diff options
Diffstat (limited to 'crypto/kerberosIV/man')
50 files changed, 0 insertions, 8805 deletions
diff --git a/crypto/kerberosIV/man/Makefile b/crypto/kerberosIV/man/Makefile deleted file mode 100644 index 6e6442add459..000000000000 --- a/crypto/kerberosIV/man/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# *** THIS FILE IS NORMALLY OVERWRITTEN BY CONFIGURE *** -# -# -# $Id: Makefile,v 1.3 1997/09/09 15:06:35 bg Exp $ - -all: - $(MAKE) -f Makefile.in cat - -clean: - rm -f *.cat[1358] *~ diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in deleted file mode 100644 index c4941b1e83ca..000000000000 --- a/crypto/kerberosIV/man/Makefile.in +++ /dev/null @@ -1,153 +0,0 @@ -# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp - -srcdir = @srcdir@ -VPATH = @srcdir@ - -SHELL = /bin/sh - -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -MKINSTALLDIRS = @top_srcdir@/mkinstalldirs - -prefix = @prefix@ -mandir = @mandir@ -transform = @program_transform_name@ - -disable_cat_manpages = @disable_cat_manpages@ - -# You need a BSD44 system or groff to create the manpages -NROFF_MAN = groff -mandoc -Tascii -#NROFF_MAN = nroff -man -.SUFFIXES: .1 .cat1 .3 .cat3 .5 .cat5 .8 .cat8 -.1.cat1: ; $(NROFF_MAN) $< > $@ -.3.cat3: ; $(NROFF_MAN) $< > $@ -.5.cat5: ; $(NROFF_MAN) $< > $@ -.8.cat8: ; $(NROFF_MAN) $< > $@ - - -MANRX = \(.*\)\.\([0-9]\) -CATRX = \(.*\)\.cat\([0-9]\) -CATSUFFIX=@CATSUFFIX@ - -MAN1 = afslog.1 des.1 ftp.1 kauth.1 kdestroy.1 \ - kerberos.1 kinit.1 klist.1 kpasswd.1 ksrvtgt.1 \ - kx.1 login.1 movemail.1 otp.1 otpprint.1 pagsh.1 \ - rcp.1 rlogin.1 rsh.1 rxtelnet.1 rxterm.1 su.1 \ - telnet.1 tenletxr.1 - -CAT1 = afslog.cat1 des.cat1 ftp.cat1 kauth.cat1 kdestroy.cat1 \ - kerberos.cat1 kinit.cat1 klist.cat1 kpasswd.cat1 ksrvtgt.cat1 \ - kx.cat1 login.cat1 movemail.cat1 otp.cat1 otpprint.cat1 pagsh.cat1 \ - rcp.cat1 rlogin.cat1 rsh.cat1 rxtelnet.cat1 rxterm.cat1 su.cat1 \ - telnet.cat1 tenletxr.cat1 - -MAN3 = acl_check.3 des_crypt.3 kafs.3 \ - kerberos.3 krb_realmofhost.3 krb_sendauth.3 \ - krb_set_tkt_string.3 kuserok.3 tf_util.3 \ - ../lib/editline/editline.3 - -# getusershell.3 - -CAT3 = acl_check.cat3 des_crypt.cat3 kafs.cat3 \ - kerberos.cat3 krb_realmofhost.cat3 krb_sendauth.cat3 \ - krb_set_tkt_string.cat3 kuserok.cat3 tf_util.cat3 \ - ../lib/editline/editline.cat3 - -# getusershell.cat3 - -MAN5 = ftpusers.5 krb.conf.5 krb.equiv.5 krb.extra.5 \ - krb.realms.5 login.access.5 - -CAT5 = ftpusers.cat5 krb.conf.cat5 krb.equiv.cat5 \ - krb.realms.cat5 login.access.cat5 - -MAN8 = ext_srvtab.8 ftpd.8 kadmin.8 kadmind.8 kauthd.8 \ - kdb_destroy.8 kdb_edit.8 kdb_init.8 kdb_util.8 \ - kerberos.8 kprop.8 kpropd.8 ksrvutil.8 kstash.8 \ - kxd.8 popper.8 rlogind.8 rshd.8 telnetd.8 \ - ../appl/push/push.8 - -CAT8 = ext_srvtab.cat8 ftpd.cat8 kadmin.cat8 kadmind.cat8 kauthd.cat8 \ - kdb_destroy.cat8 kdb_edit.cat8 kdb_init.cat8 kdb_util.cat8 \ - kerberos.cat8 kprop.cat8 kpropd.cat8 ksrvutil.cat8 kstash.cat8 \ - kxd.cat8 popper.cat8 rlogind.cat8 rshd.cat8 telnetd.cat8 \ - ../appl/push/push.cat8 - -all: - -cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8) - -Wall: - -install: all - for x in man1 man3 man5 man8; do \ - $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done - if test "$(disable_cat_manpages)" != "yes"; then \ - for x in cat1 cat3 cat5 cat8; do \ - $(MKINSTALLDIRS) $(DESTDIR)$(mandir)/$$x; done \ - fi - @(cd $(srcdir); \ - for x in $(MAN1) $(MAN8); do \ - f=`basename $$x`; \ - b=`echo $$f | sed 's!$(MANRX)!\1!'`; \ - s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \ - m=`echo $$b | sed '$(transform)'`.$$s; \ - echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m";\ - $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$m; done ;\ - for x in $(MAN3) $(MAN5); do \ - f=`basename $$x`; \ - s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \ - echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f";\ - $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/man$$s/$$f; done ;\ - if test "$(disable_cat_manpages)" != "yes"; then \ - for x in $(CAT1) $(CAT8); do \ - if test -f $$x; then \ - f=`basename $$x`; \ - b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ - s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ - m=`echo $$b | sed '$(transform)'`; \ - echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX)";\ - $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX);\ - fi; done ;\ - for x in $(CAT3) $(CAT5); do \ - if test -f $$x; then \ - f=`basename $$x`; \ - s=`echo $$f | sed 's!$(CATRX)!\2!'`; \ - b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ - echo "$(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX)";\ - $(INSTALL_DATA) $$x $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX);\ - fi; done; fi ) - -uninstall: - for x in $(MAN1) $(MAN8); do \ - f=`basename $$x`; \ - b=`echo $$f | sed 's!$(MANRX)!\1!'`; \ - s=`echo $$x | sed 's!$(MANRX)!\2!'` ; \ - m=`echo $$b | sed '$(transform)'`.$$s; \ - rm -f $(DESTDIR)$(mandir)/man$$s/$$m; done - for x in $(MAN3) $(MAN5); do \ - f=`basename $$x`; \ - s=`echo $$f | sed 's!$(MANRX)!\2!'` ; \ - rm -f $(DESTDIR)$(mandir)/man$$s/$$f; done - for x in $(CAT1) $(CAT8); do \ - f=`basename $$x`; \ - b=`echo $$f | sed 's!$(CATRX)!\1!'`; \ - s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ - m=`echo $$b | sed '$(transform)'`; \ - rm -f $(DESTDIR)$(mandir)/cat$$s/$$m.$(CATSUFFIX); done - for x in $(CAT3) $(CAT5); do \ - f=`basename $$x`; \ - s=`echo $$f | sed 's!$(CATRX)!\2!'`; \ - b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ - rm -f $(DESTDIR)$(mandir)/cat$$s/$$b.$(CATSUFFIX); done - -clean: - -mostlyclean: clean - -distclean: - rm -f Makefile *~ - -realclean: distclean - -.PHONY: all cat Wall install uninstall clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3 deleted file mode 100644 index 53bb7c8bf961..000000000000 --- a/crypto/kerberosIV/man/acl_check.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, -acl_delete, acl_initialize \- Access control list routines -.SH SYNOPSIS -.nf -.nj -.ft B -cc <files> \-lacl \-lkrb -.PP -.ft B -#include <krb.h> -.PP -.ft B -acl_canonicalize_principal(principal, buf) -char *principal; -char *buf; -.PP -.ft B -acl_check(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_exact_match(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_add(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_delete(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_initialize(acl_file, mode) -char *acl_file; -int mode; -.fi -.ft R -.SH DESCRIPTION -.SS Introduction -.PP -An access control list (ACL) is a list of principals, where each -principal is represented by a text string which cannot contain -whitespace. The library allows application programs to refer to named -access control lists to test membership and to atomically add and -delete principals using a natural and intuitive interface. At -present, the names of access control lists are required to be Unix -filenames, and refer to human-readable Unix files; in the future, when -a networked ACL server is implemented, the names may refer to a -different namespace specific to the ACL service. -.PP -.SS Principal Names -.PP -Principal names have the form -.nf -.in +5n -<name>[.<instance>][@<realm>] -.in -5n -e.g.: -.in +5n -asp -asp.root -asp@ATHENA.MIT.EDU -asp.@ATHENA.MIT.EDU -asp.root@ATHENA.MIT.EDU -.in -5n -.fi -It is possible for principals to be underspecified. If an instance is -missing, it is assumed to be "". If realm is missing, it is assumed -to be the local realm as determined by -.IR krb_get_lrealm (3). -The canonical form contains all of name, instance, -and realm; the acl_add and acl_delete routines will always -leave the file in that form. Note that the canonical form of -asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. -.SS Routines -.PP -.I acl_canonicalize_principal -stores the canonical form of -.I principal -in -.IR buf . -.I Buf -must contain enough -space to store a principal, given the limits on the sizes of name, -instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, -respectively, in -.IR /usr/include/krb.h . -.PP -.I acl_check -returns nonzero if -.I principal -appears in -.IR acl . -Returns 0 if principal -does not appear in acl, or if an error occurs. Canonicalizes -principal before checking, and allows the ACL to contain wildcards. The -only supported wildcards are entries of the form -name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the -its component field. For example, "jtkohl.*@*" would match principal -jtkohl, with any instance and any realm. -.PP -.I acl_exact_match -performs like -.IR acl_check , -but does no canonicalization or wildcard matching. -.PP -.I acl_add -atomically adds -.I principal -to -.IR acl . -Returns 0 if successful, nonzero otherwise. It is considered a failure -if -.I principal -is already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_delete -atomically deletes -.I principal -from -.IR acl . -Returns 0 if successful, -nonzero otherwise. It is considered a failure if -.I principal -is not -already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_initialize -initializes -.IR acl_file . -If the file -.I acl_file -does not exist, -.I acl_initialize -creates it with mode -.IR mode . -If the file -.I acl_file -exists, -.I acl_initialize -removes all members. Returns 0 if successful, -nonzero otherwise. WARNING: Mode argument is likely to change with -the eventual introduction of an ACL service. -.SH NOTES -In the presence of concurrency, there is a very small chance that -.I acl_add -or -.I acl_delete -could report success even though it would have -had no effect. This is a necessary side effect of using lock files -for concurrency control rather than flock(2), which is not supported -by NFS. -.PP -The current implementation caches ACLs in memory in a hash-table -format for increased efficiency in checking membership; one effect of -the caching scheme is that one file descriptor will be kept open for -each ACL cached, up to a maximum of 8. -.SH SEE ALSO -kerberos(3), krb_get_lrealm(3) -.SH AUTHOR -James Aspnes (MIT Project Athena) diff --git a/crypto/kerberosIV/man/afslog.1 b/crypto/kerberosIV/man/afslog.1 deleted file mode 100644 index 625f83130a03..000000000000 --- a/crypto/kerberosIV/man/afslog.1 +++ /dev/null @@ -1,72 +0,0 @@ -.\" $Id: afslog.1,v 1.3 1998/06/30 15:28:48 assar Exp $ -.\" -.Dd April 27, 1996 -.Dt AFSLOG 1 -.Os KTH-KRB -.Sh NAME -.Nm afslog -.Nd -obtains AFS tokens for specified cells -.Sh SYNOPSIS -.Nm -.Op Fl d -.Op Fl c Ar cell -.Op Fl k Ar realm -.Op Fl p Pa path -.Op Fl unlog -.Op Fl createuser -.Op Ar args -.Sh DESCRIPTION -The -.Nm -command obtains AFS tokens, -.Ar args -are either a name of a cell or a pathnames of a file in the cell to -get tokens for. If an argument is -.Li . -or -.Li .. -or contains a slash it is assumed to be a pathname. Otherwise it is -assumed to be a name of a cell or a prefix thereof. -.Pp -The -.Fl c -and -.Fl p -flags can be used to resolve ambiguities. -.Pp -.Nm -might fail to guess the Kerberos realm to get tickets for (for -instance if the volume location servers of the cell does not reside in -the kerberos realm that holds the AFS service key, and the correct -realm isn't the same as the cell name or the local realm (I didn't say -this was a common problem)). Anyway, the -.Fl k -can be used to give a hint. It should not be used unless there is a -problem, since all tickets will be taken from the specified realm and -this is not (usually) what you want. -.Pp -.Fl createuser -means that -.Nm -should try to run -.Nm pts -to create a remote user principal in another cell. -.Fl d -can be used for debugging. -.Pp -If the -.Fl unlog -flag is given any tokens are removed and all other arguments are ignored. -.Sh SEE ALSO -.Xr kauth 1 , -.Xr kafs 3 -.Sh BUGS -It should be able to handle the MIT Athena -.Nm aklog -flags -.Fl hosts , -.Fl zsubs , -and -.Fl noprdb , -but does not. diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8 deleted file mode 100644 index 4f2c12006be5..000000000000 --- a/crypto/kerberosIV/man/ext_srvtab.8 +++ /dev/null @@ -1,62 +0,0 @@ -.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ext_srvtab \- extract service key files from Kerberos key distribution center database -.SH SYNOPSIS -ext_srvtab [ -.B \-n -] [ -.B \-r realm -] [ -.B hostname ... -] -.SH DESCRIPTION -.I ext_srvtab -extracts service key files from the Kerberos key distribution center -(KDC) database. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -For each -.I hostname -specified on the command line, -.I ext_srvtab -creates the service key file -.IR hostname -new-srvtab, -containing all the entries in the database with an instance field of -.I hostname. -This new file contains all the keys registered for Kerberos-mediated -service providing programs which use the -.IR krb_get_phost (3) -principal and instance conventions to run on the host -.IR hostname . -If the -.B \-r -option is specified, the realm fields in the extracted file will -match the given realm rather than the local realm. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -.IR hostname -new-srvtab -Service key file generated for -.I hostname -.TP -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. -.SH SEE ALSO -read_service_key(3), krb_get_phost(3) diff --git a/crypto/kerberosIV/man/ftp.1 b/crypto/kerberosIV/man/ftp.1 deleted file mode 100644 index e5c21f096145..000000000000 --- a/crypto/kerberosIV/man/ftp.1 +++ /dev/null @@ -1,1193 +0,0 @@ -.\" $NetBSD: ftp.1,v 1.11 1995/09/08 01:06:24 tls Exp $ -.\" -.\" Copyright (c) 1985, 1989, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)ftp.1 8.3 (Berkeley) 10/9/94 -.\" -.Dd April 27, 1996 -.Dt FTP 1 -.Os BSD 4.2 -.Sh NAME -.Nm ftp -.Nd -.Tn ARPANET -file transfer program -.Sh SYNOPSIS -.Nm ftp -.Op Fl t -.Op Fl v -.Op Fl d -.Op Fl i -.Op Fl n -.Op Fl g -.Op Fl p -.Op Ar host -.Sh DESCRIPTION -.Nm Ftp -is the user interface to the -.Tn ARPANET -standard File Transfer Protocol. -The program allows a user to transfer files to and from a -remote network site. -.Pp -Modifications has been made so that it almost follows the ftpsec -Internet draft. -.Pp -Options may be specified at the command line, or to the -command interpreter. -.Bl -tag -width flag -.It Fl t -Enables packet tracing. -.It Fl v -Verbose option forces -.Nm ftp -to show all responses from the remote server, as well -as report on data transfer statistics. -.It Fl n -Restrains -.Nm ftp -from attempting \*(Lqauto-login\*(Rq upon initial connection. -If auto-login is enabled, -.Nm ftp -will check the -.Pa .netrc -(see below) file in the user's home directory for an entry describing -an account on the remote machine. -If no entry exists, -.Nm ftp -will prompt for the remote machine login name (default is the user -identity on the local machine), and, if necessary, prompt for a password -and an account with which to login. -.It Fl i -Turns off interactive prompting during -multiple file transfers. -.It Fl p -Turn on passive mode. -.It Fl d -Enables debugging. -.It Fl g -Disables file name globbing. -.El -.Pp -The client host with which -.Nm ftp -is to communicate may be specified on the command line. -If this is done, -.Nm ftp -will immediately attempt to establish a connection to an -.Tn FTP -server on that host; otherwise, -.Nm ftp -will enter its command interpreter and await instructions -from the user. -When -.Nm ftp -is awaiting commands from the user the prompt -.Ql ftp> -is provided to the user. -The following commands are recognized -by -.Nm ftp : -.Bl -tag -width Fl -.It Ic \&! Op Ar command Op Ar args -Invoke an interactive shell on the local machine. -If there are arguments, the first is taken to be a command to execute -directly, with the rest of the arguments as its arguments. -.It Ic \&$ Ar macro-name Op Ar args -Execute the macro -.Ar macro-name -that was defined with the -.Ic macdef -command. -Arguments are passed to the macro unglobbed. -.It Ic account Op Ar passwd -Supply a supplemental password required by a remote system for access -to resources once a login has been successfully completed. -If no argument is included, the user will be prompted for an account -password in a non-echoing input mode. -.It Ic append Ar local-file Op Ar remote-file -Append a local file to a file on the remote machine. -If -.Ar remote-file -is left unspecified, the local file name is used in naming the -remote file after being altered by any -.Ic ntrans -or -.Ic nmap -setting. -File transfer uses the current settings for -.Ic type , -.Ic format , -.Ic mode , -and -.Ic structure . -.It Ic ascii -Set the file transfer -.Ic