k_afsklog(cell, 0); - k_afsklog(0, 0); -} -.Ed -.Sh ERRORS -If any of these functions (appart from -.Fn k_hasafs ) -is called without AFS beeing present in the kernel, the process will -usually (depending on the operating system) receive a SIGSYS signal. -.Sh SEE ALSO -.Rs -.%A Transarc Corporation -.%J AFS-3 Programmer's Reference -.%T File Server/Cache Manager Interface -.%D 1991 -.Re
\ No newline at end of file diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1 deleted file mode 100644 index cc71b29136720..0000000000000 --- a/crypto/kerberosIV/man/kauth.1 +++ /dev/null @@ -1,65 +0,0 @@ -.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $ -.\" -.Dd May 4, 1996 -.Dt KAUTH 1 -.Os KTH-KRB -.Sh NAME -.Nm kauth -.Nd -overworked Kerberos login program -.Sh SYNOPSIS -.Nm -.Op Fl n Ar name -.Op Fl r Ar remote user -.Op Fl t Pa remote ticket file -.Op Fl h Ar hosts... -.Op Fl l Ar lifetime -.Op Fl f Pa srvtab -.Op Fl c Ar cell -.Op Ar command ... -.Sh DESCRIPTION -The -.Nm -command obtains ticket granting tickets as well as AFS ticket and -tokens. It also does a whole lot of other stuff. -.Pp -The following flags are supported: -.Bl -tag -width xxxx -.It Fl n -Principal to get tickets for. If no other arguments are present this -can be given without the -.Fl n -flag. -.It Fl h -Remote hosts to obtain tickets for. This works similar to the MIT -Athena Kerberos 4 patchlevel 10 command -.Xr rkinit 1 , -however not in a compatible way. It requires that the remote host runs -the -.Xr kauthd 8 , -server. The -.Fl r -and -.Fl t -flags are useful only with this option. -.It Fl r -User on the remote host that should own the ticket file. -.It Fl t -Ticket file on remote host. -.It Fl l -Lifetime of tickets i minutes -.It Fl f -Srvtab to get service keys from. Default is -.Pa /etc/srvtab . -This is mainly used with batch services that need to run -authenticated. If any command is given, it will be executed in an -authenticated fashion and when the program exits the tickets are -destroyed. For long running jobs the tickets will be renewed. -.It Fl c -AFS cell to get tokens for, default is your local cell. -.El -.Sh SEE ALSO -.Xr kinit 1 , -.Xr kauthd 8 -.Sh BUGS -There is no help-switch. diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8 deleted file mode 100644 index 4978ff2c5c71c..0000000000000 --- a/crypto/kerberosIV/man/kauthd.8 +++ /dev/null @@ -1,27 +0,0 @@ -.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $ -.\" -.Dd September 27, 1996 -.Dt KAUTHD 8 -.Os KTH-KRB -.Sh NAME -.Nm kauthd -.Nd -remote Kerberos login daemon -.Sh SYNOPSIS -.Nm -.Sh DESCRIPTION -Daemon for the -.Xr kauth 1 -command. -.Pp -Options supported by -.Nm kauthd : -.Bl -tag -width Ds -.It Fl i -Interactive. Do not expect to be started by -.Nm inetd, -but allocate and listen to the socket yourself. Handy for testing -and debugging. -.El -.Sh SEE ALSO -.Xr kauth 1 diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8 deleted file mode 100644 index c6e47396fa0fb..0000000000000 --- a/crypto/kerberosIV/man/kdb_destroy.8 +++ /dev/null @@ -1,32 +0,0 @@ -.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_destroy \- destroy Kerberos key distribution center database -.SH SYNOPSIS -kdb_destroy -.SH DESCRIPTION -.I kdb_destroy -deletes a Kerberos key distribution center database. -.PP -The user is prompted to verify that the database should be destroyed. A -response beginning with `y' or `Y' confirms deletion. -Any other response aborts deletion. -.SH DIAGNOSTICS -.TP 20n -"Database cannot be deleted at /var/kerberos/principal" -The attempt to delete the database failed (probably due to a system or -access permission error). -.TP -"Database not deleted." -The user aborted the deletion. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.SH SEE ALSO -kdb_init(8) diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8 deleted file mode 100644 index 14f7e92a0fd06..0000000000000 --- a/crypto/kerberosIV/man/kdb_edit.8 +++ /dev/null @@ -1,54 +0,0 @@ -.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_edit \- Kerberos key distribution center database editing utility -.SH SYNOPSIS -kdb_edit [ -.B \-n -] -.SH DESCRIPTION -.I kdb_edit -is used to create or change principals stored in the Kerberos key -distribution center (KDC) database. -.PP -When executed, -.I kdb_edit -prompts for the master key string and verifies that it matches the -master key stored in the database. -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -Once the master key has been verified, -.I kdb_edit -begins a prompt loop. The user is prompted for the principal and -instance to be modified. If the entry is not found the user may create -it. -Once an entry is found or created, the user may set the password, -expiration date, maximum ticket lifetime, and attributes. -Default expiration dates, maximum ticket lifetimes, and attributes are -presented in brackets; if the user presses return the default is selected. -There is no default password. -The password RANDOM is interpreted specially, and if entered -the user may have the program select a random DES key for the -principal. -.PP -Upon successfully creating or changing the entry, ``Edit O.K.'' is -printed. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8 deleted file mode 100644 index f019dd4a413ee..0000000000000 --- a/crypto/kerberosIV/man/kdb_init.8 +++ /dev/null @@ -1,37 +0,0 @@ -.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_init \- Initialize Kerberos key distribution center database -.SH SYNOPSIS -kdb_init [ -.B realm -] -.SH DESCRIPTION -.I kdb_init -initializes a Kerberos key distribution center database, creating the -necessary principals. -.PP -If the optional -.I realm -argument is not present, -.I kdb_init -prompts for a realm name. -After determining the realm to be created, it prompts for -a master key password. The master key password is used to encrypt -every encryption key stored in the database. -.SH DIAGNOSTICS -.TP 20n -"/var/kerberos/principal: File exists" -An attempt was made to create a database on a machine which already had -an existing database. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.SH SEE ALSO -kdb_destroy(8) diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8 deleted file mode 100644 index 0e3c201a514ca..0000000000000 --- a/crypto/kerberosIV/man/kdb_util.8 +++ /dev/null @@ -1,68 +0,0 @@ -.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I merge -merges in the entries from -.IR filename -into the database. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database -.TP -.IR filename .ok -semaphore file created by -.IR slave_dump. diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1 deleted file mode 100644 index 66ffd39a7654a..0000000000000 --- a/crypto/kerberosIV/man/kdestroy.1 +++ /dev/null @@ -1,88 +0,0 @@ -.