diff options
Diffstat (limited to 'crypto/heimdal/kdc/hprop.8')
-rw-r--r-- | crypto/heimdal/kdc/hprop.8 | 162 |
1 files changed, 51 insertions, 111 deletions
diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8 index 99fc9784bd91..973235f2ae4c 100644 --- a/crypto/heimdal/kdc/hprop.8 +++ b/crypto/heimdal/kdc/hprop.8 @@ -1,35 +1,35 @@ -.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. +.\" Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. .\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: hprop.8 20456 2007-04-19 20:29:42Z lha $ +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ .\" .Dd December 8, 2004 .Dt HPROP 8 @@ -41,37 +41,36 @@ .Nm .Bk -words .Oo Fl m Ar file \*(Ba Xo -.Fl -master-key= Ns Pa file +.Fl Fl master-key= Ns Pa file .Xc .Oc .Oo Fl d Ar file \*(Ba Xo -.Fl -database= Ns Pa file +.Fl Fl database= Ns Pa file .Xc .Oc -.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver +.Op Fl Fl source= Ns Ar heimdal|mit-dump .Oo Fl r Ar string \*(Ba Xo -.Fl -v4-realm= Ns Ar string +.Fl Fl v4-realm= Ns Ar string .Xc .Oc .Oo Fl c Ar cell \*(Ba Xo -.Fl -cell= Ns Ar cell +.Fl Fl cell= Ns Ar cell .Xc .Oc -.Op Fl S | Fl -kaspecials .Oo Fl k Ar keytab \*(Ba Xo -.Fl -keytab= Ns Ar keytab +.Fl Fl keytab= Ns Ar keytab .Xc .Oc .Oo Fl R Ar string \*(Ba Xo -.Fl -v5-realm= Ns Ar string +.Fl Fl v5-realm= Ns Ar string .Xc .Oc -.Op Fl D | Fl -decrypt -.Op Fl E | Fl -encrypt -.Op Fl n | Fl -stdout -.Op Fl v | Fl -verbose -.Op Fl -version -.Op Fl h | Fl -help +.Op Fl D | Fl Fl decrypt +.Op Fl E | Fl Fl encrypt +.Op Fl n | Fl Fl stdout +.Op Fl v | Fl Fl verbose +.Op Fl Fl version +.Op Fl h | Fl Fl help .Op Ar host Ns Op : Ns Ar port .Ar ... .Ek @@ -90,101 +89,42 @@ specified on the command by opening a TCP connection to port 754 .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl m Ar file , -.Fl -master-key= Ns Pa file -.Xc +.It Fl m Ar file , Fl Fl master-key= Ns Pa file Where to find the master key to encrypt or decrypt keys with. -.It Xo -.Fl d Ar file , -.Fl -database= Ns Pa file -.Xc +.It Fl d Ar file , Fl Fl database= Ns Pa file The database to be propagated. -.It Xo -.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver -.Xc +.It Fl Fl source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include: .Pp -.Bl -tag -width krb4-dump -compact -offset indent +.Bl -tag -width mit-dump -compact -offset indent .It heimdal a Heimdal database .It mit-dump a MIT Kerberos 5 dump file -.It krb4-dump -a Kerberos 4 dump file -.It kaserver -an AFS kaserver database .El -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc ++.It Fl k Ar keytab , Fl Fl keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key -.Pa kadmin/hprop +.Pa hprop/hostname is used from this keytab. The default is to fetch the key from the KDC database. -.It Xo -.Fl R Ar string , -.Fl -v5-realm= Ns Ar string -.Xc +.It Fl R Ar string , Fl Fl v5-realm= Ns Ar string Local realm override. -.It Xo -.Fl D , -.Fl -decrypt -.Xc +.It Fl D , Fl Fl decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys. -.It Xo -.Fl E , -.Fl -encrypt -.Xc +.It Fl E , Fl Fl encrypt This option transmits the database with encrypted keys. -.It Xo -.Fl n , -.Fl -stdout -.Xc +.It Fl n , Fl Fl stdout Dump the database on stdout, in a format that can be fed to hpropd. .El -.Pp -The following options are only valid if -.Nm hprop -is compiled with support for Kerberos 4 (kaserver). -.Bl -tag -width Ds -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc -v4 realm to use. -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc -The AFS cell name, used if reading a kaserver database. -.It Xo -.Fl S , -.Fl -kaspecials -.Xc -Also dump the principals marked as special in the kaserver database. -.It Xo -.Fl K , -.Fl -ka-db -.Xc -Deprecated, identical to -.Sq --source=kaserver . -.El .Sh EXAMPLES The following will propagate a database to another machine (which should run -.Xr hpropd 8 ): +.Xr hpropd 8 ) : .Bd -literal -offset indent $ hprop slave-1 slave-2 .Ed -.Pp -Convert a Kerberos 4 dump-file for use with a Heimdal KDC: -.Bd -literal -offset indent -$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n -.Ed .Sh SEE ALSO .Xr hpropd 8 |