type -to network -.Tn ASCII . -This is the default type. -.It Ic bell -Arrange that a bell be sounded after each file transfer -command is completed. -.It Ic binary -Set the file transfer -.Ic type -to support binary image transfer. -.It Ic bye -Terminate the -.Tn FTP -session with the remote server -and exit -.Nm ftp . -An end of file will also terminate the session and exit. -.It Ic case -Toggle remote computer file name case mapping during -.Ic mget -commands. -When -.Ic case -is on (default is off), remote computer file names with all letters in -upper case are written in the local directory with the letters mapped -to lower case. -.It Ic \&cd Ar remote-directory -Change the working directory on the remote machine -to -.Ar remote-directory . -.It Ic cdup -Change the remote machine working directory to the parent of the -current remote machine working directory. -.It Ic chmod Ar mode file-name -Change the permission modes of the file -.Ar file-name -on the remote -sytem to -.Ar mode . -.It Ic close -Terminate the -.Tn FTP -session with the remote server, and -return to the command interpreter. -Any defined macros are erased. -.It Ic \&cr -Toggle carriage return stripping during -ascii type file retrieval. -Records are denoted by a carriage return/linefeed sequence -during ascii type file transfer. -When -.Ic \&cr -is on (the default), carriage returns are stripped from this -sequence to conform with the -.Ux -single linefeed record -delimiter. -Records on -.Pf non\- Ns Ux -remote systems may contain single linefeeds; -when an ascii type transfer is made, these linefeeds may be -distinguished from a record delimiter only when -.Ic \&cr -is off. -.It Ic delete Ar remote-file -Delete the file -.Ar remote-file -on the remote machine. -.It Ic debug Op Ar debug-value -Toggle debugging mode. -If an optional -.Ar debug-value -is specified it is used to set the debugging level. -When debugging is on, -.Nm ftp -prints each command sent to the remote machine, preceded -by the string -.Ql \-\-> -.It Xo -.Ic dir -.Op Ar remote-directory -.Op Ar local-file -.Xc -Print a listing of the directory contents in the -directory, -.Ar remote-directory , -and, optionally, placing the output in -.Ar local-file . -If interactive prompting is on, -.Nm ftp -will prompt the user to verify that the last argument is indeed the -target local file for receiving -.Ic dir -output. -If no directory is specified, the current working -directory on the remote machine is used. -If no local -file is specified, or -.Ar local-file -is -.Fl , -output comes to the terminal. -.It Ic disconnect -A synonym for -.Ar close . -.It Ic form Ar format -Set the file transfer -.Ic form -to -.Ar format . -The default format is \*(Lqfile\*(Rq. -.It Ic get Ar remote-file Op Ar local-file -Retrieve the -.Ar remote-file -and store it on the local machine. -If the local -file name is not specified, it is given the same -name it has on the remote machine, subject to -alteration by the current -.Ic case , -.Ic ntrans , -and -.Ic nmap -settings. -The current settings for -.Ic type , -.Ic form , -.Ic mode , -and -.Ic structure -are used while transferring the file. -.It Ic glob -Toggle filename expansion for -.Ic mdelete , -.Ic mget -and -.Ic mput . -If globbing is turned off with -.Ic glob , -the file name arguments -are taken literally and not expanded. -Globbing for -.Ic mput -is done as in -.Xr csh 1 . -For -.Ic mdelete -and -.Ic mget , -each remote file name is expanded -separately on the remote machine and the lists are not merged. -Expansion of a directory name is likely to be -different from expansion of the name of an ordinary file: -the exact result depends on the foreign operating system and ftp server, -and can be previewed by doing -.Ql mls remote-files \- . -As a security measure, remotely globbed files that starts with -.Sq / -or contains -.Sq ../ , -will not be automatically received. If you have interactive prompting -turned off, these filenames will be ignored. Note: -.Ic mget -and -.Ic mput -are not meant to transfer -entire directory subtrees of files. -That can be done by -transferring a -.Xr tar 1 -archive of the subtree (in binary mode). -.It Ic hash -Toggle hash-sign (``#'') printing for each data block -transferred. -The size of a data block is 1024 bytes. -.It Ic help Op Ar command -Print an informative message about the meaning of -.Ar command . -If no argument is given, -.Nm ftp -prints a list of the known commands. -.It Ic idle Op Ar seconds -Set the inactivity timer on the remote server to -.Ar seconds -seconds. -If -.Ar seconds -is omitted, the current inactivity timer is printed. -.It Ic lcd Op Ar directory -Change the working directory on the local machine. -If -no -.Ar directory -is specified, the user's home directory is used. -.It Xo -.Ic \&ls -.Op Ar remote-directory -.Op Ar local-file -.Xc -Print a listing of the contents of a -directory on the remote machine. -The listing includes any system-dependent information that the server -chooses to include; for example, most -.Ux -systems will produce -output from the command -.Ql ls \-l . -(See also -.Ic nlist . ) -If -.Ar remote-directory -is left unspecified, the current working directory is used. -If interactive prompting is on, -.Nm ftp -will prompt the user to verify that the last argument is indeed the -target local file for receiving -.Ic \&ls -output. -If no local file is specified, or if -.Ar local-file -is -.Sq Fl , -the output is sent to the terminal. -.It Ic macdef Ar macro-name -Define a macro. -Subsequent lines are stored as the macro -.Ar macro-name ; -a null line (consecutive newline characters -in a file or -carriage returns from the terminal) terminates macro input mode. -There is a limit of 16 macros and 4096 total characters in all -defined macros. -Macros remain defined until a -.Ic close -command is executed. -The macro processor interprets `$' and `\e' as special characters. -A `$' followed by a number (or numbers) is replaced by the -corresponding argument on the macro invocation command line. -A `$' followed by an `i' signals that macro processor that the -executing macro is to be looped. -On the first pass `$i' is -replaced by the first argument on the macro invocation command line, -on the second pass it is replaced by the second argument, and so on. -A `\e' followed by any character is replaced by that character. -Use the `\e' to prevent special treatment of the `$'. -.It Ic mdelete Op Ar remote-files -Delete the -.Ar remote-files -on the remote machine. -.It Ic mdir Ar remote-files local-file -Like -.Ic dir , -except multiple remote files may be specified. -If interactive prompting is on, -.Nm ftp -will prompt the user to verify that the last argument is indeed the -target local file for receiving -.Ic mdir -output. -.It Ic mget Ar remote-files -Expand the -.Ar remote-files -on the remote machine -and do a -.Ic get -for each file name thus produced. -See -.Ic glob -for details on the filename expansion. -Resulting file names will then be processed according to -.Ic case , -.Ic ntrans , -and -.Ic nmap -settings. -Files are transferred into the local working directory, -which can be changed with -.Ql lcd directory ; -new local directories can be created with -.Ql "\&! mkdir directory" . -.It Ic mkdir Ar directory-name -Make a directory on the remote machine. -.It Ic mls Ar remote-files local-file -Like -.Ic nlist , -except multiple remote files may be specified, -and the -.Ar local-file -must be specified. -If interactive prompting is on, -.Nm ftp -will prompt the user to verify that the last argument is indeed the -target local file for receiving -.Ic mls -output. -.It Ic mode Op Ar mode-name -Set the file transfer -.Ic mode -to -.Ar mode-name . -The default mode is \*(Lqstream\*(Rq mode. -.It Ic modtime Ar file-name -Show the last modification time of the file on the remote machine. -.It Ic mput Ar local-files -Expand wild cards in the list of local files given as arguments -and do a -.Ic put -for each file in the resulting list. -See -.Ic glob -for details of filename expansion. -Resulting file names will then be processed according to -.Ic ntrans -and -.Ic nmap -settings. -.It Ic newer Ar file-name -Get the file only if the modification time of the remote file is more -recent that the file on the current system. -If the file does not -exist on the current system, the remote file is considered -.Ic newer . -Otherwise, this command is identical to -.Ar get . -.It Xo -.Ic nlist -.Op Ar remote-directory -.Op Ar local-file -.Xc -Print a list of the files in a -directory on the remote machine. -If -.Ar remote-directory -is left unspecified, the current working directory is used. -If interactive prompting is on, -.Nm ftp -will prompt the user to verify that the last argument is indeed the -target local file for receiving -.Ic nlist -output. -If no local file is specified, or if -.Ar local-file -is -.Fl , -the output is sent to the terminal. -.It Ic nmap Op Ar inpattern outpattern -Set or unset the filename mapping mechanism. -If no arguments are specified, the filename mapping mechanism is unset. -If arguments are specified, remote filenames are mapped during -.Ic mput -commands and -.Ic put -commands issued without a specified remote target filename. -If arguments are specified, local filenames are mapped during -.Ic mget -commands and -.Ic get -commands issued without a specified local target filename. -This command is useful when connecting to a -.No non\- Ns Ux -remote computer -with different file naming conventions or practices. -The mapping follows the pattern set by -.Ar inpattern -and -.Ar outpattern . -.Op Ar Inpattern -is a template for incoming filenames (which may have already been -processed according to the -.Ic ntrans -and -.Ic case -settings). -Variable templating is accomplished by including the -sequences `$1', `$2', ..., `$9' in -.Ar inpattern . -Use `\\' to prevent this special treatment of the `$' character. -All other characters are treated literally, and are used to determine the -.Ic nmap -.Op Ar inpattern -variable values. -For example, given -.Ar inpattern -$1.$2 and the remote file name "mydata.data", $1 would have the value -"mydata", and $2 would have the value "data". -The -.Ar outpattern -determines the resulting mapped filename. -The sequences `$1', `$2', ...., `$9' are replaced by any value resulting -from the -.Ar inpattern -template. -The sequence `$0' is replace by the original filename. -Additionally, the sequence -.Ql Op Ar seq1 , Ar seq2 -is replaced by -.Op Ar seq1 -if -.Ar seq1 -is not a null string; otherwise it is replaced by -.Ar seq2 . -For example, the command -.Pp -.Bd -literal -offset indent -compact -nmap $1.$2.$3 [$1,$2].[$2,file] -.Ed -.Pp -would yield -the output filename "myfile.data" for input filenames "myfile.data" and -"myfile.data.old", "myfile.file" for the input filename "myfile", and -"myfile.myfile" for the input filename ".myfile". -Spaces may be included in -.Ar outpattern , -as in the example: `nmap $1 sed "s/ *$//" > $1' . -Use the `\e' character to prevent special treatment -of the `$','[','[', and `,' characters. -.It Ic ntrans Op Ar inchars Op Ar outchars -Set or unset the filename character translation mechanism. -If no arguments are specified, the filename character -translation mechanism is unset. -If arguments are specified, characters in -remote filenames are translated during -.Ic mput -commands and -.Ic put -commands issued without a specified remote target filename. -If arguments are specified, characters in -local filenames are translated during -.Ic mget -commands and -.Ic get -commands issued without a specified local target filename. -This command is useful when connecting to a -.No non\- Ns Ux -remote computer -with different file naming conventions or practices. -Characters in a filename matching a character in -.Ar inchars -are replaced with the corresponding character in -.Ar outchars . -If the character's position in -.Ar inchars -is longer than the length of -.Ar outchars , -the character is deleted from the file name. -.It Ic open Ar host Op Ar port -Establish a connection to the specified -.Ar host -.Tn FTP -server. -An optional port number may be supplied, -in which case, -.Nm ftp -will attempt to contact an -.Tn FTP -server at that port. -If the -.Ic auto-login -option is on (default), -.Nm ftp -will also attempt to automatically log the user in to -the -.Tn FTP -server (see below). -.It Ic passive -Toggle passive mode. If passive mode is turned on -(default is off), the ftp client will -send a -.Dv PASV -command for all data connections instead of the usual -.Dv PORT -command. The -.Dv PASV -command requests that the remote server open a port for the data connection -and return the address of that port. The remote server listens on that -port and the client connects to it. When using the more traditional -.Dv PORT -command, the client listens on a port and sends that address to the remote -server, who connects back to it. Passive mode is useful when using -.Nm ftp -through a gateway router or host that controls the directionality of -traffic. -(Note that though ftp servers are required to support the -.Dv PASV -command by RFC 1123, some do not.) -.It Ic prompt -Toggle interactive prompting. -Interactive prompting -occurs during multiple file transfers to allow the -user to selectively retrieve or store files. -If prompting is turned off (default is on), any -.Ic mget -or -.Ic mput -will transfer all files, and any -.Ic mdelete -will delete all files. -.It Ic proxy Ar ftp-command -Execute an ftp command on a secondary control connection. -This command allows simultaneous connection to two remote ftp -servers for transferring files between the two servers. -The first -.Ic proxy -command should be an -.Ic open , -to establish the secondary control connection. -Enter the command "proxy ?" to see other ftp commands executable on the -secondary connection. -The following commands behave differently when prefaced by -.Ic proxy : -.Ic open -will not define new macros during the auto-login process, -.Ic close -will not erase existing macro definitions, -.Ic get -and -.Ic mget -transfer files from the host on the primary control connection -to the host on the secondary control connection, and -.Ic put , -.Ic mput , -and -.Ic append -transfer files from the host on the secondary control connection -to the host on the primary control connection. -Third party file transfers depend upon support of the ftp protocol -.Dv PASV -command by the server on the secondary control connection. -.It Ic put Ar local-file Op Ar remote-file -Store a local file on the remote machine. -If -.Ar remote-file -is left unspecified, the local file name is used -after processing according to any -.Ic ntrans -or -.Ic nmap -settings -in naming the remote file. -File transfer uses the -current settings for -.Ic type , -.Ic format , -.Ic mode , -and -.Ic structure . -.It Ic pwd -Print the name of the current working directory on the remote -machine. -.It Ic quit -A synonym for -.Ic bye . -.It Ic quote Ar arg1 arg2 ... -The arguments specified are sent, verbatim, to the remote -.Tn FTP -server. -.It Ic recv Ar remote-file Op Ar local-file -A synonym for get. -.It Ic reget Ar remote-file Op Ar local-file -Reget acts like get, except that if -.Ar local-file -exists and is -smaller than -.Ar remote-file , -.Ar local-file -is presumed to be -a partially transferred copy of -.Ar remote-file -and the transfer -is continued from the apparent point of failure. -This command -is useful when transferring very large files over networks that -are prone to dropping connections. -.It Ic remotehelp Op Ar command-name -Request help from the remote -.Tn FTP -server. -If a -.Ar command-name -is specified it is supplied to the server as well. -.It Ic remotestatus Op Ar file-name -With no arguments, show status of remote machine. -If -.Ar file-name -is specified, show status of -.Ar file-name -on remote machine. -.It Xo -.Ic rename -.Op Ar from -.Op Ar to -.Xc -Rename the file -.Ar from -on the remote machine, to the file -.Ar to . -.It Ic reset -Clear reply queue. -This command re-synchronizes command/reply sequencing with the remote -ftp server. -Resynchronization may be necessary following a violation of the ftp protocol -by the remote server. -.It Ic restart Ar marker -Restart the immediately following -.Ic get -or -.Ic put -at the -indicated -.Ar marker . -On -.Ux -systems, marker is usually a byte -offset into the file. -.It Ic rmdir Ar directory-name -Delete a directory on the remote machine. -.It Ic runique -Toggle storing of files on the local