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdestroy \- destroy Kerberos tickets -.SH SYNOPSIS -.B kdestroy -[ -.B \-f -] -[ -.B \-q -] -[ -.B \-t -] -.SH DESCRIPTION -The -.I kdestroy -utility destroys the user's active -Kerberos -authorization tickets by writing zeros to the file that contains them. -If the ticket file does not exist, -.I kdestroy -displays a message to that effect. -.PP -After overwriting the file, -.I kdestroy -removes the file from the system. -The utility -displays a message indicating the success or failure of the -operation. -If -.I kdestroy -is unable to destroy the ticket file, -the utility will warn you by making your terminal beep. -.PP -In the Athena workstation environment, -the -.I toehold -service automatically destroys your tickets when you -end a workstation session. -If your site does not provide a similar ticket-destroying mechanism, -you can place the -.I kdestroy -command in your -.I .logout -file so that your tickets are destroyed automatically -when you logout. -.PP -The options to -.I kdestroy -are as follows: -.TP 7 -.B \-f -.I kdestroy -runs without displaying the status message. -.TP -.B \-q -.I kdestroy -will not make your terminal beep if it fails to destroy the tickets. -.TP -.B \-t -.I kdestroy -will not remove any afs-tokens. Without this flag the tokens -associated with the current PAG is destroyed. -.SH FILES -KRBTKFILE environment variable if set, otherwise -.br -/tmp/tkt[uid] -.SH SEE ALSO -kerberos(1), kinit(1), klist(1) -.SH BUGS -.PP -Only the tickets in the user's current ticket file are destroyed. -Separate ticket files are used to hold root instance and password -changing tickets. These files should probably be destroyed too, or -all of a user's tickets kept in a single ticket file. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena -.br -Bill Sommerfeld, MIT Project Athena diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1 deleted file mode 100644 index aced5a5740663..0000000000000 --- a/crypto/kerberosIV/man/kerberos.1 +++ /dev/null @@ -1,258 +0,0 @@ -.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kerberos \- introduction to the Kerberos system - -.SH DESCRIPTION -The -Kerberos -system authenticates -individual users in a network environment. -After authenticating yourself to -Kerberos, -you can use network utilities such as -.IR rlogin , -.IR rcp , -and -.IR rsh -without -having to present passwords to remote hosts and without having to bother -with -.I \.rhosts -files. -Note that these utilities will work without passwords only if -the remote machines you deal with -support the -Kerberos -system. -All Athena timesharing machines and public workstations support -Kerberos. -.PP -Before you can use -Kerberos, -you must register as an Athena user, -and you must make sure you have been added to -the -Kerberos -database. -You can use the -.I kinit -command to find out. -This command -tries to log you into the -Kerberos -system. -.I kinit -will prompt you for a username and password. -Enter your username and password. -If the utility lets you login without giving you a message, -you have already been registered. -.PP -If you enter your username and -.I kinit -responds with this message: -.nf - -Principal unknown (kerberos) - -.fi -you haven't been registered as a -Kerberos -user. -See your system administrator. -.PP -A Kerberos name contains three parts. -The first is the -.I principal name, -which is usually a user's or service's name. -The second is the -.I instance, -which in the case of a user is usually null. -Some users may have privileged instances, however, -such as ``root'' or ``admin''. -In the case of a service, the instance is the -name of the machine on which it runs; i.e. there -can be an -.I rlogin -service running on the machine ABC, which -is different from the rlogin service running on -the machine XYZ. -The third part of a Kerberos name -is the -.I realm. -The realm corresponds to the Kerberos service providing -authentication for the principal. -For example, at MIT there is a Kerberos running at the -Laboratory for Computer Science and one running at -Project Athena. -.PP -When writing a Kerberos name, the principal name is -separated from the instance (if not null) by a period, -and the realm (if not the local realm) follows, preceded by -an ``@'' sign. -The following are examples of valid Kerberos names: -.sp -.nf -.in +8 -billb -jis.admin -srz@lcs.mit.edu -treese.root@athena.mit.edu -.in -8 -.fi -.PP -When you authenticate yourself with -Kerberos, -through either the workstation -.I toehold -system or the -.I kinit -command, -Kerberos -gives you an initial -Kerberos -.IR ticket . -(A -Kerberos -ticket -is an encrypted protocol message that provides authentication.) -Kerberos -uses this ticket for network utilities -such as -.I rlogin -and -.IR rcp . -The ticket transactions are done transparently, -so you don't have to worry about their management. -.PP -Note, however, that tickets expire. -Privileged tickets, such as root instance tickets, -expire in a few minutes, while tickets that carry more ordinary -privileges may be good for several hours or a day, depending on the -installation's policy. -If your login session extends beyond the time limit, -you will have to re-authenticate yourself to -Kerberos -to get new tickets. -Use the -.IR kinit -command to re-authenticate yourself. -.PP -If you use the -.I kinit -command to get your tickets, -make sure you use the -.I kdestroy -command -to destroy your tickets before you end your login session. -You should probably put the -.I kdestroy -command in your -.I \.logout -file so that your tickets will be destroyed automatically when you logout. -For more information about the -.I kinit -and -.I kdestroy -commands, -see the -.I kinit(1) -and -.I kdestroy(1) -manual pages. -.PP -Currently, -Kerberos -supports the following network services: -.IR rlogin , -.IR rsh , -and -.IR rcp . -Other services are being worked on, -such as the -.IR pop -mail system and NFS (network file system), -but are not yet available. - -.SH "SEE ALSO" -kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), -kadmin(8) -.SH BUGS -Kerberos -will not do authentication forwarding. -In other words, -if you use -.I rlogin -to login to a remote host, -you cannot use -Kerberos -services from that host -until you authenticate yourself explicitly on that host. -Although you may need to authenticate yourself on the remote -host, -be aware that when you do so, -.I rlogin -sends your password across the network in clear text. - -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena - -The following people helped out on various aspects of the system: - -Jeff Schiller designed and wrote the administration server and its -user interface, kadmin. -He also wrote the dbm version of the database management system. - -Mark Colan developed the -Kerberos -versions of -.IR rlogin , -.IR rsh , -and -.IR rcp , -as well as contributing work on the servers. - -John Ostlund developed the -Kerberos -versions of -.I passwd -and -.IR userreg . - -Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), -and made many contributions based on that experience. - -Many people contributed code and/or useful ideas, including -Jim Aspnes, -Bob Baldwin, -John Barba, -Richard Basch, -Jim Bloom, -Bill Bryant, -Rob French, -Dan Geer, -David Jedlinsky, -John Kohl, -John Kubiatowicz, -Bob McKie, -Brian Murphy, -Ken Raeburn, -Chris Reed, -Jon Rochlis, -Mike Shanzer, -Bill Sommerfeld, -Jennifer Steiner, -Ted Ts'o, -and -Win Treese. - -.SH RESTRICTIONS - -COPYRIGHT 1985,1986 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3 deleted file mode 100644 index 71da54dd2cd0b..0000000000000 --- a/crypto/kerberosIV/man/kerberos.3 +++ /dev/null @@ -1,460 +0,0 @@ -.