diff options
Diffstat (limited to 'crypto/heimdal/kadmin/kadmind.8')
| -rw-r--r-- | crypto/heimdal/kadmin/kadmind.8 | 186 |
1 files changed, 0 insertions, 186 deletions
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 deleted file mode 100644 index 5663225913c7..000000000000 --- a/crypto/heimdal/kadmin/kadmind.8 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: kadmind.8,v 1.14 2003/04/06 17:47:57 lha Exp $ -.\" -.Dd March 5, 2002 -.Dt KADMIND 8 -.Os HEIMDAL -.Sh NAME -.Nm kadmind -.Nd "server for administrative access to Kerberos database" -.Sh SYNOPSIS -.Nm -.Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file -.Xc -.Oc -.Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file -.Xc -.Oc -.Op Fl -keytab= Ns Ar keytab -.Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm -.Xc -.Oc -.Op Fl d | Fl -debug -.Oo Fl p Ar port \*(Ba Xo -.Fl -ports= Ns Ar port -.Xc -.Oc -.Op Fl -no-kerberos4 -.Sh DESCRIPTION -.Nm -listens for requests for changes to the Kerberos database and performs -these, subject to permissions. When starting, if stdin is a socket it -assumes that it has been started by -.Xr inetd 8 , -otherwise it behaves as a daemon, forking processes for each new -connection. The -.Fl -debug -option causes -.Nm -to accept exactly one connection, which is useful for debugging. -.Pp -If built with krb4 support, it implements both the Heimdal Kerberos 5 -administrative protocol and the Kerberos 4 protocol. Password changes -via the Kerberos 4 protocol are also performed by -.Nm kadmind , -but the -.Xr kpasswdd 8 -daemon is responsible for the Kerberos 5 password changing protocol -(used by -.Xr kpasswd 1 ) -. -.Pp -This daemon should only be run on the master server, and not on any -slaves. -.Pp -Principals are always allowed to change their own password and list -their own principal. Apart from that, doing any operation requires -permission explicitly added in the ACL file -.Pa /var/heimdal/kadmind.acl . -The format of this file is: -.Bd -ragged -.Va principal -.Va rights -.Op Va principal-pattern -.Ed -.Pp -Where rights is any (comma separated) combination of: -.Bl -bullet -compact -.It -change-password or cpw -.It -list -.It -delete -.It -modify -.It -add -.It -get -.It -all -.El -.Pp -And the optional -.Ar principal-pattern -restricts the rights to operations on principals that match the -glob-style pattern. -.Pp -Supported options: -.Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc -location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc -location of master key file -.It Xo -.Fl -keytab= Ns Ar keytab -.Xc -what keytab to use -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc -realm to use -.It Xo -.Fl d , -.Fl -debug -.Xc -enable debugging -.It Xo -.Fl p Ar port , -.Fl -ports= Ns Ar port -.Xc -ports to listen to. By default, if run as a daemon, it listens to ports -749, and 751 (if Kerberos 4 support is built and enabled), but you can -add any number of ports with this option. The port string is a -whitespace separated list of port specifications, with the special -string -.Dq + -representing the default set of ports. -.It Fl -no-kerberos4 -make -.Nm -ignore Kerberos 4 kadmin requests. -.El -.\".Sh ENVIRONMENT -.Sh FILES -.Pa /var/heimdal/kadmind.acl -.Sh EXAMPLES -This will cause -.Nm -to listen to port 4711 in addition to any -compiled in defaults: -.Pp -.D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &" -.Pp -This acl file will grant Joe all rights, and allow Mallory to view and -add host principals. -.Bd -literal -offset indent -joe/admin@EXAMPLE.COM all -mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM -.Ed -.\".Sh DIAGNOSTICS -.Sh SEE ALSO -.Xr kpasswd 1 , -.Xr kadmin 8 , -.Xr kdc 8 , -.Xr kpasswdd 8 |