system with unique filenames. -If a file already exists with a name equal to the target -local filename for a -.Ic get -or -.Ic mget -command, a ".1" is appended to the name. -If the resulting name matches another existing file, -a ".2" is appended to the original name. -If this process continues up to ".99", an error -message is printed, and the transfer does not take place. -The generated unique filename will be reported. -Note that -.Ic runique -will not affect local files generated from a shell command -(see below). -The default value is off. -.It Ic send Ar local-file Op Ar remote-file -A synonym for put. -.It Ic sendport -Toggle the use of -.Dv PORT -commands. -By default, -.Nm ftp -will attempt to use a -.Dv PORT -command when establishing -a connection for each data transfer. -The use of -.Dv PORT -commands can prevent delays -when performing multiple file transfers. -If the -.Dv PORT -command fails, -.Nm ftp -will use the default data port. -When the use of -.Dv PORT -commands is disabled, no attempt will be made to use -.Dv PORT -commands for each data transfer. -This is useful -for certain -.Tn FTP -implementations which do ignore -.Dv PORT -commands but, incorrectly, indicate they've been accepted. -.It Ic site Ar arg1 arg2 ... -The arguments specified are sent, verbatim, to the remote -.Tn FTP -server as a -.Dv SITE -command. -.It Ic size Ar file-name -Return size of -.Ar file-name -on remote machine. -.It Ic status -Show the current status of -.Nm ftp . -.It Ic struct Op Ar struct-name -Set the file transfer -.Ar structure -to -.Ar struct-name . -By default \*(Lqstream\*(Rq structure is used. -.It Ic sunique -Toggle storing of files on remote machine under unique file names. -Remote ftp server must support ftp protocol -.Dv STOU -command for -successful completion. -The remote server will report unique name. -Default value is off. -.It Ic system -Show the type of operating system running on the remote machine. -.It Ic tenex -Set the file transfer type to that needed to -talk to -.Tn TENEX -machines. -.It Ic trace -Toggle packet tracing. -.It Ic type Op Ar type-name -Set the file transfer -.Ic type -to -.Ar type-name . -If no type is specified, the current type -is printed. -The default type is network -.Tn ASCII . -.It Ic umask Op Ar newmask -Set the default umask on the remote server to -.Ar newmask . -If -.Ar newmask -is omitted, the current umask is printed. -.It Xo -.Ic user Ar user-name -.Op Ar password -.Op Ar account -.Xc -Identify yourself to the remote -.Tn FTP -server. -If the -.Ar password -is not specified and the server requires it, -.Nm ftp -will prompt the user for it (after disabling local echo). -If an -.Ar account -field is not specified, and the -.Tn FTP -server -requires it, the user will be prompted for it. -If an -.Ar account -field is specified, an account command will -be relayed to the remote server after the login sequence -is completed if the remote server did not require it -for logging in. -Unless -.Nm ftp -is invoked with \*(Lqauto-login\*(Rq disabled, this -process is done automatically on initial connection to -the -.Tn FTP -server. -.It Ic verbose -Toggle verbose mode. -In verbose mode, all responses from -the -.Tn FTP -server are displayed to the user. -In addition, -if verbose is on, when a file transfer completes, statistics -regarding the efficiency of the transfer are reported. -By default, -verbose is on. -.It Ic ? Op Ar command -A synonym for help. -.El -.Pp -The following command can be used with ftpsec-aware servers. -.Bl -tag -width Fl -.It Xo -.Ic prot -.Ar clear | -.Ar safe | -.Ar confidential | -.Ar private -.Xc -Set the data protection level to the requested level. -.El -.Pp -The following command can be used with ftp servers that has -implemented the KAUTH site command. -.Bl -tag -width Fl -.It Ic kauth Op Ar principal -Obtain remote tickets. -.El -.Pp -Command arguments which have embedded spaces may be quoted with -quote `"' marks. -.Sh ABORTING A FILE TRANSFER -To abort a file transfer, use the terminal interrupt key -(usually Ctrl-C). -Sending transfers will be immediately halted. -Receiving transfers will be halted by sending a ftp protocol -.Dv ABOR -command to the remote server, and discarding any further data received. -The speed at which this is accomplished depends upon the remote -server's support for -.Dv ABOR -processing. -If the remote server does not support the -.Dv ABOR -command, an -.Ql ftp> -prompt will not appear until the remote server has completed -sending the requested file. -.Pp -The terminal interrupt key sequence will be ignored when -.Nm ftp -has completed any local processing and is awaiting a reply -from the remote server. -A long delay in this mode may result from the ABOR processing described -above, or from unexpected behavior by the remote server, including -violations of the ftp protocol. -If the delay results from unexpected remote server behavior, the local -.Nm ftp -program must be killed by hand. -.Sh FILE NAMING CONVENTIONS -Files specified as arguments to -.Nm ftp -commands are processed according to the following rules. -.Bl -enum -.It -If the file name -.Sq Fl -is specified, the -.Ar stdin -(for reading) or -.Ar stdout -(for writing) is used. -.It -If the first character of the file name is -.Sq \&| , -the -remainder of the argument is interpreted as a shell command. -.Nm Ftp -then forks a shell, using -.Xr popen 3 -with the argument supplied, and reads (writes) from the stdout -(stdin). -If the shell command includes spaces, the argument -must be quoted; e.g. -\*(Lq" ls -lt"\*(Rq. -A particularly -useful example of this mechanism is: \*(Lqdir more\*(Rq. -.It -Failing the above checks, if ``globbing'' is enabled, -local file names are expanded -according to the rules used in the -.Xr csh 1 ; -c.f. the -.Ic glob -command. -If the -.Nm ftp -command expects a single local file (.e.g. -.Ic put ) , -only the first filename generated by the "globbing" operation is used. -.It -For -.Ic mget -commands and -.Ic get -commands with unspecified local file names, the local filename is -the remote filename, which may be altered by a -.Ic case , -.Ic ntrans , -or -.Ic nmap -setting. -The resulting filename may then be altered if -.Ic runique -is on. -.It -For -.Ic mput -commands and -.Ic put -commands with unspecified remote file names, the remote filename is -the local filename, which may be altered by a -.Ic ntrans -or -.Ic nmap -setting. -The resulting filename may then be altered by the remote server if -.Ic sunique -is on. -.El -.Sh FILE TRANSFER PARAMETERS -The FTP specification specifies many parameters which may -affect a file transfer. -The -.Ic type -may be one of \*(Lqascii\*(Rq, \*(Lqimage\*(Rq (binary), -\*(Lqebcdic\*(Rq, and \*(Lqlocal byte size\*(Rq (for -.Tn PDP Ns -10's -and -.Tn PDP Ns -20's -mostly). -.Nm Ftp -supports the ascii and image types of file transfer, -plus local byte size 8 for -.Ic tenex -mode transfers. -.Pp -.Nm Ftp -supports only the default values for the remaining -file transfer parameters: -.Ic mode , -.Ic form , -and -.Ic struct . -.Sh THE .netrc FILE -The -.Pa .netrc -file contains login and initialization information -used by the auto-login process. -It resides in the user's home directory. -The following tokens are recognized; they may be separated by spaces, -tabs, or new-lines: -.Bl -tag -width password -.It Ic machine Ar name -Identify a remote machine -.Ar name . -The auto-login process searches the -.Pa .netrc -file for a -.Ic machine -token that matches the remote machine specified on the -.Nm ftp -command line or as an -.Ic open -command argument. -Once a match is made, the subsequent -.Pa .netrc -tokens are processed, -stopping when the end of file is reached or another -.Ic machine -or a -.Ic default -token is encountered. -.It Ic default -This is the same as -.Ic machine -.Ar name -except that -.Ic default -matches any name. -There can be only one -.Ic default -token, and it must be after all -.Ic machine -tokens. -This is normally used as: -.Pp -.Dl default login anonymous password user@site -.Pp -thereby giving the user -.Ar automatic -anonymous ftp login to -machines not specified in -.Pa .netrc . -This can be overridden -by using the -.Fl n -flag to disable auto-login. -.It Ic login Ar name -Identify a user on the remote machine. -If this token is present, the auto-login process will initiate -a login using the specified -.Ar name . -.It Ic password Ar string -Supply a password. -If this token is present, the auto-login process will supply the -specified string if the remote server requires a password as part -of the login process. -Note that if this token is present in the -.Pa .netrc -file for any user other -than -.Ar anonymous , -.Nm ftp -will abort the auto-login process if the -.Pa .netrc -is readable by -anyone besides the user. -.It Ic account Ar string -Supply an additional account password. -If this token is present, the auto-login process will supply the -specified string if the remote server requires an additional -account password, or the auto-login process will initiate an -.Dv ACCT -command if it does not. -.It Ic macdef Ar name -Define a macro. -This token functions like the -.Nm ftp -.Ic macdef -command functions. -A macro is defined with the specified name; its contents begin with the -next -.Pa .netrc -line and continue until a null line (consecutive new-line -characters) is encountered. -If a macro named -.Ic init -is defined, it is automatically executed as the last step in the -auto-login process. -.El -.Sh ENVIRONMENT -.Nm Ftp -utilizes the following environment variables. -.Bl -tag -width Fl -.It Ev HOME -For default location of a -.Pa .netrc -file, if one exists. -.It Ev SHELL -For default shell. -.El -.Sh SEE ALSO -.Xr ftpd 8 , -.%T RFC2228 -.Sh HISTORY -The -.Nm ftp -command appeared in -.Bx 4.2 . -.Sh BUGS -Correct execution of many commands depends upon proper behavior -by the remote server. -.Pp -An error in the treatment of carriage returns -in the -.Bx 4.2 -ascii-mode transfer code -has been corrected. -This correction may result in incorrect transfers of binary files -to and from -.Bx 4.2 -servers using the ascii type. -Avoid this problem by using the binary image type. diff --git a/crypto/kerberosIV/man/ftpd.8 b/crypto/kerberosIV/man/ftpd.8 deleted file mode 100644 index c51de1ce06dc..000000000000 --- a/crypto/kerberosIV/man/ftpd.8 +++ /dev/null @@ -1,473 +0,0 @@ -.\" $NetBSD: ftpd.8,v 1.7 1995/04/11 02:44:53 cgd Exp $ -.\" -.\" Copyright (c) 1985, 1988, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)ftpd.8 8.2 (Berkeley) 4/19/94 -.\" -.Dd April 19, 1997 -.Dt FTPD 8 -.Os BSD 4.2 -.Sh NAME -.Nm ftpd -.Nd -Internet File Transfer Protocol server -.Sh SYNOPSIS -.Nm ftpd -.Op Fl a Ar authmode -.Op Fl dilv -.Op Fl g Ar umask -.Op Fl p Ar port -.Op Fl T Ar maxtimeout -.Op Fl t Ar timeout -.Op Fl u Ar default umask -.Sh DESCRIPTION -.Nm Ftpd -is the -Internet File Transfer Protocol -server process. The server uses the -.Tn TCP -protocol -and listens at the port specified in the -.Dq ftp -service specification; see -.Xr services 5 . -.Pp -Available options: -.Bl -tag -width Ds -.It Fl a -Select the level of authentication required. Kerberised login can not -be turned off. The default is to only allow kerberised login. Other -possibilities can be turned on by giving a string of comma separated -flags as argument to -.Fl a . -Recognised flags are: -.Bl -tag -width plain -.It Ar plain -Allow logging in with plaintext password. The password can be a(n) OTP -or an ordinary password. -.It Ar otp -Same as -.Ar plain , -but only OTP is allowed. -.It Ar ftp -Allow anonymous login. -.El - -The following combination modes exists for backwards compatibility: -.Bl -tag -width plain -.It Ar none -Same as -.Ar plain,ftp . -.It Ar safe -Same as -.Ar ftp . -.It Ar user -Ignored. -.El -.It Fl d -Debugging information is written to the syslog using LOG_FTP. -.It Fl g -Anonymous users will get a umask of -.Ar umask . -.It Fl i -Open a socket and wait for a connection. This is mainly used for -debugging when ftpd isn't started by inetd. -.It Fl l -Each successful and failed -.Xr ftp 1 -session is logged using syslog with a facility of LOG_FTP. -If this option is specified twice, the retrieve (get), store (put), append, -delete, make directory, remove directory and rename operations and -their filename arguments are also logged. -.It Fl p -Use -.Ar port -(a service name or number) instead of the default -.Ar ftp/tcp . -.It Fl T -A client may also request a different timeout period; -the maximum period allowed may be set to -.Ar timeout -seconds with the -.Fl T -option. -The default limit is 2 hours. -.It Fl t -The inactivity timeout period is set to -.Ar timeout -seconds (the default is 15 minutes). -.It Fl u -Set the initial umask to something else than the default 027. -.It Fl v -Verbose mode. -.El -.Pp -The file -.Pa /etc/nologin -can be used to disable ftp access. -If the file exists, -.Nm -displays it and exits. -If the file -.Pa /etc/ftpwelcome -exists, -.Nm -prints it before issuing the -.Dq ready -message. -If the file -.Pa /etc/motd -exists, -.Nm -prints it after a successful login. -.Pp -The ftp server currently supports the following ftp requests. -The case of the requests is ignored. -.Bl -column "Request" -offset indent -.It Request Ta "Description" -.It ABOR Ta "abort previous command" -.It ACCT Ta "specify account (ignored)" -.It ALLO Ta "allocate storage (vacuously)" -.It APPE Ta "append to a file" -.It CDUP Ta "change to parent of current working directory" -.It CWD Ta "change working directory" -.It DELE Ta "delete a file" -.It HELP Ta "give help information" -.It LIST Ta "give list files in a directory" Pq Dq Li "ls -lgA" -.It MKD Ta "make a directory" -.It MDTM Ta "show last modification time of file" -.It MODE Ta "specify data transfer" Em mode -.It NLST Ta "give name list of files in directory" -.It NOOP Ta "do nothing" -.It PASS Ta "specify password" -.It PASV Ta "prepare for server-to-server transfer" -.It PORT Ta "specify data connection port" -.It PWD Ta "print the current working directory" -.It QUIT Ta "terminate session" -.It REST Ta "restart incomplete transfer" -.It RETR Ta "retrieve a file" -.It RMD Ta "remove a directory" -.It RNFR Ta "specify rename-from file name" -.It RNTO Ta "specify rename-to file name" -.It SITE Ta "non-standard commands (see next section)" -.It SIZE Ta "return size of file" -.It STAT Ta "return status of server" -.It STOR Ta "store a file" -.It STOU Ta "store a file with a unique name" -.It STRU Ta "specify data transfer" Em structure -.It SYST Ta "show operating system type of server system" -.It TYPE Ta "specify data transfer" Em type -.It USER Ta "specify user name" -.It XCUP Ta "change to parent of current working directory (deprecated)" -.It XCWD Ta "change working directory (deprecated)" -.It XMKD Ta "make a directory (deprecated)" -.It XPWD Ta "print the current working directory (deprecated)" -.It XRMD Ta "remove a directory (deprecated)" -.El -.Pp -The following commands are specified by RFC2228. -.Bl -column Request -offset indent -.It AUTH Ta "authentication/security mechanism" -.It ADAT Ta "authentication/security data" -.It PROT Ta "data channel protection level" -.It PBSZ Ta "protection buffer size" -.It MIC Ta "integrity protected command" -.It CONF Ta "confidentiality protected command" -.It ENC Ta "privacy protected command" -.It CCC Ta "clear command channel" -.El -.Pp -The following non-standard or -.Tn UNIX -specific commands are supported -by the -SITE request. -.Pp -.Bl -column Request -offset indent -.It UMASK Ta change umask, (e.g. -.Ic "SITE UMASK 002" ) -.It IDLE Ta set idle-timer, (e.g. -.Ic "SITE IDLE 60" ) -.It CHMOD Ta change mode of a file (e.g. -.Ic "SITE CHMOD 755 filename" ) -.It FIND Ta quickly find a specific file with GNU -.Xr locate 1 . -.It HELP Ta give help information. -.El -.Pp -The following Kerberos related site commands are understood. -.Bl -column Request -offset indent -.It KAUTH Ta obtain remote tickets. -.It KLIST Ta show remote tickets -.El -.Pp -The remaining ftp requests specified in Internet RFC 959 -are -recognized, but not implemented. -MDTM and SIZE are not specified in RFC 959, but will appear in the -next updated FTP RFC. -.Pp -The ftp server will abort an active file transfer only when the -ABOR -command is preceded by a Telnet "Interrupt Process" (IP) -signal and a Telnet "Synch" signal in the command Telnet stream, -as described in Internet RFC 959. -If a -STAT -command is received during a data transfer, preceded by a Telnet IP -and Synch, transfer status will be returned. -.Pp -.Nm Ftpd -interprets file names according to the -.Dq globbing -conventions used by -.Xr csh 1 . -This allows users to utilize the metacharacters -.Dq Li \&*?