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, -krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, -krb_rd_err, krb_ck_repl \- Kerberos authentication library -.SH SYNOPSIS -.nf -.nj -.ft B -#include <des.h> -#include <krb.h> -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -int krb_mk_req(authent,service,instance,realm,checksum) -KTEXT authent; -char *service; -char *instance; -char *realm; -u_long checksum; -.PP -.ft B -int krb_rd_req(authent,service,instance,from_addr,ad,fn) -KTEXT authent; -char *service; -char *instance; -u_long from_addr; -AUTH_DAT *ad; -char *fn; -.PP -.ft B -int krb_kntoln(ad,lname) -AUTH_DAT *ad; -char *lname; -.PP -.ft B -int krb_set_key(key,cvt) -char *key; -int cvt; -.PP -.ft B -int krb_get_cred(service,instance,realm,c) -char *service; -char *instance; -char *realm; -CREDENTIALS *c; -.PP -.ft B -long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -des_key_schedule schedule; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) -u_char *in; -u_long in_length; -Key_schedule schedule; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_safe(in,out,in_length,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_safe(in,length,key,sender,receiver,msg_data) -u_char *in; -u_long length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_err(out,code,string) -u_char *out; -long code; -char *string; -.PP -.ft B -long krb_rd_err(in,length,code,msg_data) -u_char *in; -u_long length; -long code; -MSG_DAT *msg_data; -.fi -.ft R -.SH DESCRIPTION -This library supports network authentication and various related -operations. The library contains many routines beyond those described -in this man page, but they are not intended to be used directly. -Instead, they are called by the routines that are described, the -authentication server and the login program. -.PP -.I krb_err_txt[] -contains text string descriptions of various Kerberos error codes returned -by some of the routines below. -.PP -.I krb_mk_req -takes a pointer to a text structure in which an authenticator is to be -built. It also takes the name, instance, and realm of the service to be -used and an optional checksum. It is up to the application to decide -how to generate the checksum. -.I krb_mk_req -then retrieves a ticket for the desired service and creates an -authenticator. The authenticator is built in -.I authent -and is accessible -to the calling procedure. -.PP -It is up to the application to get the authenticator to the service -where it will be read by -.I krb_rd_req. -Unless an attacker posesses the session key contained in the ticket, it -will be unable to modify the authenticator. Thus, the checksum can be -used to verify the authenticity of the other data that will pass through -a connection. -.PP -.I krb_rd_req -takes an authenticator of type -.B KTEXT, -a service name, an instance, the address of the -host originating the request, and a pointer to a structure of type -.B AUTH_DAT -which is filled in with information obtained from the authenticator. -It also optionally takes the name of the file in which it will find the -secret key(s) for the service. -If the supplied -.I instance -contains "*", then the first service key with the same service name -found in the service key file will be used, and the -.I instance -argument will be filled in with the chosen instance. This means that -the caller must provide space for such an instance name. -.PP -It is used to find out information about the principal when a request -has been made to a service. It is up to the application protocol to get -the authenticator from the client to the service. The authenticator is -then passed to -.I krb_rd_req -to extract the desired information. -.PP -.I krb_rd_req -returns zero (RD_AP_OK) upon successful authentication. If a packet was -forged, modified, or replayed, authentication will fail. If the -authentication fails, a non-zero value is returned indicating the -particular problem encountered. See -.I krb.h -for the list of error codes. -.PP -If the last argument is the null string (""), krb_rd_req will use the -file /etc/srvtab to find its keys. If the last argument is NULL, it -will assume that the key has been set by -.I krb_set_key -and will not bother looking further. -.PP -.I krb_kntoln -converts a Kerberos name to a local name. It takes a structure -of type AUTH_DAT and uses the name and instance to look in the database -/etc/aname to find the corresponding local name. The local name is -returned and can be used by an application to change uids, directories, -or other parameters. It is not an integral part of Kerberos, but is -instead provided to support the use of Kerberos in existing utilities. -.PP -.I krb_set_key -takes as an argument a des key. It then creates -a key schedule from it and saves the original key to be used as an -initialization vector. -It is used to set the server's key which -must be used to decrypt tickets. -.PP -If called with a non-zero second argument, -.I krb_set_key -will first convert the input from a string of arbitrary length to a DES -key by encrypting it with a one-way function. -.PP -In most cases it should not be necessary to call -.I krb_set_key. -The necessary keys will usually be obtained and set inside -.I krb_rd_req. krb_set_key -is provided for those applications that do not wish to place the -application keys on disk. -.PP -.I krb_get_cred -searches the caller's ticket file for a ticket for the given service, instance, -and realm; and, if a ticket is found, fills in the given CREDENTIALS structure -with the ticket information. -.PP -If the ticket was found, -.I krb_get_cred -returns GC_OK. -If the ticket file can't be found, can't be read, doesn't belong to -the user (other than root), isn't a regular file, or is in the wrong -mode, the error GC_TKFIL is returned. -.PP -.I krb_mk_priv -creates an encrypted, authenticated -message from any arbitrary application data, pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key -and the key schedule, -.I schedule, -are used to encrypt the data and some header information using -.I pcbc_encrypt. -.I sender -and -.I receiver -point to the Internet address of the two parties. -In addition to providing privacy, this protocol message protects -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -.PP -.I krb_rd_priv -decrypts and authenticates a received -.I krb_mk_priv -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -and the key schedule, -.I schedule, -are used to decrypt and verify the received message. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h. -The routine fills in the -.I app_data -field with a pointer to the decrypted application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_safe -creates an authenticated, but unencrypted message from any arbitrary -application data, -pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key, -is used to seed the -.I quad_cksum() -checksum algorithm used as part of the authentication. -.I sender -and -.I receiver -point to the Internet address of the two parties. -This message does not provide privacy, but does protect (via detection) -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -The authentication provided by this routine is not as strong as that -provided by -.I krb_mk_priv -or by computing the checksum using -.I cbc_cksum -instead, both of which authenticate via DES. -.PP - -.I krb_rd_safe -authenticates a received -.I krb_mk_safe -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -is used to seed the quad_cksum() routine as part of the authentication. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: -the -.I app_data -field with a pointer to the application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. -(The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_err -constructs an application level error message that may be used along -with -.I krb_mk_priv -or -.I krb_mk_safe. -.I out -is a pointer to the output buffer, -.I code -is an application specific error code, and -.I string -is an application specific error string. - -.PP -.I krb_rd_err -unpacks a received -.I krb_mk_err -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -.I code -is a pointer to a value to be filled in with the error -value provided by the application. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: the -.I app_data -field with a pointer to the application error text, -.I app_length -with the length of the -.I app_data -field, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). - -The routine returns zero if the error message has been successfully received, -or a Kerberos error code. -.PP -The -.I KTEXT -structure is used to pass around text of varying lengths. It consists -of a buffer for the data, and a length. krb_rd_req takes an argument of this -type containing the authenticator, and krb_mk_req returns the -authenticator in a structure of this type. KTEXT itself is really a -pointer to the structure. The actual structure is of type KTEXT_ST. -.PP -The -.I AUTH_DAT -structure is filled in by krb_rd_req. It must be allocated before -calling krb_rd_req, and a pointer to it is passed. The structure is -filled in with data obtained from Kerberos. -.I MSG_DAT -structure is filled in by either krb_rd_priv, krb_rd_safe, or -krb_rd_err. It must be allocated before the call and a pointer to it -is passed. The structure is -filled in with data obtained from Kerberos. -.PP -.SH FILES -/usr/include/krb.h -.br -/usr/lib/libkrb.a -.br -/usr/include/des.h -.br -/usr/lib/libdes.a -.br -/etc/aname -.br -/etc/srvtab -.br -/tmp/tkt[uid] -.SH "SEE ALSO" -kerberos(1), des_crypt(3) -.SH DIAGNOSTICS -.SH BUGS -The caller of -.I krb_rd_req, krb_rd_priv, and krb_rd_safe -must check time order and for replay attempts. -.I krb_ck_repl -is not implemented yet. -.SH AUTHORS -Clifford Neuman, MIT Project Athena -.br -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.SH RESTRICTIONS -COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 deleted file mode 100644 index 6a64c57bbb6c0..0000000000000 --- a/crypto/kerberosIV/man/kerberos.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $ -.\" -.Dd November 14, 1996 -.Dt KERBEROS 8 -.Os KTH-KRB -.Sh NAME -.Nm kerberos -.Nd The kerberos daemon -.Sh SYNPOSIS -.Nm -.Op Fl snm -.Op Fl p Ar pause -.Op Fl a Ar max age -.Op Fl l Ar log -.Op Fl r Ar realm -.Ar database -.Sh DESCRIPTION -This is the -.Nm -daemon. -.Pp -Options: -.Bl -tag -width -ident -.It Fl s -Set slave parameters. This will enable check to see if data is -getting too stale relative to the master. -.It Fl n -Do not check max age. -.It Fl m -Run manually and prompt for master key. -.It Fl p -Pause for -.Ar pause -before dying. -.It Fl a -Set the -.Ar max age -before the database is considered stale. -.It Fl l -Write the log to -.Ar log -.It Fl r -Run as a server for realm -.Ar realm diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1 deleted file mode 100644 index 75f0e709c7d79..0000000000000 --- a/crypto/kerberosIV/man/kinit.1 +++ /dev/null @@ -1,136 +0,0 @@ -.\" $Id$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kinit \- Kerberos login utility -.SH SYNOPSIS -.B kinit -[ -.B \-irvlp -] -.SH DESCRIPTION -The -.I kinit -command is used to login to the -Kerberos -authentication and authorization system. -Note that only registered -Kerberos -users can use the -Kerberos -system. -For information about registering as a -Kerberos -user, -see the -.I kerberos(1) -manual page. -.PP -If you are logged in to a workstation that is running the -.I toehold -service, -you do not have to use -.I kinit. -The -.I toehold -login procedure will log you into -Kerberos -automatically. -You will need to use -.I kinit -only in those situations in which -your original tickets have expired. -(Tickets expire in about a day.) -Note as well that -.I toehold -will automatically destroy your tickets when you logout from the workstation. -.PP -When you use -.I kinit -without options, -the utility -prompts for your username and Kerberos password, -and tries to authenticate your login with the local -Kerberos -server. -.PP -If -Kerberos -authenticates the login attempt, -.I kinit -retrieves your initial ticket and puts it in the ticket file specified by -your KRBTKFILE environment variable. -If this variable is undefined, -your ticket will be stored in the -.IR /tmp -directory, -in the file -.I tktuid , -where -.I uid -specifies your user identification number. -.PP -If you have logged in to -Kerberos -without the benefit of the workstation -.I toehold -system, -make sure you use the -.I kdestroy -command to destroy any active tickets before you end your login session. -You may want to put the -.I kdestroy -command in your -.I \.logout -file so that your tickets will be destroyed automatically when you logout. -.PP -The options to -.I kinit -are as follows: -.TP 7 -.B \-i -.I kinit -prompts you for a -Kerberos -instance. -.TP -.B \-r -.I kinit -prompts you for a -Kerberos -realm. -This option lets you authenticate yourself with a remote -Kerberos -server. -.TP -.B \-v -Verbose mode. -.I kinit -prints the realm you are in, the name of the ticket file used, and -a status message indicating the success or failure of -your login attempt. -.TP -.B \-l -.I kinit -prompts you for a ticket lifetime in minutes. Due to protocol -restrictions in Kerberos Version 4, this value must be between 5 and -1275 minutes. -.TP -.B \-p -.I kinit -will acquires a ticket for chpass.kerberos. -.SH SEE ALSO -.PP -kerberos(1), kdestroy(1), klist(1), toehold(1) -.SH BUGS -The -.B \-r -option has not been fully implemented. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1 deleted file mode 100644 index 76dec027bc95b..0000000000000 --- a/crypto/kerberosIV/man/klist.1 +++ /dev/null @@ -1,83 +0,0 @@ -.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -klist \- list currently held Kerberos tickets -.SH SYNOPSIS -.B klist -[ -\fB\-s \fR|\fB \-t\fR -] [ -.B \-file -name ] [ -.B \-srvtab -] -.br -.SH DESCRIPTION -.I klist -prints the name of the tickets file and the -identity of the principal the tickets are for (as listed in the -tickets file), and -lists the principal names of all Kerberos tickets currently held by -the user, along with the issue and expire time for each authenticator. -Principal names are listed in the form -.I name.instance@realm, -with the '.' omitted if the instance is null, -and the '@' omitted if the realm is null. - -If given the -.B \-s -option, -.I klist -does not print the issue and expire times, the name of the tickets file, -or the identity of the principal. - -If given the -.B \-t -option, -.B klist -checks for the existence of a non-expired ticket-granting-ticket in the -ticket file. If one is present, it exits with status 0, else it exits -with status 1. No output is generated when this option is specified. - -If given the -.B \-file -option, the following argument is used as the ticket file. -Otherwise, if the -.B KRBTKFILE -environment variable is set, it is used. -If this environment variable -is not set, the file -.B /tmp/tkt[uid] -is used, where -.B uid -is the current user-id of the user. - -If given the -.B \-srvtab -option, the file is treated as a service key file, and the names of the -keys contained therein are printed. If no file is -specified with a -.B \-file -option, the default is -.IR /etc/srvtab . -.SH FILES -.TP 2i -/etc/krb.conf -to get the name of the local realm -.TP -/tmp/tkt[uid] -as the default ticket file ([uid] is the decimal UID of the user). -.TP -/etc/srvtab -as the default service key file -.SH SEE ALSO -.PP -kerberos(1), kinit(1), kdestroy(1) -.SH BUGS -When reading a file as a service key file, very little sanity or error -checking is performed. diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8 deleted file mode 100644 index 9f9acc228e258..0000000000000 --- a/crypto/kerberosIV/man/kprop.8 +++ /dev/null @@ -1,58 +0,0 @@ -.