[]{}~ . -.Pp -.Nm Ftpd -authenticates users according to these rules. -.Pp -.Bl -enum -offset indent -.It -If Kerberos authentication is used, the user must pass valid tickets -and the principal must be allowed to login as the remote user. -.It -The login name must be in the password data base, and not have a null -password (if kerberos is used the password field is not checked). In -this case a password must be provided by the client before any file -operations may be performed. If the user has an OTP key, the response -from a successful USER command will include an OTP challenge. The -client may choose to respond with a PASS command giving either a -standard password or an OTP one-time password. The server will -automatically determine which type of password it has been given and -attempt to authenticate accordingly. See -.Xr otp 1 -for more information on OTP authentication. -.It -The login name must not appear in the file -.Pa /etc/ftpusers . -.It -The user must have a standard shell returned by -.Xr getusershell 3 . -.It -If the user name appears in the file -.Pa /etc/ftpchroot -the session's root will be changed to the user's login directory by -.Xr chroot 2 -as for an -.Dq anonymous -or -.Dq ftp -account (see next item). However, the user must still supply a password. -This feature is intended as a compromise between a fully anonymous account -and a fully privileged account. The account should also be set up as for an -anonymous account. -.It -If the user name is -.Dq anonymous -or -.Dq ftp , -an -anonymous ftp account must be present in the password -file (user -.Dq ftp ) . -In this case the user is allowed -to log in by specifying any password (by convention an email address for -the user should be used as the password). -.El -.Pp -In the last case, -.Nm ftpd -takes special measures to restrict the client's access privileges. -The server performs a -.Xr chroot 2 -to the home directory of the -.Dq ftp -user. -In order that system security is not breached, it is recommended -that the -.Dq ftp -subtree be constructed with care, consider following these guidelines -for anonymous ftp. - -In general all files should be owned by -.Dq root , -and have non-write permissions (644 or 755 depending on the kind of -file). No files should be owned or writable by -.Dq ftp -(possibly with exception for the -.Pa ~ftp/incoming , -as specified below). -.Bl -tag -width "~ftp/pub" -offset indent -.It Pa ~ftp -The -.Dq ftp -homedirectory should be owned by root. -.It Pa ~ftp/bin -The directory for external programs (such as -.Xr ls 1 ) . -These programs must either be statically linked, or you must setup an -environment for dynamic linking when running chrooted. -These programs will be used if present: -.Bl -tag -width "locate" -offset indent -.It ls -Used when listing files. -.It compress -When retrieving a filename that ends in -.Pa .Z , -and that file isn't present, -.Nm -will try to find the filename without -.Pa .Z -and compress it on the fly. -.It gzip -Same as compress, just with files ending in -.Pa .gz . -.It gtar -Enables retrieval of whole directories as files ending in -.Pa .tar . -Can also be combined with compression. You must use GNU Tar (or some -other that supports the -.Fl z -and -.Fl Z -flags). -.It locate -Will enable ``fast find'' with the -.Ic SITE FIND -command. You must also create a -.Pa locatedb -file in -.Pa ~ftp/etc . -.El -.It Pa ~ftp/etc -If you put copies of the -.Xr passwd 5 -and -.Xr group 5 -files here, ls will be able to produce owner names rather than -numbers. Remember to remove any passwords from these files. - -The file -.Pa motd , -if present, will be printed after a successful login. -.It Pa ~ftp/dev -Put a copy of -.Xr /dev/null 7 -here. -.It Pa ~ftp/pub -Traditional place to put whatever you want to make public. -.El - -If you want guests to be able to upload files, create a -.Pa ~ftp/incoming -directory owned by -.Dq root , -and group -.Dq ftp -with mode 730 (make sure -.Dq ftp -is member of group -.Dq ftp ) . -The following restrictions apply to anonymous users: -.Bl -bullet -.It -Directories created will have mode 700. -.It -Uploaded files will be created with an umask of 777, if not changed -with the -.Fl g -option. -.It -These command are not accessible: -.Ic DELE , RMD , RNTO , RNFR , -.Ic SITE UMASK , -and -.Ic SITE CHMOD . -.It -Filenames must start with an alpha-numeric character, and consist of -alpha-numeric characters or any of the following: -.Li \&+ -(plus), -.Li \&- -(minus), -.Li \&= -(equal), -.Li \&_ -(underscore), -.Li \&. -(period), and -.Li \&, -(comma). -.El -.Sh FILES -.Bl -tag -width /etc/ftpwelcome -compact -.It Pa /etc/ftpusers -Access list for users. -.It Pa /etc/ftpchroot -List of normal users who should be chroot'd. -.It Pa /etc/ftpwelcome -Welcome notice. -.It Pa /etc/motd -Welcome notice after login. -.It Pa /etc/nologin -Displayed and access refused. -.It Pa ~/.klogin -Login access for Kerberos. -.El -.Sh SEE ALSO -.Xr ftp 1 , -.Xr otp 1 , -.Xr getusershell 3 , -.Xr ftpusers 5 , -.Xr syslogd 8 , -.Sh STANDARDS -.Bl -tag -compact -width "RFC 1938" -.It Cm RFC 959 -FTP PROTOCOL SPECIFICATION -.It Cm RFC 1938 -OTP Specification -.It Cm RFC 2228 -FTP Security Extensions. -.Sh BUGS -The server must run as the super-user -to create sockets with privileged port numbers. It maintains -an effective user id of the logged in user, reverting to -the super-user only when binding addresses to sockets. The -possible security holes have been extensively -scrutinized, but are possibly incomplete. -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . diff --git a/crypto/kerberosIV/man/ftpusers.5 b/crypto/kerberosIV/man/ftpusers.5 deleted file mode 100644 index dfd66f94003b..000000000000 --- a/crypto/kerberosIV/man/ftpusers.5 +++ /dev/null @@ -1,38 +0,0 @@ -.\" $Id: ftpusers.5,v 1.2 1997/05/07 20:11:11 joda Exp $ -.\" -.Dd May 7, 1997 -.Dt FTPUSERS 5 -.Os KTH-KRB -.Sh NAME -.Pa /etc/ftpusers -.Nd -FTP access list file. -.Sh DESCRIPTION -.Pa /etc/ftpusers -contains a list of users that should be allowed or denied FTP -access. Each line contains a user, optionally followed by -.Dq allow -(anything but -.Dq allow -is ignored). The semi-user -.Dq * -matches any user. Users that has an explicit -.Dq allow , -or that does not match any line, are allowed access. Anyone else is -denied access. - -Note that this is compatible with the old format, where this file -contained a list of users that should be denied access. -.Sh EXAMPLES -This will deny anyone but -.Dq foo -and -.Dq bar -to use FTP: -.Bd -literal -foo allow -bar allow -* -.Ed -.Sh SEE ALSO -.Xr ftpd 8 diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3 deleted file mode 100644 index 84dc3ad932ba..000000000000 --- a/crypto/kerberosIV/man/getusershell.3 +++ /dev/null @@ -1,99 +0,0 @@ -.\" $NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $ -.\" -.\" Copyright (c) 1985, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)getusershell.3 8.1 (Berkeley) 6/4/93 -.\" -.Dd June 4, 1993 -.Dt GETUSERSHELL 3 -.Os BSD 4.3 -.Sh NAME -.Nm getusershell , -.Nm setusershell , -.Nm endusershell -.Nd get legal user shells -.Sh SYNOPSIS -.Ft char * -.Fn getusershell void -.Ft void -.Fn setusershell void -.Ft void -.Fn endusershell void -.Sh DESCRIPTION -The -.Fn getusershell -function -returns a pointer to a legal user shell as defined by the -system manager in the file -.Pa /etc/shells . -If -.Pa /etc/shells -is unreadable or does not exist, -.Fn getusershell -behaves as if -.Pa /bin/sh -and -.Pa /bin/csh -were listed in the file. -.Pp -The -.Fn getusershell -function -reads the next -line (opening the file if necessary); -.Fn setusershell -rewinds the file; -.Fn endusershell -closes it. -.Sh FILES -.Bl -tag -width /etc/shells -compact -.It Pa /etc/shells -.El -.Sh DIAGNOSTICS -The routine -.Fn getusershell -returns a null pointer (0) on -.Dv EOF . -.Sh SEE ALSO -.Xr shells 5 -.Sh HISTORY -The -.Fn getusershell -function appeared in -.Bx 4.3 . -.Sh BUGS -The -.Fn getusershell -function leaves its result in an internal static object and returns -a pointer to that object. Subsequent calls to -.Fn getusershell -will modify the same object. diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8 deleted file mode 100644 index afd91269356b..000000000000 --- a/crypto/kerberosIV/man/kadmin.8 +++ /dev/null @@ -1,140 +0,0 @@ -.\" $Id: kadmin.8,v 1.6 1998/12/18 16:56:29 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" - -.Dd February 3, 1998 -.Dt KADMIN 8 -.Os "KTH-KRB" -.Sh NAME -.Nm kadmin -.Nd -network utility for Kerberos database administration -.Sh SYNOPSIS -.Nm -.Op Fl p Ar principal -.Op Fl u Ar username -.Op Fl r Ar realm -.Op Fl m -.Op Fl T Ar timeout -.Op Fl t -.Op Fl -version -.Op Fl h -.Op Fl -help -.Ar [command] -.Sh DESCRIPTION -This utility provides a unified administration interface to the -Kerberos master database. Kerberos administrators use -.Nm -to register new users and services to the master database, and to -change information about existing database entries, such as changing a -user's Kerberos password. A Kerberos administrator is a user with an -.Dq admin -instance whose name appears on one of the Kerberos administration -access control lists. -.Pp -Supported options: -.Bl -tag -width Ds -.It Fl p Ar principal -This is the adminstrator principal to use when talking to the Kadmin -server. The default is taken from the users environment. -.It Fl r Ar realm -This is the default realm to use for transactions. Default is the -local realm. -.It Fl u Ar username -This is similar to -.Fl p , -but specifies a name, that gets appended with a -.Dq admin -instance. -.It Fl T Ar timeout -To prevent someone from walking up to an unguarded terminal and doing -malicious things, administrator tickets are destroyed after a period -of inactivity. This flag changes the timeout from the default of one -minute. A timeout of zero seconds disables this functionality. -.It Fl m -Historically -.Nm -destroyed tickets after every command; this flag used to stop this -behaviour (only destroying tickets upon exit). Now it's just a synonym -for -.Fl T Ar 0 . -.It Fl t -Use existing tickets (if any are available), this also disbles -timeout, and doesn't destroy any tickets upon exit. - -These tickets have to be for the changepw.kerberos service. Use -.Nm kinit -p -to acquire them. -.El -.Pp -The -.Nm -program communicates over the network with the -.Nm kadmind -program, which runs on the machine housing the Kerberos master -database, and does the actual modifications to the database. -.Pp -When you enter the -.Nm -command, the program displays a message that welcomes you and explains -how to ask for help. Then -.Nm -waits for you to enter commands (which are described below). It then -asks you for your administrator's password before accessing the -database. -.Pp -All commands can be abbreviated as long as they are unique. Some -short versions of the commands are also recognized for backwards -compatibility. -.Pp -Recognised commands: -.Bl -tag -width Ds -.It add_new_key Ar principal -Creates a new principal in the Kerberos database. You give the name of -the new principal as an argument. You will then be asked for a maximum -ticket lifetime, attributes, the expiration date of the principal, and -finally the password of the principal. -.It change_password Ar principal -Changes a principal's password. You will be prompted for the new -password. -.It change_key Ar principal -This is the same as change_password, but the password is given as a -raw DES key (for the few occations when you need this). -.It change_admin_password -Changes your own admin password. It will prompt you for you old and -new passwords. -.It del_entry Ar principal -Removes principal from the database. -.It get_entry Ar principal -Show various information for the given principal. Note that the key is -shown as zeros. -.It mod_entry Ar principal -Modifies a particular entry, for instance to change the expiration -date. -.It destroy_tickets -Destroys your admin tickets explicitly. -.It quit -Obvious. -.El -.\".Sh ENVIRONMENT -.\".Sh FILES -.\".Sh EXAMPLES -.\".Sh DIAGNOSTICS -.Sh SEE ALSO -.Xr kerberos 1 , -.Xr kadmind 8 , -.Xr kpasswd 1 , -.Xr kinit 1 , -.Xr ksrvutil 8 -.\".Sh STANDARDS -.\".Sh HISTORY -.Sh AUTHORS -Jeffrey I. Schiller, MIT Project Athena -.Pp -Emanuel Jay Berkenbilt, MIT Project Athena -.Sh BUGS -The user interface is primitive, and the command names could be -better. diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8 deleted file mode 100644 index 71660faa23fe..000000000000 --- a/crypto/kerberosIV/man/kadmind.8 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $Id: kadmind.8,v 1.6 1999/09/15 15:10:08 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-m -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] [ -.B \-i address -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it fetches the master key from the key cache file. -.PP -If the -.B \-m -option is specified, it instead prompts the user to enter the master -key string for the database. -.PP -The -.B \-n -option is a no-op and is left for compatibility reasons. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -If the -.B \-i -option is specified, -.I kadmind -will only listen on that particular address and not on all configured -addresses of the host, which is the default. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently four distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.TP -Deletions -(.del ACL file). If a principal is on this list, if may delete -entries from the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/var/log/admin_server.syslog -Default log file. -.TP -/var/kerberos -Default access control list directory. -.TP -admin_acl.{add,get,mod} -Access control list files (within the directory) -.TP -/var/kerberos/principal.pag, /var/kerberos/principal.dir -Default DBM files containing database -.TP -/.k -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3 deleted file mode 100644 index 4a7b5efb8c4f..000000000000 --- a/crypto/kerberosIV/man/kafs.3 +++ /dev/null @@ -1,158 +0,0 @@ -.\" $Id: kafs.3,v 1.3 1998/06/30 15:41:52 assar Exp $ -.\" -.Dd May 7, 1997 -.Os KTH-KRB -.Dt KAFS 3 -.Sh NAME -.Nm k_hasafs , -.Nm k_pioctl , -.Nm k_unlog , -.Nm k_setpag , -.Nm k_afs_cell_of_file , -.Nm krb_afslog , -.Nm krb_afslog_uid -\" .Nm krb5_afslog , -\" .Nm krb5_afslog_uid -.Nd AFS library -.Sh SYNOPSIS -.Fd #include <kafs.h> -.Ft int -.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" -.Ft int -.Fn k_hasafs -.Ft int -.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" -.Ft int -.Fn k_setpag -.Ft int -.Fn k_unlog -.Ft int -.Fn krb_afslog "char *cell" "char *realm" -.Ft int -.Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" -\" .Ft krb5_error_code -\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" -\" .Ft krb5_error_code -\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" -.Sh DESCRIPTION -.Fn k_hasafs -initializes some library internal structures, and tests for the -presense of AFS in the kernel, none of the other functions should be -called before -.Fn k_hasafs -is called, or if it fails. - -.Fn krb_afslog , -and -.Fn krb_afslog_uid -obtains new tokens (and possibly tickets) for the specified -.Fa cell -and -.Fa realm . -If -.Fa cell -is -.Dv NULL , -the local cell is used. If -.Fa realm -is -.Dv NULL , -the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass -.Dv NULL . -.Fn krb_afslog -will use the real user-id for the -.Dv ViceId -field in the token, -.Fn krb_afslog_uid -will use -.Fa uid . - -\" .Fn krb5_afslog , -\" and -\" .Fn krb5_afslog_uid -\" are the Kerberos 5 equivalents of -\" .Fn krb_afslog , -\" and -\" .Fn krb_afslog_uid . -\" The extra arguments are the ubiquitous context, and the cache id where -\" to store any obtained tickets. Since AFS servers normally can't handle -\" Kerberos 5 tickets directly, these functions will first obtain version -\" 5 tickets for the requested cells, and then convert them to version 4 -\" tickets, that can be stashed in the kernel. To convert tickets the -\" .Fn krb524_convert_creds_kdc -\" function will be used. - -.Fn k_afs_cell_of_file -will in -.Fa cell -return the cell of a specified file, no more than -.Fa len -characters is put in -.Fa cell . - -.Fn k_pioctl -does a -.Fn pioctl -syscall with the specified arguments. This function is equivalent to -.Fn lpioctl . - -.Fn k_setpag -initializes a new PAG. - -.Fn k_unlog -removes destroys all tokens in the current PAG. - -.Sh ENVIRONMENT -The following environment variable affect the mode of operation of -.Nm kafs : -.Bl -tag -.It Ev AFS_SYSCALL -Normally, -.Nm kafs -will try to figure out the correct system call(s) that are used by AFS -by itself. If it does not manage to do that, or does it incorrectly, -you can set this variable to the system call number or list of system -call numbers that should be used. -.El -.Sh RETURN VALUES -.Fn k_hasafs -returns 1 if AFS is present in the kernel, 0 otherwise. -.Fn krb_afslog -and -.Fn krb_afslog_uid -returns 0 on success, or a kerberos error number on failure. -.Fn k_afs_cell_of_file , -.Fn k_pioctl , -.Fn k_setpag , -and -.Fn k_unlog -all return the value of the underlaying system call, 0 on success. -.Sh EXAMPLES -The following code from -.Nm login -will obtain a new PAG and tokens for the local cell and the cell of -the users home directory. -.Bd -literal -if (k_hasafs()) { - char cell[64]; - k_setpag(); - if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - krb_afslog(cell, NULL); - krb_afslog(NULL, NULL); -} -.Ed -.Sh ERRORS -If any of these functions (appart from -.Fn k_hasafs ) -is called without AFS beeing present in the kernel, the process will -usually (depending on the operating system) receive a SIGSYS signal. -.Sh SEE ALSO -.Rs -.