\" $Id: kprop.8,v 1.1.1.1 1997/09/04 06:04:32 markm Exp $ -.\" -.Dd June 7, 1996 -.Dt KPROP 8 -.Os KTH-KRB -.Sh NAME -.Nm kprop -.Nd -the kerberos slave server update client -.Sh SYNOPSIS -.Nm -.Op Fl force -.Op Fl realm Ar realm -.Op Ar dump-file -.Op Ar slave-file -.Sh DESCRIPTION -Changes to the database, such as changed passwords, are only made to -the master server through the -.Nm kadmind -service. To propagate these changes to the slave servers, -.Nm -should be run regularly on the master server. - -The following options are recognised. - -.Bl -tag -width -force -.It Fl force -Propagate even if there hasn't been an update to the dump file since -last time. -.It Fl realm -Realm if other than the default. -.It dump-file -is a file created with -.Ic kdb_util slave_dump , -default is -.Pa /var/kerberos/slave_dump . -.It slave-file -Contains the names of the slave servers. Default is -.Pa /var/kerberos/slaves . -.El - -.Nm -will use the principal -.Nm rcmd.kerberos -to authenticate to the master servers. This principal has to be added -to the database, and it should also be put into the service key file -on the master server. - -.Sh FILES -.Bl -tag -width indent -compact -.It Pa /var/kerberos/slave_dump -.It Pa /var/kerberos/slaves -.It Pa /etc/srvtab -.El -.Sh SEE ALSO -.Xr kadmind 8 , -.Xr kerberos 8 , -.Xr kpropd 8 diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8 deleted file mode 100644 index 6b3046354bc1b..0000000000000 --- a/crypto/kerberosIV/man/kpropd.8 +++ /dev/null @@ -1,63 +0,0 @@ -.\" $Id: kpropd.8,v 1.1.1.1 1997/09/04 06:04:32 markm Exp $ -.\" -.Dd June 7, 1996 -.Dt KPROPD 8 -.Os KTH-KRB -.Sh NAME -.Nm kpropd -.Nd -the kerberos slave server update facility -.Sh SYNOPSIS -.Nm -.Op Fl i -.Op Fl d Ar database -.Op Fl l Ar logfile -.Op Fl m -.Op Fl p Ar kdb_util -.Op Fl r Ar realm -.Op Fl s Ar srvtab -.Sh DESCRIPTION -The -.Nm -responds to database update requests from the -.Nm kprop -command. It can either be started from -.Nm inetd -or as an ordinary program. - -The following options are recognised: - -.Bl -tag -width xxxx -.It Fl i -Run stand-alone. If this flag is not given, it is assumed to have -been started by -.Nm inetd . -.It Fl d -What database file to use, default is -.Pa /var/kerberos/principal . -.It Fl l -Logfile to use, default is -.Pa /var/log/kpropd.log . -.It Fl m -Treat data as changes to the database rather than a complete database. -.It Fl p -The path to -.Nm kdb_util , -default is -.Pa /usr/athena/sbin/kdb_util . -.It Fl r -Realm if other than the default realm. -.It Fl s -Srvtab if other than -.Pa /etc/srvtab . -.El -.Sh FILES -.Bl -tag -width indent -compact -.It Pa /var/kerberos/principal.{db,dir,pag} -.It Pa /var/log/kpropd.log -.It Pa /etc/srvtab -.El -.Sh SEE ALSO -.Xr kadmind 8 , -.Xr kerberos 8 , -.Xr kprop 8 diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5 deleted file mode 100644 index b122b9c391d3e..0000000000000 --- a/crypto/kerberosIV/man/krb.conf.5 +++ /dev/null @@ -1,31 +0,0 @@ -.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -/etc/krb.conf \- Kerberos configuration file -.SH DESCRIPTION -.I krb.conf -contains configuration information describing the Kerberos realm and the -Kerberos key distribution center (KDC) servers for known realms. -.PP -.I krb.conf -contains the name of the local realm in the first -line, followed by lines indicating realm/host -entries. The first token is a realm name, and the second is the hostname -of a host running a KDC for that realm. -The words "admin server" following the hostname indicate that -the host also provides an administrative database server. -For example: -.nf -.in +1i -ATHENA.MIT.EDU -ATHENA.MIT.EDU kerberos-1.mit.edu admin server -ATHENA.MIT.EDU kerberos-2.mit.edu -LCS.MIT.EDU kerberos.lcs.mit.edu admin server -.in -1i -.SH SEE ALSO -krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3) diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5 deleted file mode 100644 index e38f94bf61797..0000000000000 --- a/crypto/kerberosIV/man/krb.equiv.5 +++ /dev/null @@ -1,28 +0,0 @@ -.\" $Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $ -.\" -.Dd June 18, 1996 -.Dt KRB.EQUIV 5 -.Os KTH-KRB -.Sh NAME -.Nm krb.equiv -.Nd -Kerberos equivalent hosts file -.Sh DESCRIPTION -.Nm -contains a list of IP addresses that is to be considered being the -same host for Kerberos purposes. Plain addresses match a single -host. Addresses followed by a slash (/) and a number is taken as a -sub-network that should be considered equal. -.Pp -Hash (#) starts a comment. Backslash (\\) is a continuation character. -.Sh EXAMPLES -.Bd -literal -# A machine with two interfaces. -130.237.232.113 130.237.221.42 # emma emma-ether -# A machine with *many* interfaces -193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps -.Ed -.Sh SEE ALSO -.Xr krb_equiv 3 , -.Xr krb.conf 5 , -.Xr krb.realms 5 diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5 deleted file mode 100644 index 427c4550261eb..0000000000000 --- a/crypto/kerberosIV/man/krb.realms.5 +++ /dev/null @@ -1,38 +0,0 @@ -.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -/etc/krb.realms \- host to Kerberos realm translation file -.SH DESCRIPTION -.I krb.realms -provides a translation from a hostname to the Kerberos realm name for -the services provided by that host. -.PP -Each line of the translation file is in one of the following forms -(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU): -.nf -.in +5n -host_name kerberos_realm -domain_name kerberos_realm -.in -5n -.fi -If a hostname exactly matches the -.I host_name -field in a line of the first -form, the corresponding realm is the realm of the host. -If a hostname does not match any -.I host_name -in the file, but its -domain exactly matches the -.I domain_name -field in a line of the second -form, the corresponding realm is the realm of the host. -.PP -If no translation entry applies, the host's realm is considered to be -the hostname's domain portion converted to upper case. -.SH SEE ALSO -krb_realmofhost(3) diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3 deleted file mode 100644 index ddbda74950744..0000000000000 --- a/crypto/kerberosIV/man/krb_realmofhost.3 +++ /dev/null @@ -1,160 +0,0 @@ -.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, -krb_get_lrealm \- additional Kerberos utility routines -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -#include <des.h> -#include <netinet/in.h> -.PP -.ft B -char *krb_realmofhost(host) -char *host; -.PP -.ft B -char *krb_get_phost(alias) -char *alias; -.PP -.ft B -krb_get_krbhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_admhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_lrealm(realm,n) -char *realm; -int n; -.fi -.ft R -.SH DESCRIPTION -.I krb_realmofhost -returns the Kerberos realm of the host -.IR host , -as determined by the translation table -.IR /etc/krb.realms . -.I host -should be the fully-qualified domain-style primary host name of the host -in question. In order to prevent certain security attacks, this routine -must either have -.I a priori -knowledge of a host's realm, or obtain such information securely. -.PP -The format of the translation file is described by -.IR krb.realms (5). -If -.I host -exactly matches a host_name line, the corresponding realm -is returned. -Otherwise, if the domain portion of -.I host -matches a domain_name line, the corresponding realm -is returned. -If -.I host -contains a domain, but no translation is found, -.IR host 's -domain is converted to upper-case and returned. -If -.I host -contains no discernable domain, or an error occurs, -the local realm name, as supplied by -.IR krb_get_lrealm (3), -is returned. -.PP -.I krb_get_phost -converts the hostname -.I alias -(which can be either an official name or an alias) into the instance -name to be used in obtaining Kerberos tickets for most services, -including the Berkeley rcmd suite (rlogin, rcp, rsh). -.br -The current convention is to return the first segment of the official -domain-style name after conversion to lower case. -.PP -.I krb_get_krbhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos key distribution center (KDC) -for realm -.IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). -The configuration file is described by -.IR krb.conf (5). -If the host is successfully filled in, the routine -returns KSUCCESS. -If the file cannot be opened, and -.I n -equals 1, then the value of KRB_HOST as defined in -.I <krb.h> -is filled in, and KSUCCESS is returned. If there are fewer than -.I n -hosts running a Kerberos KDC for the requested realm, or the -configuration file is malformed, the routine -returns KFAILURE. -.PP -.I krb_get_admhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos KDC database administration server -for realm -.IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). -If the file cannot be opened or is malformed, or there are fewer than -.I n -hosts running a Kerberos KDC database administration server, -the routine returns KFAILURE. -.PP -The character arrays used as return values for -.IR krb_get_krbhst , -.IR krb_get_admhst , -should be large enough to -hold any hostname (MAXHOSTNAMELEN from <sys/param.h>). -.PP -.I krb_get_lrealm -fills in -.I realm -with the -.IR n th -realm of the local host, as specified in the configuration file. -.I realm -should be at least REALM_SZ (from -.IR <krb.h>) characters long. -.PP -.SH SEE ALSO -kerberos(3), krb.conf(5), krb.realms(5) -.SH FILES -.TP 20n -/etc/krb.realms -translation file for host-to-realm mapping. -.TP -/etc/krb.conf -local realm-name and realm/server configuration file. -.SH BUGS -The current convention for instance names is too limited; the full -domain name should be used. -.PP -.I krb_get_lrealm -currently only supports -.I n -= 1. It should really consult the user's ticket cache to determine the -user's current realm, rather than consulting a file on the host. diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3 deleted file mode 100644 index 208b6bc90a7e3..0000000000000 --- a/crypto/kerberosIV/man/krb_sendauth.3 +++ /dev/null @@ -1,347 +0,0 @@ -.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $ -.\" Copyright 1988 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- -Kerberos routines for sending authentication via network stream sockets -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -#include <des.h> -#include <netinet/in.h> -.PP -.fi -.HP 1i -.ft B -int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, -msg_data, cred, schedule, laddr, faddr, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst, *realm; -u_long checksum; -MSG_DAT *msg_data; -CREDENTIALS *cred; -Key_schedule schedule; -struct sockaddr_in *laddr, *faddr; -char *version; -.PP -.fi -.HP 1i -.ft B -int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, -auth_data, filename, schedule, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst; -struct sockaddr_in *faddr, *laddr; -AUTH_DAT *auth_data; -char *filename; -Key_schedule schedule; -char *version; -.PP -.ft B -int krb_net_write(fd, buf, len) -int fd; -char *buf; -int len; -.PP -.ft B -int krb_net_read(fd, buf, len) -int fd; -char *buf; -int len; -.fi -.SH DESCRIPTION -.PP -These functions, -which are built on top of the core Kerberos library, -provide a convenient means for client and server -programs to send authentication messages -to one another through network connections. -The -.I krb_sendauth -function sends an authenticated ticket from the client program to -the server program by writing the ticket to a network socket. -The -.I krb_recvauth -function receives the ticket from the client by -reading from a network socket. - -.SH KRB_SENDAUTH -.PP -This function writes the ticket to -the network socket specified by the -file descriptor -.IR fd, -returning KSUCCESS if the write proceeds successfully, -and an error code if it does not. - -The -.I ktext -argument should point to an allocated KTEXT_ST structure. -The -.IR service, -.IR inst, -and -.IR realm -arguments specify the server program's Kerberos principal name, -instance, and realm. -If you are writing a client that uses the local realm exclusively, -you can set the -.I realm -argument to NULL. - -The -.I version -argument allows the client program to pass an application-specific -version string that the server program can then match against -its own version string. -The -.I version -string can be up to KSEND_VNO_LEN (see -.IR <krb.h> ) -characters in length. - -The -.I checksum -argument can be used to pass checksum information to the -server program. -The client program is responsible for specifying this information. -This checksum information is difficult to corrupt because -.I krb_sendauth -passes it over the network in encrypted form. -The -.I checksum -argument is passed as the checksum argument to -.IR krb_mk_req . - -You can set -.IR krb_sendauth's -other arguments to NULL unless you want the -client and server programs to mutually authenticate -themselves. -In the case of mutual authentication, -the client authenticates itself to the server program, -and demands that the server in turn authenticate itself to -the client. - -.