%A Transarc Corporation -.%J AFS-3 Programmer's Reference -.%T File Server/Cache Manager Interface -.%D 1991 -.Re -.Sh BUGS -.Ev AFS_SYSCALL -has no effect under AIX. diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1 deleted file mode 100644 index 2efb709636e6..000000000000 --- a/crypto/kerberosIV/man/kauth.1 +++ /dev/null @@ -1,67 +0,0 @@ -.\" $Id: kauth.1,v 1.3 1998/06/30 15:29:17 assar Exp $ -.\" -.Dd May 4, 1996 -.Dt KAUTH 1 -.Os KTH-KRB -.Sh NAME -.Nm kauth -.Nd -overworked Kerberos login program -.Sh SYNOPSIS -.Nm -.Op Fl n Ar name -.Op Fl r Ar remote user -.Op Fl t Pa remote ticket file -.Op Fl h Ar hosts... -.Op Fl l Ar lifetime -.Op Fl f Pa srvtab -.Op Fl c Ar cell -.Op Ar command ... -.Sh DESCRIPTION -The -.Nm -command obtains ticket granting tickets as well as AFS ticket and -tokens. It also does a whole lot of other stuff. -.Pp -The following flags are supported: -.Bl -tag -width xxxx -.It Fl n -Principal to get tickets for. If no other arguments are present this -can be given without the -.Fl n -flag. -.It Fl h -Remote hosts to obtain tickets for. This works similar to the MIT -Athena Kerberos 4 patchlevel 10 command -.Xr rkinit 1 , -however not in a compatible way. It requires that the remote host runs -the -.Xr kauthd 8 , -server. The -.Fl r -and -.Fl t -flags are useful only with this option. -.It Fl r -User on the remote host that should own the ticket file. -.It Fl t -Ticket file on remote host. -.It Fl l -Lifetime of tickets in minutes. A value of -1 is used for maximum -ticket lifetime. -.It Fl f -Srvtab to get service keys from. Default is -.Pa /etc/srvtab . -This is mainly used with batch services that need to run -authenticated. If any command is given, it will be executed in an -authenticated fashion and when the program exits the tickets are -destroyed. For long running jobs the tickets will be renewed. -.It Fl c -AFS cell to get tokens for, default is your local cell. -.El -.Sh SEE ALSO -.Xr kinit 1 , -.Xr kauthd 8 , -.Xr kafs 3 -.Sh BUGS -There is no help-switch. diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8 deleted file mode 100644 index 4978ff2c5c71..000000000000 --- a/crypto/kerberosIV/man/kauthd.8 +++ /dev/null @@ -1,27 +0,0 @@ -.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $ -.\" -.Dd September 27, 1996 -.Dt KAUTHD 8 -.Os KTH-KRB -.Sh NAME -.Nm kauthd -.Nd -remote Kerberos login daemon -.Sh SYNOPSIS -.Nm -.Sh DESCRIPTION -Daemon for the -.Xr kauth 1 -command. -.Pp -Options supported by -.Nm kauthd : -.Bl -tag -width Ds -.It Fl i -Interactive. Do not expect to be started by -.Nm inetd, -but allocate and listen to the socket yourself. Handy for testing -and debugging. -.El -.Sh SEE ALSO -.Xr kauth 1 diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8 deleted file mode 100644 index c6e47396fa0f..000000000000 --- a/crypto/kerberosIV/man/kdb_destroy.8 +++ /dev/null @@ -1,32 +0,0 @@ -.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_destroy \- destroy Kerberos key distribution center database -.SH SYNOPSIS -kdb_destroy -.SH DESCRIPTION -.I kdb_destroy -deletes a Kerberos key distribution center database. -.PP -The user is prompted to verify that the database should be destroyed. A -response beginning with `y' or `Y' confirms deletion. -Any other response aborts deletion. -.SH DIAGNOSTICS -.TP 20n -"Database cannot be deleted at /var/kerberos/principal" -The attempt to delete the database failed (probably due to a system or -access permission error). -.TP -"Database not deleted." -The user aborted the deletion. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.SH SEE ALSO -kdb_init(8) diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8 deleted file mode 100644 index 14f7e92a0fd0..000000000000 --- a/crypto/kerberosIV/man/kdb_edit.8 +++ /dev/null @@ -1,54 +0,0 @@ -.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_edit \- Kerberos key distribution center database editing utility -.SH SYNOPSIS -kdb_edit [ -.B \-n -] -.SH DESCRIPTION -.I kdb_edit -is used to create or change principals stored in the Kerberos key -distribution center (KDC) database. -.PP -When executed, -.I kdb_edit -prompts for the master key string and verifies that it matches the -master key stored in the database. -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -Once the master key has been verified, -.I kdb_edit -begins a prompt loop. The user is prompted for the principal and -instance to be modified. If the entry is not found the user may create -it. -Once an entry is found or created, the user may set the password, -expiration date, maximum ticket lifetime, and attributes. -Default expiration dates, maximum ticket lifetimes, and attributes are -presented in brackets; if the user presses return the default is selected. -There is no default password. -The password RANDOM is interpreted specially, and if entered -the user may have the program select a random DES key for the -principal. -.PP -Upon successfully creating or changing the entry, ``Edit O.K.'' is -printed. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8 deleted file mode 100644 index f019dd4a413e..000000000000 --- a/crypto/kerberosIV/man/kdb_init.8 +++ /dev/null @@ -1,37 +0,0 @@ -.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_init \- Initialize Kerberos key distribution center database -.SH SYNOPSIS -kdb_init [ -.B realm -] -.SH DESCRIPTION -.I kdb_init -initializes a Kerberos key distribution center database, creating the -necessary principals. -.PP -If the optional -.I realm -argument is not present, -.I kdb_init -prompts for a realm name. -After determining the realm to be created, it prompts for -a master key password. The master key password is used to encrypt -every encryption key stored in the database. -.SH DIAGNOSTICS -.TP 20n -"/var/kerberos/principal: File exists" -An attempt was made to create a database on a machine which already had -an existing database. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.SH SEE ALSO -kdb_destroy(8) diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8 deleted file mode 100644 index 0e3c201a514c..000000000000 --- a/crypto/kerberosIV/man/kdb_util.8 +++ /dev/null @@ -1,68 +0,0 @@ -.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I merge -merges in the entries from -.IR filename -into the database. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database -.TP -.IR filename .ok -semaphore file created by -.IR slave_dump. diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1 deleted file mode 100644 index c7797c0313dd..000000000000 --- a/crypto/kerberosIV/man/kdestroy.1 +++ /dev/null @@ -1,96 +0,0 @@ -.\" $Id: kdestroy.1,v 1.4 1999/06/15 13:29:32 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdestroy \- destroy Kerberos tickets -.SH SYNOPSIS -.B kdestroy -[ -.B \-f -] -[ -.B \-q -] -[ -.B \-t -] -.SH DESCRIPTION -The -.I kdestroy -utility destroys the user's active -Kerberos -authorization tickets by writing zeros to the file that contains them. -If the ticket file does not exist, -.I kdestroy -displays a message to that effect. -.PP -After overwriting the file, -.I kdestroy -removes the file from the system. -The utility -displays a message indicating the success or failure of the -operation. -If -.I kdestroy -is unable to destroy the ticket file, -the utility will warn you by making your terminal beep. -.PP -In the Athena workstation environment, -the -.I toehold -service automatically destroys your tickets when you -end a workstation session. -If your site does not provide a similar ticket-destroying mechanism, -you can place the -.I kdestroy -command in your -.I .logout -file so that your tickets are destroyed automatically -when you logout. -.PP -The options to -.I kdestroy -are as follows: -.TP 7 -.B \-f -.I kdestroy -runs without displaying the status message. -.TP -.B \-q -.I kdestroy -will not make your terminal beep if it fails to destroy the tickets. -.TP -.B \-t -destroy tickets only and keep all AFS tokens. -.TP -.B \-u -unlog, i.e remove any AFS tokens associated with the current PAG -but leave the ticket file alone. -.PP -If neither -.B \-t -nor -.B \-u -is given, both tickets and AFS tokens are destroyed. -.SH FILES -KRBTKFILE environment variable if set, otherwise -.br -/tmp/tkt[uid] -.SH SEE ALSO -kerberos(1), kinit(1), klist(1) -.SH BUGS -.PP -Only the tickets in the user's current ticket file are destroyed. -Separate ticket files are used to hold root instance and password -changing tickets. These files should probably be destroyed too, or -all of a user's tickets kept in a single ticket file. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena -.br -Bill Sommerfeld, MIT Project Athena diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1 deleted file mode 100644 index 496882274617..000000000000 --- a/crypto/kerberosIV/man/kerberos.1 +++ /dev/null @@ -1,258 +0,0 @@ -.\" $Id: kerberos.1,v 1.3 1997/11/07 12:37:34 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kerberos \- introduction to the Kerberos system - -.SH DESCRIPTION -The -Kerberos -system authenticates -individual users in a network environment. -After authenticating yourself to -Kerberos, -you can use network utilities such as -.IR rlogin , -.IR rcp , -and -.IR rsh -without -having to present passwords to remote hosts and without having to bother -with -.I \.rhosts -files. -Note that these utilities will work without passwords only if -the remote machines you deal with -support the -Kerberos -system. -All Athena timesharing machines and public workstations support -Kerberos. -.PP -Before you can use -Kerberos, -you must register as an Athena user, -and you must make sure you have been added to -the -Kerberos -database. -You can use the -.I kinit -command to find out. -This command -tries to log you into the -Kerberos -system. -.I kinit -will prompt you for a username and password. -Enter your username and password. -If the utility lets you login without giving you a message, -you have already been registered. -.PP -If you enter your username and -.I kinit -responds with this message: -.nf - -Principal unknown (kerberos) - -.fi -you haven't been registered as a -Kerberos -user. -See your system administrator. -.PP -A Kerberos name contains three parts. -The first is the -.I principal name, -which is usually a user's or service's name. -The second is the -.I instance, -which in the case of a user is usually null. -Some users may have privileged instances, however, -such as ``root'' or ``admin''. -In the case of a service, the instance is the -name of the machine on which it runs; i.e. there -can be an -.I rlogin -service running on the machine ABC, which -is different from the rlogin service running on -the machine XYZ. -The third part of a Kerberos name -is the -.I realm. -The realm corresponds to the Kerberos service providing -authentication for the principal. -For example, at MIT there is a Kerberos running at the -Laboratory for Computer Science and one running at -Project Athena. -.PP -When writing a Kerberos name, the principal name is -separated from the instance (if not null) by a period, -and the realm (if not the local realm) follows, preceded by -an ``@'' sign. -The following are examples of valid Kerberos names: -.sp -.nf -.in +8 -billb -jis.admin -srz@lcs.mit.edu -treese.root@athena.mit.edu -.in -8 -.fi -.PP -When you authenticate yourself with -Kerberos, -through either the workstation -.I toehold -system or the -.I kinit -command, -Kerberos -gives you an initial -Kerberos -.IR ticket . -(A -Kerberos -ticket -is an encrypted protocol message that provides authentication.) -Kerberos -uses this ticket for network utilities -such as -.I rlogin -and -.IR rcp . -The ticket transactions are done transparently, -so you don't have to worry about their management. -.PP -Note, however, that tickets expire. -Privileged tickets, such as root instance tickets, -expire in a few minutes, while tickets that carry more ordinary -privileges may be good for several hours or a day, depending on the -installation's policy. -If your login session extends beyond the time limit, -you will have to re-authenticate yourself to -Kerberos -to get new tickets. -Use the -.IR kinit -command to re-authenticate yourself. -.PP -If you use the -.I kinit -command to get your tickets, -make sure you use the -.I kdestroy -command -to destroy your tickets before you end your login session. -You should probably put the -.I kdestroy -command in your -.I \.logout -file so that your tickets will be destroyed automatically when you logout. -For more information about the -.I kinit -and -.I kdestroy -commands, -see the -.I kinit(1) -and -.I kdestroy(1) -manual pages. -.PP -Currently, -Kerberos -supports the following network services: -.IR rlogin , -.IR rsh , -.IR rcp , -.IR pop , -.IR ftp , -.IR telnet , -.IR AFS -and -.IR NFS. - -.SH "SEE ALSO" -kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), -kadmin(8) -.SH BUGS -Kerberos -will not do authentication forwarding. -In other words, -if you use -.I rlogin -to login to a remote host, -you cannot use -Kerberos -services from that host -until you authenticate yourself explicitly on that host. -Although you may need to authenticate yourself on the remote -host, -be aware that when you do so, -.I rlogin -sends your password across the network in clear text. - -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena - -The following people helped out on various aspects of the system: - -Jeff Schiller designed and wrote the administration server and its -user interface, kadmin. -He also wrote the dbm version of the database management system. - -Mark Colan developed the -Kerberos -versions of -.IR rlogin , -.IR rsh , -and -.IR rcp , -as well as contributing work on the servers. - -John Ostlund developed the -Kerberos -versions of -.I passwd -and -.IR userreg . - -Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), -and made many contributions based on that experience. - -Many people contributed code and/or useful ideas, including -Jim Aspnes, -Bob Baldwin, -John Barba, -Richard Basch, -Jim Bloom, -Bill Bryant, -Rob French, -Dan Geer, -David Jedlinsky, -John Kohl, -John Kubiatowicz, -Bob McKie, -Brian Murphy, -Ken Raeburn, -Chris Reed, -Jon Rochlis, -Mike Shanzer, -Bill Sommerfeld, -Jennifer Steiner, -Ted Ts'o, -and -Win Treese. - -.SH RESTRICTIONS - -COPYRIGHT 1985,1986 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3 deleted file mode 100644 index deff91dc22f0..000000000000 --- a/crypto/kerberosIV/man/kerberos.3 +++ /dev/null @@ -1,461 +0,0 @@ -.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $ -.\" $FreeBSD$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, -krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, -krb_rd_err, krb_ck_repl \- Kerberos authentication library -.SH SYNOPSIS -.nf -.nj -.ft B -#include <openssl/des.h> -#include <krb.h> -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -int krb_mk_req(authent,service,instance,realm,checksum) -KTEXT authent; -char *service; -char *instance; -char *realm; -u_long checksum; -.PP -.ft B -int krb_rd_req(authent,service,instance,from_addr,ad,fn) -KTEXT authent; -char *service; -char *instance; -u_long from_addr; -AUTH_DAT *ad; -char *fn; -.PP -.ft B -int krb_kntoln(ad,lname) -AUTH_DAT *ad; -char *lname; -.PP -.ft B -int krb_set_key(key,cvt) -char *key; -int cvt; -.PP -.ft B -int krb_get_cred(service,instance,realm,c) -char *service; -char *instance; -char *realm; -CREDENTIALS *c; -.PP -.ft B -long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -des_key_schedule schedule; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) -u_char *in; -u_long in_length; -Key_schedule schedule; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_safe(in,out,in_length,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_safe(in,length,key,sender,receiver,msg_data) -u_char *in; -u_long length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_err(out,code,string) -u_char *out; -long code; -char *string; -.PP -.ft B -long krb_rd_err(in,length,code,msg_data) -u_char *in; -u_long length; -long code; -MSG_DAT *msg_data; -.fi -.ft R -.SH DESCRIPTION -This library supports network authentication and various related -operations. The library contains many routines beyond those described -in this man page, but they are not intended to be used directly. -Instead, they are called by the routines that are described, the -authentication server and the login program. -.PP -.I krb_err_txt[] -contains text string descriptions of various Kerberos error codes returned -by some of the routines below. -.PP -.I krb_mk_req -takes a pointer to a text structure in which an authenticator is to be -built. It also takes the name, instance, and realm of the service to be -used and an optional checksum. It is up to the application to decide -how to generate the checksum. -.I krb_mk_req -then retrieves a ticket for the desired service and creates an -authenticator. The authenticator is built in -.I authent -and is accessible -to the calling procedure. -.PP -It is up to the application to get the authenticator to the service -where it will be read by -.I krb_rd_req. -Unless an attacker posesses the session key contained in the ticket, it -will be unable to modify the authenticator. Thus, the checksum can be -used to verify the authenticity of the other data that will pass through -a connection. -.PP -.I krb_rd_req -takes an authenticator of type -.B KTEXT, -a service name, an instance, the address of the -host originating the request, and a pointer to a structure of type -.B AUTH_DAT -which is filled in with information obtained from the authenticator. -It also optionally takes the name of the file in which it will find the -secret key(s) for the service. -If the supplied -.I instance -contains "*", then the first service key with the same service name -found in the service key file will be used, and the -.I instance -argument will be filled in with the chosen instance. This means that -the caller must provide space for such an instance name. -.PP -It is used to find out information about the principal when a request -has been made to a service. It is up to the application protocol to get -the authenticator from the client to the service. The authenticator is -then passed to -.I krb_rd_req -to extract the desired information. -.PP -.I krb_rd_req -returns zero (RD_AP_OK) upon successful authentication. If a packet was -forged, modified, or replayed, authentication will fail. If the -authentication fails, a non-zero value is returned indicating the -particular problem encountered. See -.I krb.h -for the list of error codes. -.PP -If the last argument is the null string (""), krb_rd_req will use the -file /etc/srvtab to find its keys. If the last argument is NULL, it -will assume that the key has been set by -.I krb_set_key -and will not bother looking further. -.PP -.I krb_kntoln -converts a Kerberos name to a local name. It takes a structure -of type AUTH_DAT and uses the name and instance to look in the database -/etc/aname to find the corresponding local name. The local name is -returned and can be used by an application to change uids, directories, -or other parameters. It is not an integral part of Kerberos, but is -instead provided to support the use of Kerberos in existing utilities. -.PP -.I krb_set_key -takes as an argument a des key. It then creates -a key schedule from it and saves the original key to be used as an -initialization vector. -It is used to set the server's key which -must be used to decrypt tickets. -.PP -If called with a non-zero second argument, -.I krb_set_key -will first convert the input from a string of arbitrary length to a DES -key by encrypting it with a one-way function. -.PP -In most cases it should not be necessary to call -.I krb_set_key. -The necessary keys will usually be obtained and set inside -.I krb_rd_req. krb_set_key -is provided for those applications that do not wish to place the -application keys on disk. -.PP -.I krb_get_cred -searches the caller's ticket file for a ticket for the given service, instance, -and realm; and, if a ticket is found, fills in the given CREDENTIALS structure -with the ticket information. -.PP -If the ticket was found, -.I krb_get_cred -returns GC_OK. -If the ticket file can't be found, can't be read, doesn't belong to -the user (other than root), isn't a regular file, or is in the wrong -mode, the error GC_TKFIL is returned. -.PP -.I krb_mk_priv -creates an encrypted, authenticated -message from any arbitrary application data, pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key -and the key schedule, -.I schedule, -are used to encrypt the data and some header information using -.I pcbc_encrypt. -.I sender -and -.I receiver -point to the Internet address of the two parties. -In addition to providing privacy, this protocol message protects -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -.PP -.I krb_rd_priv -decrypts and authenticates a received -.I krb_mk_priv -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -and the key schedule, -.I schedule, -are used to decrypt and verify the received message. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h. -The routine fills in the -.I app_data -field with a pointer to the decrypted application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_safe -creates an authenticated, but unencrypted message from any arbitrary -application data, -pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key, -is used to seed the -.I quad_cksum() -checksum algorithm used as part of the authentication. -.I sender -and -.I receiver -point to the Internet address of the two parties. -This message does not provide privacy, but does protect (via detection) -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -The authentication provided by this routine is not as strong as that -provided by -.I krb_mk_priv -or by computing the checksum using -.I cbc_cksum -instead, both of which authenticate via DES. -.PP - -.I krb_rd_safe -authenticates a received -.I krb_mk_safe -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -is used to seed the quad_cksum() routine as part of the authentication. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: -the -.I app_data -field with a pointer to the application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. -(The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_err -constructs an application level error message that may be used along -with -.I krb_mk_priv -or -.I krb_mk_safe. -.I out -is a pointer to the output buffer, -.I code -is an application specific error code, and -.I string -is an application specific error string. - -.PP -.I krb_rd_err -unpacks a received -.I krb_mk_err -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -.I code -is a pointer to a value to be filled in with the error -value provided by the application. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: the -.I app_data -field with a pointer to the application error text, -.I app_length -with the length of the -.I app_data -field, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). - -The routine returns zero if the error message has been successfully received, -or a Kerberos error code. -.PP -The -.I KTEXT -structure is used to pass around text of varying lengths. It consists -of a buffer for the data, and a length. krb_rd_req takes an argument of this -type containing the authenticator, and krb_mk_req returns the -authenticator in a structure of this type. KTEXT itself is really a -pointer to the structure. The actual structure is of type KTEXT_ST. -.PP -The -.I AUTH_DAT -structure is filled in by krb_rd_req. It must be allocated before -calling krb_rd_req, and a pointer to it is passed. The structure is -filled in with data obtained from Kerberos. -.I MSG_DAT -structure is filled in by either krb_rd_priv, krb_rd_safe, or -krb_rd_err. It must be allocated before the call and a pointer to it -is passed. The structure is -filled in with data obtained from Kerberos. -.PP -.SH FILES -/usr/include/krb.h -.br -/usr/lib/libkrb.a -.br -/usr/include/des.h -.br -/usr/lib/libdes.a -.br -/etc/aname -.br -/etc/srvtab -.br -/tmp/tkt[uid] -.SH "SEE ALSO" -kerberos(1), des_crypt(3) -.SH DIAGNOSTICS -.SH BUGS -The caller of -.I krb_rd_req, krb_rd_priv, and krb_rd_safe -must check time order and for replay attempts. -.I krb_ck_repl -is not implemented yet. -.SH AUTHORS -Clifford Neuman, MIT Project Athena -.br -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.SH RESTRICTIONS -COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 deleted file mode 100644 index 5d89635d4fbf..000000000000 --- a/crypto/kerberosIV/man/kerberos.8 +++ /dev/null @@ -1,192 +0,0 @@ -.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $ -.\" -.Dd September 26, 1997 -.Dt KERBEROS 8 -.Os KTH-KRB -.Sh NAME -.Nm kerberos -.Nd The kerberos daemon -.Sh SYNPOSIS -.Nm -.Op Fl mns -.Op Fl a Ar max age -.Op Fl i Ar address -.Op Fl l Ar log -.Op Fl p Ar pause -.Op Fl P Ar portspec -.Op Fl r Ar realm -.Op Ar database -.Sh DESCRIPTION -This is the -.Nm -daemon. -.Pp -Options: -.Bl -tag -width -ident -.It Fl a -Set the -.Ar max age -before the database is considered stale. -.It Fl i -Only listen on -.Ar address . -Normally, the kerberos server listens on all addresses of all -interfaces. -.It Fl l -Write the log to -.Ar log -.It Fl m -Run manually and prompt for master key. -.It Fl n -Do not check max age. -.It Fl p -Pause for -.Ar pause -before dying. -.It Fl P -Listen to the ports specified by -.Ar portspec . -This should be a white-space separated list of port specificatios. A -port specification follows the format: -.Ar port Ns Op / Ns Ar protocol . -The -.Ar port -can be either a symbolic port name (from -.Pa /etc/services), or a number; -.Ar protocol can be either -.Li udp , -or -.Li tcp . -If left out, the KDC will listen to both UDP and TCP sockets on the -specified port. -.br -The special string -.Li + -mean that the default set of ports (TCP and UDP on ports 88 and 750) -should be included. -.It Fl r -Run as a server for realm -.Ar realm -.It Fl s -Set slave parameters. This will enable check to see if data is -getting too stale relative to the master. -.El - -If no -.Ar database -is given a default datbase will be used, normally -.Pa /var/kerberos/principal . -.Sh DIAGNOSTICS - -The server logs several messages in a log file -.Pf ( Pa /var/run/kerberos.log -by default). The logging mechanism opens and closes the log file for -each message, so you can safely rename the log file when the server is -running. -.Ss Operational messages -These are normal messages that you will see in the log. They might be -followed by some error message. -.Bl -tag -width xxxxx -.It Li Getting key for Ar REALM -The server fetched the key for -.Sq krbtgt.REALM -for the specific -realm. You will see this at startup, and for every attempt to use -cross realm authentication. -.It Xo Li Starting Kerberos for -.Ar REALM -.Li (kvno Ar kvno ) -.Xc -You will see this also if you start with -.Fl m . -.It Xo Li AS REQ -.Ar name.instance@REALM -.Li for -.Ar sname.sinstance -.Li from -.Ar ip-number -.Xc -An initial (password authenticated) request was received. -.It Xo Li APPL REQ -.Ar name.instance@REALM -.Li for -.Ar sname.sinstance -.Li from Ar ip-number -.Xc -A tgt-based request for a ticket was made. -.El - -.Ss Error messages -These messages reflects misconfigured clients, invalid requests, or -possibly attepted attacks. -.Bl -tag -width xxxxx -.It Li UNKNOWN Ar name.instance -The server received a request with an unknown principal. This is most -likely because someone typed the wrong name at a login prompt. It -could also be someone trying to get a list of possible users. -.It Xo Li Unknown realm Ar REALM -.Li from Ar ip-number -.Xc -There isn't a principal for -.Sq krbtgt.REALM -in the database. -.It Xo Li Can't hop realms: Ar REALM1 -.Li -> Ar REALM2 -.Xc -There was a request for a ticket for another realm. This might be -because of a misconfigured client. -.It Li Principal not unique Ar name.instance -There is more than one entry for this principal in the database. This -is not very good. -.It Li Null key Ar name.instance -Someone tried to use a principal that for some reason doesn't have a -key. -.It Xo Li Incorrect master key version for -.Ar name.instance -.Li : Ar number -.Li (should be Ar number ) -.Xc -The principal has it's key encrypted with the wrong master key. -.It Xo Li Principal Ar name.instance -.Li expired at Ar date -.Xc -The principal's key has expired. -.It Li krb_rd_req from Ar ip-number : error-message -The message couldn't be decoded properly. The error message will give -you further hints. You will see this if someone is trying to use -expired tickets. -.It Xo Li Unknown message type: Ar number -.Li from Ar ip-number -.Xc -The message received was not one that is understood by this server. -.It Li Can't authorize password changed based on TGT -Someone tried to get a -.Sq changepw.kerberos -via a tgt exchange. This is -because of a broken client, or possibly an attack. -.It Li KRB protocol version mismatch ( Ar number ) -The server received a request with an unknown version number. -.El - -.Ss Fatal error messages -The following messages indicate problems when starting the server. -.Bl -tag -width xxxxx -.It Li Database unavailable! -There was some problem reading the database. -.It Li Database currently being updated! -Someone is currently updating the database (possibly via krop). -.It Li Database out of date! -The database is older than the maximum age specified. -.It Li Couldn't get master key. -The master key file wasn't found or the file is damaged. -.It Li Can't verify master key. -The key in the keyfile doesn't match the current databse. -.It Li Ticket granting ticket service unknown -The database doesn't contain a -.Sq krbtgt.REALM -for the local realm. -.El - -.Sh SEE ALSO -.Xr kprop 8 , -.Xr kpropd 8 diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1 deleted file mode 100644 index 7d05b307d3ae..000000000000 --- a/crypto/kerberosIV/man/kinit.1 +++ /dev/null @@ -1,137 +0,0 @@ -.\" $Id: kinit.1,v 1.4 1998/12/18 16:57:29 assar Exp $ -.\" $FreeBSD$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kinit \- Kerberos login utility -.SH SYNOPSIS -.B kinit -[ -.B \-irvlp -] -.SH DESCRIPTION -The -.I kinit -command is used to login to the -Kerberos -authentication and authorization system. -Note that only registered -Kerberos -users can use the -Kerberos -system. -For information about registering as a -Kerberos -user, -see the -.I kerberos(1) -manual page. -.PP -If you are logged in to a workstation that is running the -.I toehold -service, -you do not have to use -.I kinit. -The -.I toehold -login procedure will log you into -Kerberos -automatically. -You will need to use -.I kinit -only in those situations in which -your original tickets have expired. -(Tickets expire in about a day.) -Note as well that -.I toehold -will automatically destroy your tickets when you logout from the workstation. -.PP -When you use -.I kinit -without options, -the utility -prompts for your username and Kerberos password, -and tries to authenticate your login with the local -Kerberos -server. -.PP -If -Kerberos -authenticates the login attempt, -.I kinit -retrieves your initial ticket and puts it in the ticket file specified by -your KRBTKFILE environment variable. -If this variable is undefined, -your ticket will be stored in the -.IR /tmp -directory, -in the file -.I tktuid , -where -.I uid -specifies your user identification number. -.PP -If you have logged in to -Kerberos -without the benefit of the workstation -.I toehold -system, -make sure you use the -.I kdestroy -command to destroy any active tickets before you end your login session. -You may want to put the -.I kdestroy -command in your -.I \.logout -file so that your tickets will be destroyed automatically when you logout. -.PP -The options to -.I kinit -are as follows: -.TP 7 -.B \-i -.I kinit -prompts you for a -Kerberos -instance. -.TP -.B \-r -.I kinit -prompts you for a -Kerberos -realm. -This option lets you authenticate yourself with a remote -Kerberos -server. -.TP -.B \-v -Verbose mode. -.I kinit -prints the name of the ticket file used, and -a status message indicating the success or failure of -your login attempt. -.TP -.B \-l -.I kinit -prompts you for a ticket lifetime in minutes. Due to protocol -restrictions in Kerberos Version 4, this value must be between 5 and -1275 minutes. -.TP -.B \-p -.I kinit -will acquires a ticket for changepw.kerberos. -.SH SEE ALSO -.PP -kerberos(1), kdestroy(1), klist(1), toehold(1) -.SH BUGS -The -.B \-r -option has not been fully implemented. -.SH AUTHORS -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.br -Clifford Neuman, MIT Project Athena diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1 deleted file mode 100644 index 76dec027bc95..000000000000 --- a/crypto/kerberosIV/man/klist.1 +++ /dev/null @@ -1,83 +0,0 @@ -.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -klist \- list currently held Kerberos tickets -.SH SYNOPSIS -.B klist -[ -\fB\-s \fR|\fB \-t\fR -] [ -.B \-file -name ] [ -.B \-srvtab -] -.br -.SH DESCRIPTION -.I klist -prints the name of the tickets file and the -identity of the principal the tickets are for (as listed in the -tickets file), and -lists the principal names of all Kerberos tickets currently held by -the user, along with the issue and expire time for each authenticator. -Principal names are listed in the form -.I name.instance@realm, -with the '.' omitted if the instance is null, -and the '@' omitted if the realm is null. - -If given the -.B \-s -option, -.I klist -does not print the issue and expire times, the name of the tickets file, -or the identity of the principal. - -If given the -.B \-t -option, -.B klist -checks for the existence of a non-expired ticket-granting-ticket in the -ticket file. If one is present, it exits with status 0, else it exits -with status 1. No output is generated when this option is specified. - -If given the -.B \-file -option, the following argument is used as the ticket file. -Otherwise, if the -.B KRBTKFILE -environment variable is set, it is used. -If this environment variable -is not set, the file -.B /tmp/tkt[uid] -is used, where -.B uid -is the current user-id of the user. - -If given the -.B \-srvtab -option, the file is treated as a service key file, and the names of the -keys contained therein are printed. If no file is -specified with a -.B \-file -option, the default is -.IR /etc/srvtab . -.SH FILES -.TP 2i -/etc/krb.conf -to get the name of the local realm -.TP -/tmp/tkt[uid] -as the default ticket file ([uid] is the decimal UID of the user). -.TP -/etc/srvtab -as the default service key file -.SH SEE ALSO -.PP -kerberos(1), kinit(1), kdestroy(1) -.SH BUGS -When reading a file as a service key file, very little sanity or error -checking is performed. diff --git a/crypto/kerberosIV/man/kpasswd.1 b/crypto/kerberosIV/man/kpasswd.1 deleted file mode 100644 index ad0c8584a83e..000000000000 --- a/crypto/kerberosIV/man/kpasswd.1 +++ /dev/null @@ -1,85 +0,0 @@ -.\" $Id: kpasswd.1,v 1.2 1996/06/12 21:29:21 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KPASSWD 1 "Kerberos Version 4.0" "MIT Project Athena" -.FM mit -.SH NAME -kpasswd \- change a user's Kerberos password -.SH SYNOPSIS -.B kpasswd -[ -.B \-h -] [ -.B \-n -.I name -] [ -.B \-i -.I instance -] [ -.B \-r -.I realm -] [ -\-u -.IR username[.instance][@realm] ] -.SH DESCRIPTION -The -.I kpasswd -command is used to change a Kerberos principal's password. -.PP -If the -.I \-h -option is specified, a brief summary of the options is printed, and -.I kpasswd -then exits. -.PP -If the -.I \-n -option is specified, -.I name -is used as the principal name rather than the username of the user -running -.IR kpasswd . -(This is determined from the ticket file if it exists; -otherwise, it is determined from the unix user id.) -.PP -If the -.I \-i -option is specified, -.I instance -is used as the instance rather than a null instance. -.PP -If the -.I \-r -option is specified, -.I realm -is used as the realm rather than the local realm. -.PP -If the -.I \-u -option is specified, a fully qualified kerberos -principal can be given. -.PP - -The utility prompts for the current Kerberos password (printing -the name of the principal for which it intends to change the password), -which is verified by the Kerberos server. If the old password is -correct, the user is prompted twice for the new password. A message is -printed indicating the success or failure of the password changing -operation. - -.SH BUGS - -.I kpasswd -does not handle names, instances, or realms with special -characters in them when the -n, -i, or -r options are used. Any -valid fullname is accepted, however, if the -u option is used. - -If the principal whose password you are trying to change does -not exist, you will not be told until after you have entered the -old password. - -.SH SEE ALSO -kerberos(1), kinit(1), passwd(1), kadmin(8) diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8 deleted file mode 100644 index 62761e5284e8..000000000000 --- a/crypto/kerberosIV/man/kprop.8 +++ /dev/null @@ -1,59 +0,0 @@ -.\" $Id: kprop.8,v 1.2 1996/06/15 17:03:22 assar Exp $ -.\" $FreeBSD$ -.\" -.Dd June 7, 1996 -.Dt KPROP 8 -.Os KTH-KRB -.Sh NAME -.Nm kprop -.Nd -the kerberos slave server update client -.Sh SYNOPSIS -.Nm -.Op Fl force -.Op Fl realm Ar realm -.Op Ar dump-file -.Op Ar slave-file -.Sh DESCRIPTION -Changes to the database, such as changed passwords, are only made to -the master server through the -.Nm kadmind -service. To propagate these changes to the slave servers, -.Nm -should be run regularly on the master server. - -The following options are recognised. - -.Bl -tag -width -force -.It Fl force -Propagate even if there hasn't been an update to the dump file since -last time. -.It Fl realm -Realm if other than the default. -.It dump-file -is a file created with -.Ic kdb_util slave_dump , -default is -.Pa /var/kerberos/slave_dump . -.It slave-file -Contains the names of the slave servers. Default is -.Pa /var/kerberos/slaves . -.El - -.Nm -will use the principal -.Nm rcmd.kerberos -to authenticate to the master servers. This principal has to be added -to the database, and it should also be put into the service key file -on the master server. - -.Sh FILES -.Bl -tag -width indent -compact -.It Pa /var/kerberos/slave_dump -.It Pa /var/kerberos/slaves -.It Pa /etc/srvtab -.El -.Sh SEE ALSO -.Xr kpropd 8 , -.Xr kerberos 8 , -.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8 deleted file mode 100644 index be46ca368186..000000000000 --- a/crypto/kerberosIV/man/kpropd.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" $Id: kpropd.8,v 1.2 1997/02/07 22:04:55 assar Exp $ -.\" $FreeBSD$ -.\" -.Dd June 7, 1996 -.Dt KPROPD 8 -.Os KTH-KRB -.Sh NAME -.Nm kpropd -.Nd -the kerberos slave server update facility -.Sh SYNOPSIS -.Nm -.Op Fl i -.Op Fl d Ar database -.Op Fl l Ar logfile -.Op Fl m -.Op Fl p Ar kdb_util -.Op Fl r Ar realm -.Op Fl s Ar srvtab -.Sh DESCRIPTION -The -.Nm -responds to database update requests from the -.Nm kprop -command. It can either be started from -.Nm inetd -or as an ordinary program. - -The following options are recognised: - -.Bl -tag -width xxxx -.It Fl i -Run stand-alone. If this flag is not given, it is assumed to have -been started by -.Nm inetd . -.It Fl d -What database file to use, default is -.Pa /var/kerberos/principal . -.It Fl l -Logfile to use, default is -.Pa /var/log/kpropd.log . -.It Fl m -Treat data as changes to the database rather than a complete database. -.It Fl p -The path to -.Nm kdb_util , -default is -.Pa /usr/athena/sbin/kdb_util . -.It Fl r -Realm if other than the default realm. -.It Fl s -Srvtab if other than -.Pa /etc/kerberosIV/srvtab . -.El -.Sh FILES -.Bl -tag -width indent -compact -.It Pa /var/db/kerberos/principal.{db,dir,pag} -.It Pa /var/log/kpropd.log -.It Pa /etc/srvtab -.El -.Sh SEE ALSO -.Xr kprop 8 , -.Xr kerberos 8 , -.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5 deleted file mode 100644 index 8ffa9afb7206..000000000000 --- a/crypto/kerberosIV/man/krb.conf.5 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $Id: krb.conf.5,v 1.4 1999/08/02 16:09:57 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -/etc/krb.conf \- Kerberos configuration file -.SH DESCRIPTION -.I krb.conf -contains configuration information describing the Kerberos realm(s) and the -Kerberos key distribution center (KDC) servers for known realms. -.PP -.I krb.conf -starts with a definition of the local realm on the first line, this is -followed by any number lines defining supplementary local realms. The -rest of the file consists of lines indicating realm/host entries. The -first token is a realm name, and the second is a server specification -of a host running a KDC for that realm. The words "admin server" -following the hostname indicate that the host also provides an -administrative database server. - -To be able to communicate with the KDC through a firewall it is -sometimes necessary to tunnel requests over HTTP or TCP. Tunnel -protocols and port numbers are specified in the server specification -using the syntax [(UDP|TCP|HTTP)/]hostname[:port]. - -For example: -.nf -.in +1i -SICS.SE -NADA.KTH.SE -SICS.SE TCP/kerberos.sics.se:88 admin server -NADA.KTH.SE kerberos.nada.kth.se admin server -NADA.KTH.SE kerberos-1.nada.kth.se -NADA.KTH.SE kerberos-2.nada.kth.se -NADA.KTH.SE HTTP/kerberos-3.nada.kth.se -KTH.SE kerberos.kth.se admin server -.in -1i -.SH SEE ALSO -krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3) diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5 deleted file mode 100644 index e38f94bf6179..000000000000 --- a/crypto/kerberosIV/man/krb.equiv.5 +++ /dev/null @@ -1,28 +0,0 @@ -.\" $Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $ -.\" -.Dd June 18, 1996 -.Dt KRB.EQUIV 5 -.Os KTH-KRB -.Sh NAME -.Nm krb.equiv -.Nd -Kerberos equivalent hosts file -.Sh DESCRIPTION -.Nm -contains a list of IP addresses that is to be considered being the -same host for Kerberos purposes. Plain addresses match a single -host. Addresses followed by a slash (/) and a number is taken as a -sub-network that should be considered equal. -.Pp -Hash (#) starts a comment. Backslash (\\) is a continuation character. -.Sh EXAMPLES -.Bd -literal -# A machine with two interfaces. -130.237.232.113 130.237.221.42 # emma emma-ether -# A machine with *many* interfaces -193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps -.Ed -.Sh SEE ALSO -.Xr krb_equiv 3 , -.Xr krb.conf 5 , -.Xr krb.realms 5 diff --git a/crypto/kerberosIV/man/krb.extra.5 b/crypto/kerberosIV/man/krb.extra.5 deleted file mode 100644 index 38569fdcd805..000000000000 --- a/crypto/kerberosIV/man/krb.extra.5 +++ /dev/null @@ -1,51 +0,0 @@ -.\" $Id: krb.extra.5,v 1.4 1999/11/25 05:30:42 assar Exp $ -.\" -.Dd June 24, 1999 -.Dt KRB.EXTRA 5 -.Os KTH-KRB -.Sh NAME -.Nm krb.extra -.Nd -Kerberos misc configuration file -.Sh DESCRIPTION -.Nm -contains a number of settings that are used by the kerberos library, -or directly by applications. Each line in the file consists of a -variable, an equal sign, and a value. Lines beginning with hash are -ignored. -.Pp -Currently defined variables are: -.Bl -tag -width foo -.It kdc_timeout -time in seconds to wait for an answer from the KDC (default is 4 -seconds) -.It kdc_timesync -if this is enabled, the time differential between the client and the -KDC will be stored, and used later on when computing the correct time; -this is useful if the client's clock is drifting -.It firewall_address -the outside address of the firewall; this is used in some places to -compute a direction bit, and this might break if the server has a -different idea about which address to use then the client -.It krb4_proxy -address of a web-proxy to use when connecting to the KDC via HTTP -.It krb_default_tkt_root -the default prefix for ticket files. E.g, if your uid is 42 and the -prefix is /tmp/tkt then your default ticket file will be /tmp/tkt42 -.It krb_default_keyfile -the default kefile, normally /etc/srvtab -.It nat_in_use -if a Network Address Translator (NAT) is being used. -.El -.Sh EXAMPLES -.Bd -literal -# this is a comment -krb_default_tkt_root = /tkt/tkt_ -kdc_timesync = yes -firewall_address = 10.0.0.1 -krb_default_keyfile = /etc/kerberosIV/srvtab -.Ed -.Sh SEE ALSO -.Xr krb.equiv 5 , -.Xr krb.conf 5 , -.Xr krb.realms 5 diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5 deleted file mode 100644 index 427c4550261e..000000000000 --- a/crypto/kerberosIV/man/krb.realms.5 +++ /dev/null @@ -1,38 +0,0 @@ -.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -/etc/krb.realms \- host to Kerberos realm translation file -.SH DESCRIPTION -.I krb.realms -provides a translation from a hostname to the Kerberos realm name for -the services provided by that host. -.PP -Each line of the translation file is in one of the following forms -(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU): -.nf -.in +5n -host_name kerberos_realm -domain_name kerberos_realm -.in -5n -.fi -If a hostname exactly matches the -.I host_name -field in a line of the first -form, the corresponding realm is the realm of the host. -If a hostname does not match any -.I host_name -in the file, but its -domain exactly matches the -.I domain_name -field in a line of the second -form, the corresponding realm is the realm of the host. -.PP -If no translation entry applies, the host's realm is considered to be -the hostname's domain portion converted to upper case. -.SH SEE ALSO -krb_realmofhost(3) diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3 deleted file mode 100644 index d7c0ea6a5e45..000000000000 --- a/crypto/kerberosIV/man/krb_realmofhost.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $ -.\" $FreeBSD$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, -krb_get_lrealm \- additional Kerberos utility routines -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -#include <openssl/des.h> -#include <netinet/in.h> -.PP -.ft B -char *krb_realmofhost(host) -char *host; -.PP -.ft B -char *krb_get_phost(alias) -char *alias; -.PP -.ft B -krb_get_krbhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_admhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_lrealm(realm,n) -char *realm; -int n; -.fi -.ft R -.SH DESCRIPTION -.I krb_realmofhost -returns the Kerberos realm of the host -.IR host , -as determined by the translation table -.IR /etc/krb.realms . -.I host -should be the fully-qualified domain-style primary host name of the host -in question. In order to prevent certain security attacks, this routine -must either have -.I a priori -knowledge of a host's realm, or obtain such information securely. -.PP -The format of the translation file is described by -.IR krb.realms (5). -If -.I host -exactly matches a host_name line, the corresponding realm -is returned. -Otherwise, if the domain portion of -.I host -matches a domain_name line, the corresponding realm -is returned. -If -.I host -contains a domain, but no translation is found, -.IR host 's -domain is converted to upper-case and returned. -If -.I host -contains no discernable domain, or an error occurs, -the local realm name, as supplied by -.IR krb_get_lrealm (3), -is returned. -.PP -.I krb_get_phost -converts the hostname -.I alias -(which can be either an official name or an alias) into the instance -name to be used in obtaining Kerberos tickets for most services, -including the Berkeley rcmd suite (rlogin, rcp, rsh). -.br -The current convention is to return the first segment of the official -domain-style name after conversion to lower case. -.PP -.I krb_get_krbhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos key distribution center (KDC) -for realm -.IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). -The configuration file is described by -.IR krb.conf (5). -If the host is successfully filled in, the routine -returns KSUCCESS. -If the file cannot be opened, and -.I n -equals 1, then the value of KRB_HOST as defined in -.I <krb.h> -is filled in, and KSUCCESS is returned. If there are fewer than -.I n -hosts running a Kerberos KDC for the requested realm, or the -configuration file is malformed, the routine -returns KFAILURE. -.PP -.I krb_get_admhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos KDC database administration server -for realm -.IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). -If the file cannot be opened or is malformed, or there are fewer than -.I n -hosts running a Kerberos KDC database administration server, -the routine returns KFAILURE. -.PP -The character arrays used as return values for -.IR krb_get_krbhst , -.IR krb_get_admhst , -should be large enough to -hold any hostname (MAXHOSTNAMELEN from <sys/param.h>). -.PP -.I krb_get_lrealm -fills in -.I realm -with the -.IR n th -realm of the local host, as specified in the configuration file. -.I realm -should be at least REALM_SZ (from -.IR <krb.h>) characters long. -.PP -.SH SEE ALSO -kerberos(3), krb.conf(5), krb.realms(5) -.SH FILES -.TP 20n -/etc/krb.realms -translation file for host-to-realm mapping. -.TP -/etc/krb.conf -local realm-name and realm/server configuration file. -.SH BUGS -The current convention for instance names is too limited; the full -domain name should be used. -.PP -.I krb_get_lrealm -currently only supports -.I n -= 1. It should really consult the user's ticket cache to determine the -user's current realm, rather than consulting a file on the host. diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3 deleted file mode 100644 index cc99d4e58d09..000000000000 --- a/crypto/kerberosIV/man/krb_sendauth.3 +++ /dev/null @@ -1,348 +0,0 @@ -.