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION -.PP -If you want mutual authentication, -make sure that you read all pending data from the local socket -before calling -.IR krb_sendauth. -Set -.IR krb_sendauth's -.I options -argument to -.BR KOPT_DO_MUTUAL -(this macro is defined in the -.IR krb.h -file); -make sure that the -.I laddr -argument points to -the address of the local socket, -and that -.I faddr -points to the foreign socket's network address. - -.I Krb_sendauth -fills in the other arguments-- -.IR msg_data , -.IR cred , -and -.IR schedule --before -sending the ticket to the server program. -You must, however, allocate space for these arguments -before calling the function. - -.I Krb_sendauth -supports two other options: -.BR KOPT_DONT_MK_REQ, -and -.BR KOPT_DONT_CANON. -If called with -.I options -set as KOPT_DONT_MK_REQ, -.I krb_sendauth -will not use the -.I krb_mk_req -function to retrieve the ticket from the Kerberos server. -The -.I ktext -argument must point to an existing ticket and authenticator (such as -would be created by -.IR krb_mk_req ), -and the -.IR service, -.IR inst, -and -.IR realm -arguments can be set to NULL. - -If called with -.I options -set as KOPT_DONT_CANON, -.I krb_sendauth -will not convert the service's instance to canonical form using -.IR krb_get_phost (3). - -If you want to call -.I krb_sendauth -with a multiple -.I options -specification, -construct -.I options -as a bitwise-OR of the options you want to specify. - -.SH KRB_RECVAUTH -.PP -The -.I krb_recvauth -function -reads a ticket/authenticator pair from the socket pointed to by the -.I fd -argument. -Set the -.I options -argument -as a bitwise-OR of the options desired. -Currently only KOPT_DO_MUTUAL is useful to the receiver. - -The -.I ktext -argument -should point to an allocated KTEXT_ST structure. -.I Krb_recvauth -fills -.I ktext -with the -ticket/authenticator pair read from -.IR fd , -then passes it to -.IR krb_rd_req . - -The -.I service -and -.I inst -arguments -specify the expected service and instance for which the ticket was -generated. They are also passed to -.IR krb_rd_req. -The -.I inst -argument may be set to "*" if the caller wishes -.I krb_mk_req -to fill in the instance used (note that there must be space in the -.I inst -argument to hold a full instance name, see -.IR krb_mk_req (3)). - -The -.I faddr -argument -should point to the address of the peer which is presenting the ticket. -It is also passed to -.IR krb_rd_req . - -If the client and server plan to mutually authenticate -one another, -the -.I laddr -argument -should point to the local address of the file descriptor. -Otherwise you can set this argument to NULL. - -The -.I auth_data -argument -should point to an allocated AUTH_DAT area. -It is passed to and filled in by -.IR krb_rd_req . -The checksum passed to the corresponding -.I krb_sendauth -is available as part of the filled-in AUTH_DAT area. - -The -.I filename -argument -specifies the filename -which the service program should use to obtain its service key. -.I Krb_recvauth -passes -.I filename -to the -.I krb_rd_req -function. -If you set this argument to "", -.I krb_rd_req -looks for the service key in the file -.IR /etc/srvtab. - -If the client and server are performing mutual authenication, -the -.I schedule -argument -should point to an allocated Key_schedule. -Otherwise it is ignored and may be NULL. - -The -.I version -argument should point to a character array of at least KSEND_VNO_LEN -characters. It is filled in with the version string passed by the client to -.IR krb_sendauth. -.PP -.SH KRB_NET_WRITE AND KRB_NET_READ -.PP -The -.I krb_net_write -function -emulates the write(2) system call, but guarantees that all data -specified is written to -.I fd -before returning, unless an error condition occurs. -.PP -The -.I krb_net_read -function -emulates the read(2) system call, but guarantees that the requested -amount of data is read from -.I fd -before returning, unless an error condition occurs. -.PP -.SH BUGS -.IR krb_sendauth, -.IR krb_recvauth, -.IR krb_net_write, -and -.IR krb_net_read -will not work properly on sockets set to non-blocking I/O mode. - -.SH SEE ALSO - -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) - -.SH AUTHOR -John T. Kohl, MIT Project Athena -.SH RESTRICTIONS -Copyright 1988, Massachusetts Instititute of Technology. -For copying and distribution information, -please see the file <mit-copyright.h>. diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3 deleted file mode 100644 index 9d941435a8b82..0000000000000 --- a/crypto/kerberosIV/man/krb_set_tkt_string.3 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_set_tkt_string \- set Kerberos ticket cache file name -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -void krb_set_tkt_string(filename) -char *filename; -.fi -.ft R -.SH DESCRIPTION -.I krb_set_tkt_string -sets the name of the file that holds the user's -cache of Kerberos server tickets and associated session keys. -.PP -The string -.I filename -passed in is copied into local storage. -Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are -copied in for use as the cache file name. -.PP -This routine should be called during initialization, before other -Kerberos routines are called; otherwise the routines which fetch the -ticket cache file name may be called and return an undesired ticket file -name until this routine is called. -.SH FILES -.TP 20n -/tmp/tkt[uid] -default ticket file name, unless the environment variable KRBTKFILE is set. -[uid] denotes the user's uid, in decimal. -.SH SEE ALSO -kerberos(3), setenv(3) diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1 deleted file mode 100644 index ff8563cfbb9f4..0000000000000 --- a/crypto/kerberosIV/man/ksrvtgt.1 +++ /dev/null @@ -1,50 +0,0 @@ -.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a -service key -.SH SYNOPSIS -.B ksrvtgt -name instance [[realm] srvtab] -.SH DESCRIPTION -.I ksrvtgt -retrieves a ticket-granting ticket with a lifetime of five (5) minutes -for the principal -.I name.instance@realm -(or -.I name.instance@localrealm -if -.I realm -is not supplied on the command line), decrypts the response using -the service key found in -.I srvtab -(or in -.B /etc/srvtab -if -.I srvtab -is not specified on the command line), and stores the ticket in the -standard ticket cache. -.PP -This command is intended primarily for use in shell scripts and other -batch-type facilities. -.SH DIAGNOSTICS -"Generic kerberos failure (kfailure)" can indicate a whole range of -problems, the most common of which is the inability to read the service -key file. -.SH FILES -.TP 2i -/etc/krb.conf -to get the name of the local realm. -.TP -/tmp/tkt[uid] -The default ticket file. -.TP -/etc/srvtab -The default service key file. -.SH SEE ALSO -kerberos(1), kinit(1), kdestroy(1) diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8 deleted file mode 100644 index aee24d7979865..0000000000000 --- a/crypto/kerberosIV/man/ksrvutil.8 +++ /dev/null @@ -1,104 +0,0 @@ -.\" $Id: ksrvutil.8,v 1.1.1.1 1997/09/04 06:04:32 markm Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.Dd May 4, 1996 -.Dt KSRVUTIL 8 -.Os KTH-KRB - -.Sh NAME -.Nm ksrvutil -host kerberos keyfile (srvtab) manipulation utility -.Sh SYNOPSIS -.Nm -.Op Fl f Pa keyfile -.Op Fl i -.Op Fl k -.Op Fl p Ar principal -.Op Fl r Ar realm -.Ar operation - -.Sh DESCRIPTION -.Nm -allows a system manager to list or change keys currently in his -keyfile or to add new keys to the keyfile. -.Pp -Operation must be one of the following: -.Bl -tag -width indent -.It list -lists the keys in a keyfile showing version number and principal name. -If the -.Fl k -option is given, keys will also be shown. -.It change -changes all the keys in the keyfile by using the regular admin -protocol. If the -.Fl i -flag is given, -.Nm ksrvutil -will prompt for yes or no before changing each key. If the -.Fl k -option is used, the old and new keys will be displayed. -.It add -allows the user to add a key. -add -prompts for name, instance, realm, and key version number, asks -for confirmation, and then asks for a password. -.Nm -then converts the password to a key and appends the keyfile with the -new information. If the -.Fl k -option is used, the key is displayed. -.It get -gets a service from the Kerberos server, possibly creating the -principal. Names, instances and realms for the service keys to get are -prompted for. The default principal used in the kadmin transcation is -your root instance. This can be changed with the -.Fl p -option. -.El -.Pp -In all cases, the default file used is KEY_FILE as defined in krb.h -unless this is overridden by the -.Fl f -option. -.Pp -A good use for -.Nm -would be for adding keys to a keyfile. A system manager could -ask a kerberos administrator to create a new service key with -.Xr kadmin 8 -and could supply an initial password. Then, he could use -.Nm -to add the key to the keyfile and then to change the key so that it -will be random and unknown to either the system manager or the -kerberos administrator. - -.Nm -always makes a backup copy of the keyfile before making any changes. - -.Sh DIAGNOSTICS -If -.Nm -should exit on an error condition at any time during a change or add, -a copy of the original keyfile can be found in -.Pa filename Ns .old -where -.Pa filename -is the name of the keyfile, and a copy of the file with all new -keys changed or added so far can be found in -.Pa filename Ns .work. -The original keyfile is left unmodified until the program exits at -which point it is removed and replaced it with the workfile. -Appending the workfile to the backup copy and replacing the keyfile -with the result should always give a usable keyfile, although the -resulting keyfile will have some out of date keys in it. - -.Sh SEE ALSO -.Xr ksrvtgt 1 , -.Xr kadmin 8 - -.Sh AUTHOR -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8 deleted file mode 100644 index 0197a3d2d11a6..0000000000000 --- a/crypto/kerberosIV/man/kstash.8 +++ /dev/null @@ -1,40 +0,0 @@ -.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kstash \- stash Kerberos key distribution center database master key -.SH SYNOPSIS -kstash -.SH DESCRIPTION -.I kstash -saves the Kerberos key distribution center (KDC) database master key in -the master key cache file. -.PP -The user is prompted to enter the key, to verify the authenticity of the -key and the authorization to store the key in the file. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.TP -"kstash: Unable to open master key file" -The attempt to open the cache file for writing failed (probably due to a -system or access permission error). -.TP -"kstash: Write I/O error on master key file" -The -.BR write (2) -system call returned an error while -.I kstash -was attempting to write the key to the file. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3 deleted file mode 100644 index 098730898be70..0000000000000 --- a/crypto/kerberosIV/man/kuserok.3 +++ /dev/null @@ -1,66 +0,0 @@ -.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kuserok \- Kerberos version of ruserok -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -kuserok(kdata, localuser) -AUTH_DAT *auth_data; -char *localuser; -.fi -.ft R -.SH DESCRIPTION -.I kuserok -determines whether a Kerberos principal described by the structure -.I auth_data -is authorized to login as user -.I localuser -according to the authorization file -("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, -1 (one) if not authorized. -.PP -If there is no account for -.I localuser -on the local machine, authorization is not granted. -If there is no authorization file, and the Kerberos principal described -by -.I auth_data -translates to -.I localuser -(using -.IR krb_kntoln (3)), -authorization is granted. -If the authorization file -can't be accessed, or the file is not owned by -.IR localuser, -authorization is denied. Otherwise, the file is searched for -a matching principal name, instance, and realm. If a match is found, -authorization is granted, else authorization is denied. -.PP -The file entries are in the format: -.nf -.in +5n - name.instance@realm -.in -5n -.fi -with one entry per line. - -For convenience ~localuser@LOCALREALM is -always considered to be an entry in the file even when there is no -file or the file is unreadable. -.SH SEE ALSO -kerberos(3), ruserok(3), krb_kntoln(3) -.SH FILES -.TP 20n -~\fIlocaluser\fR/.klogin -authorization list diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3 deleted file mode 100644 index 3f98321d491c3..0000000000000 --- a/crypto/kerberosIV/man/tf_util.3 +++ /dev/null @@ -1,150 +0,0 @@ -.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ -\- Routines for manipulating a Kerberos ticket file -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -tf_init(tf_name, rw) -char *tf_name; -int rw; -.PP -.ft B -tf_get_pname(pname) -char *pname; -.PP -.ft B -tf_get_pinst(pinst) -char *pinst; -.PP -.ft B -tf_get_cred(c) -CREDENTIALS *c; -.PP -.ft B -tf_close() -.PP -.fi -.SH DESCRIPTION -This group of routines are provided to manipulate the Kerberos tickets -file. A ticket file has the following format: -.nf -.in +4 -.sp -principal's name (null-terminated string) -principal's instance (null-terminated string) -CREDENTIAL_1 -CREDENTIAL_2 - ... -CREDENTIAL_n -EOF -.sp -.in -4 -.LP -Where "CREDENTIAL_x" consists of the following fixed-length -fields from the CREDENTIALS structure (defined in <krb.h>): -.nf -.sp -.in +4 - char service[ANAME_SZ] - char instance[INST_SZ] - char realm[REALM_SZ] - des_cblock session - int lifetime - int kvno - KTEXT_ST ticket_st - long issue_date -.in -4 -.sp -.fi -.PP -.I tf_init -must be called before the other ticket file -routines. -It takes the name of the ticket file to use, -and a read/write flag as arguments. -It tries to open the ticket file, checks the mode and if -everything is okay, locks the file. If it's opened for -reading, the lock is shared. If it's opened for writing, -the lock is exclusive. -KSUCCESS is returned if all went well, otherwise one of the -following: -.nf -.sp -NO_TKT_FIL - file wasn't there -TKT_FIL_ACC - file was in wrong mode, etc. -TKT_FIL_LCK - couldn't lock the file, even after a retry -.sp -.fi -.PP -The -.I tf_get_pname -reads the principal's name from a ticket file. -It should only be called after tf_init has been called. The -principal's name is filled into the -.I pname -parameter. If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If the principal's name was null, or EOF was encountered, or the -name was longer than ANAME_SZ, TKT_FIL_FMT is returned. -.PP -The -.I tf_get_pinst -reads the principal's instance from a ticket file. -It should only be called after tf_init and tf_get_pname -have been called. -The principal's instance is filled into the -.I pinst -parameter. -If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If EOF was encountered, or the -name was longer than INST_SZ, TKT_FIL_FMT is returned. -Note that, unlike the principal name, the instance name may be null. -.PP -The -.I tf_get_cred -routine reads a CREDENTIALS record from a ticket file and -fills in the given structure. -It should only be called after -tf_init, tf_get_pname, and tf_get_pinst have been called. -If all goes well, KSUCCESS is returned. Possible error codes -are: -.nf -.sp -TKT_FIL_INI - tf_init wasn't called first -TKT_FIL_FMT - bad format -EOF - end of file encountered -.sp -.fi -.PP -.I tf_close -closes the ticket file and releases the lock on it. -.SH "SEE ALSO" -krb(3) -.SH DIAGNOSTICS -.SH BUGS -The ticket file routines have to be called in a certain order. -.SH AUTHORS -Jennifer Steiner, MIT Project Athena -.br -Bill Bryant, MIT Project Athena -.SH RESTRICTIONS -Copyright 1987 Massachusetts Institute of Technology |