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $ -.\" $FreeBSD$ -.\" Copyright 1988 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- -Kerberos routines for sending authentication via network stream sockets -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -#include <openssl/des.h> -#include <netinet/in.h> -.PP -.fi -.HP 1i -.ft B -int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, -msg_data, cred, schedule, laddr, faddr, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst, *realm; -u_long checksum; -MSG_DAT *msg_data; -CREDENTIALS *cred; -Key_schedule schedule; -struct sockaddr_in *laddr, *faddr; -char *version; -.PP -.fi -.HP 1i -.ft B -int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, -auth_data, filename, schedule, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst; -struct sockaddr_in *faddr, *laddr; -AUTH_DAT *auth_data; -char *filename; -Key_schedule schedule; -char *version; -.PP -.ft B -int krb_net_write(fd, buf, len) -int fd; -char *buf; -int len; -.PP -.ft B -int krb_net_read(fd, buf, len) -int fd; -char *buf; -int len; -.fi -.SH DESCRIPTION -.PP -These functions, -which are built on top of the core Kerberos library, -provide a convenient means for client and server -programs to send authentication messages -to one another through network connections. -The -.I krb_sendauth -function sends an authenticated ticket from the client program to -the server program by writing the ticket to a network socket. -The -.I krb_recvauth -function receives the ticket from the client by -reading from a network socket. - -.SH KRB_SENDAUTH -.PP -This function writes the ticket to -the network socket specified by the -file descriptor -.IR fd, -returning KSUCCESS if the write proceeds successfully, -and an error code if it does not. - -The -.I ktext -argument should point to an allocated KTEXT_ST structure. -The -.IR service, -.IR inst, -and -.IR realm -arguments specify the server program's Kerberos principal name, -instance, and realm. -If you are writing a client that uses the local realm exclusively, -you can set the -.I realm -argument to NULL. - -The -.I version -argument allows the client program to pass an application-specific -version string that the server program can then match against -its own version string. -The -.I version -string can be up to KSEND_VNO_LEN (see -.IR <krb.h> ) -characters in length. - -The -.I checksum -argument can be used to pass checksum information to the -server program. -The client program is responsible for specifying this information. -This checksum information is difficult to corrupt because -.I krb_sendauth -passes it over the network in encrypted form. -The -.I checksum -argument is passed as the checksum argument to -.IR krb_mk_req . - -You can set -.IR krb_sendauth's -other arguments to NULL unless you want the -client and server programs to mutually authenticate -themselves. -In the case of mutual authentication, -the client authenticates itself to the server program, -and demands that the server in turn authenticate itself to -the client. - -.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION -.PP -If you want mutual authentication, -make sure that you read all pending data from the local socket -before calling -.IR krb_sendauth. -Set -.IR krb_sendauth's -.I options -argument to -.BR KOPT_DO_MUTUAL -(this macro is defined in the -.IR krb.h -file); -make sure that the -.I laddr -argument points to -the address of the local socket, -and that -.I faddr -points to the foreign socket's network address. - -.I Krb_sendauth -fills in the other arguments-- -.IR msg_data , -.IR cred , -and -.IR schedule --before -sending the ticket to the server program. -You must, however, allocate space for these arguments -before calling the function. - -.I Krb_sendauth -supports two other options: -.BR KOPT_DONT_MK_REQ, -and -.BR KOPT_DONT_CANON. -If called with -.I options -set as KOPT_DONT_MK_REQ, -.I krb_sendauth -will not use the -.I krb_mk_req -function to retrieve the ticket from the Kerberos server. -The -.I ktext -argument must point to an existing ticket and authenticator (such as -would be created by -.IR krb_mk_req ), -and the -.IR service, -.IR inst, -and -.IR realm -arguments can be set to NULL. - -If called with -.I options -set as KOPT_DONT_CANON, -.I krb_sendauth -will not convert the service's instance to canonical form using -.IR krb_get_phost (3). - -If you want to call -.I krb_sendauth -with a multiple -.I options -specification, -construct -.I options -as a bitwise-OR of the options you want to specify. - -.SH KRB_RECVAUTH -.PP -The -.I krb_recvauth -function -reads a ticket/authenticator pair from the socket pointed to by the -.I fd -argument. -Set the -.I options -argument -as a bitwise-OR of the options desired. -Currently only KOPT_DO_MUTUAL is useful to the receiver. - -The -.I ktext -argument -should point to an allocated KTEXT_ST structure. -.I Krb_recvauth -fills -.I ktext -with the -ticket/authenticator pair read from -.IR fd , -then passes it to -.IR krb_rd_req . - -The -.I service -and -.I inst -arguments -specify the expected service and instance for which the ticket was -generated. They are also passed to -.IR krb_rd_req. -The -.I inst -argument may be set to "*" if the caller wishes -.I krb_mk_req -to fill in the instance used (note that there must be space in the -.I inst -argument to hold a full instance name, see -.IR krb_mk_req (3)). - -The -.I faddr -argument -should point to the address of the peer which is presenting the ticket. -It is also passed to -.IR krb_rd_req . - -If the client and server plan to mutually authenticate -one another, -the -.I laddr -argument -should point to the local address of the file descriptor. -Otherwise you can set this argument to NULL. - -The -.I auth_data -argument -should point to an allocated AUTH_DAT area. -It is passed to and filled in by -.IR krb_rd_req . -The checksum passed to the corresponding -.I krb_sendauth -is available as part of the filled-in AUTH_DAT area. - -The -.I filename -argument -specifies the filename -which the service program should use to obtain its service key. -.I Krb_recvauth -passes -.I filename -to the -.I krb_rd_req -function. -If you set this argument to "", -.I krb_rd_req -looks for the service key in the file -.IR /etc/srvtab. - -If the client and server are performing mutual authenication, -the -.I schedule -argument -should point to an allocated Key_schedule. -Otherwise it is ignored and may be NULL. - -The -.I version -argument should point to a character array of at least KSEND_VNO_LEN -characters. It is filled in with the version string passed by the client to -.IR krb_sendauth. -.PP -.SH KRB_NET_WRITE AND KRB_NET_READ -.PP -The -.I krb_net_write -function -emulates the write(2) system call, but guarantees that all data -specified is written to -.I fd -before returning, unless an error condition occurs. -.PP -The -.I krb_net_read -function -emulates the read(2) system call, but guarantees that the requested -amount of data is read from -.I fd -before returning, unless an error condition occurs. -.PP -.SH BUGS -.IR krb_sendauth, -.IR krb_recvauth, -.IR krb_net_write, -and -.IR krb_net_read -will not work properly on sockets set to non-blocking I/O mode. - -.SH SEE ALSO - -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) - -.SH AUTHOR -John T. Kohl, MIT Project Athena -.SH RESTRICTIONS -Copyright 1988, Massachusetts Instititute of Technology. -For copying and distribution information, -please see the file <mit-copyright.h>. diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3 deleted file mode 100644 index 9d941435a8b8..000000000000 --- a/crypto/kerberosIV/man/krb_set_tkt_string.3 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_set_tkt_string \- set Kerberos ticket cache file name -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -void krb_set_tkt_string(filename) -char *filename; -.fi -.ft R -.SH DESCRIPTION -.I krb_set_tkt_string -sets the name of the file that holds the user's -cache of Kerberos server tickets and associated session keys. -.PP -The string -.I filename -passed in is copied into local storage. -Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are -copied in for use as the cache file name. -.PP -This routine should be called during initialization, before other -Kerberos routines are called; otherwise the routines which fetch the -ticket cache file name may be called and return an undesired ticket file -name until this routine is called. -.SH FILES -.TP 20n -/tmp/tkt[uid] -default ticket file name, unless the environment variable KRBTKFILE is set. -[uid] denotes the user's uid, in decimal. -.SH SEE ALSO -kerberos(3), setenv(3) diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1 deleted file mode 100644 index ff8563cfbb9f..000000000000 --- a/crypto/kerberosIV/man/ksrvtgt.1 +++ /dev/null @@ -1,50 +0,0 @@ -.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a -service key -.SH SYNOPSIS -.B ksrvtgt -name instance [[realm] srvtab] -.SH DESCRIPTION -.I ksrvtgt -retrieves a ticket-granting ticket with a lifetime of five (5) minutes -for the principal -.I name.instance@realm -(or -.I name.instance@localrealm -if -.I realm -is not supplied on the command line), decrypts the response using -the service key found in -.I srvtab -(or in -.B /etc/srvtab -if -.I srvtab -is not specified on the command line), and stores the ticket in the -standard ticket cache. -.PP -This command is intended primarily for use in shell scripts and other -batch-type facilities. -.SH DIAGNOSTICS -"Generic kerberos failure (kfailure)" can indicate a whole range of -problems, the most common of which is the inability to read the service -key file. -.SH FILES -.TP 2i -/etc/krb.conf -to get the name of the local realm. -.TP -/tmp/tkt[uid] -The default ticket file. -.TP -/etc/srvtab -The default service key file. -.SH SEE ALSO -kerberos(1), kinit(1), kdestroy(1) diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8 deleted file mode 100644 index 23db91927b77..000000000000 --- a/crypto/kerberosIV/man/ksrvutil.8 +++ /dev/null @@ -1,105 +0,0 @@ -.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $ -.\" $FreeBSD$ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.Dd May 4, 1996 -.Dt KSRVUTIL 8 -.Os KTH-KRB - -.Sh NAME -.Nm ksrvutil -host kerberos keyfile (srvtab) manipulation utility -.Sh SYNOPSIS -.Nm -.Op Fl f Pa keyfile -.Op Fl i -.Op Fl k -.Op Fl p Ar principal -.Op Fl r Ar realm -.Ar operation - -.Sh DESCRIPTION -.Nm -allows a system manager to list or change keys currently in his -keyfile or to add new keys to the keyfile. -.Pp -Operation must be one of the following: -.Bl -tag -width indent -.It list -lists the keys in a keyfile showing version number and principal name. -If the -.Fl k -option is given, keys will also be shown. -.It change -changes all the keys in the keyfile by using the regular admin -protocol. If the -.Fl i -flag is given, -.Nm ksrvutil -will prompt for yes or no before changing each key. If the -.Fl k -option is used, the old and new keys will be displayed. -.It add -allows the user to add a key. -add -prompts for name, instance, realm, and key version number, asks -for confirmation, and then asks for a password. -.Nm -then converts the password to a key and appends the keyfile with the -new information. If the -.Fl k -option is used, the key is displayed. -.It get -gets a service from the Kerberos server, possibly creating the -principal. Names, instances and realms for the service keys to get are -prompted for. The default principal used in the kadmin transcation is -your root instance. This can be changed with the -.Fl p -option. -.El -.Pp -In all cases, the default file used is KEY_FILE as defined in krb.h -unless this is overridden by the -.Fl f -option. -.Pp -A good use for -.Nm -would be for adding keys to a keyfile. A system manager could -ask a kerberos administrator to create a new service key with -.Xr kadmin 8 -and could supply an initial password. Then, he could use -.Nm -to add the key to the keyfile and then to change the key so that it -will be random and unknown to either the system manager or the -kerberos administrator. - -.Nm -always makes a backup copy of the keyfile before making any changes. - -.Sh DIAGNOSTICS -If -.Nm -should exit on an error condition at any time during a change or add, -a copy of the original keyfile can be found in -.Pa filename Ns .old -where -.Pa filename -is the name of the keyfile, and a copy of the file with all new -keys changed or added so far can be found in -.Pa filename Ns .work. -The original keyfile is left unmodified until the program exits at -which point it is removed and replaced it with the workfile. -Appending the workfile to the backup copy and replacing the keyfile -with the result should always give a usable keyfile, although the -resulting keyfile will have some out of date keys in it. - -.Sh SEE ALSO -.Xr kadmin 8 , -.Xr ksrvtgt 1 - -.Sh AUTHOR -Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8 deleted file mode 100644 index 0197a3d2d11a..000000000000 --- a/crypto/kerberosIV/man/kstash.8 +++ /dev/null @@ -1,40 +0,0 @@ -.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kstash \- stash Kerberos key distribution center database master key -.SH SYNOPSIS -kstash -.SH DESCRIPTION -.I kstash -saves the Kerberos key distribution center (KDC) database master key in -the master key cache file. -.PP -The user is prompted to enter the key, to verify the authenticity of the -key and the authorization to store the key in the file. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.TP -"kstash: Unable to open master key file" -The attempt to open the cache file for writing failed (probably due to a -system or access permission error). -.TP -"kstash: Write I/O error on master key file" -The -.BR write (2) -system call returned an error while -.I kstash -was attempting to write the key to the file. -.SH FILES -.TP 20n -/var/kerberos/principal.pag, /var/kerberos/principal.dir -DBM files containing database -.TP -/.k -Master key cache file. diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3 deleted file mode 100644 index 098730898be7..000000000000 --- a/crypto/kerberosIV/man/kuserok.3 +++ /dev/null @@ -1,66 +0,0 @@ -.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kuserok \- Kerberos version of ruserok -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -kuserok(kdata, localuser) -AUTH_DAT *auth_data; -char *localuser; -.fi -.ft R -.SH DESCRIPTION -.I kuserok -determines whether a Kerberos principal described by the structure -.I auth_data -is authorized to login as user -.I localuser -according to the authorization file -("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, -1 (one) if not authorized. -.PP -If there is no account for -.I localuser -on the local machine, authorization is not granted. -If there is no authorization file, and the Kerberos principal described -by -.I auth_data -translates to -.I localuser -(using -.IR krb_kntoln (3)), -authorization is granted. -If the authorization file -can't be accessed, or the file is not owned by -.IR localuser, -authorization is denied. Otherwise, the file is searched for -a matching principal name, instance, and realm. If a match is found, -authorization is granted, else authorization is denied. -.PP -The file entries are in the format: -.nf -.in +5n - name.instance@realm -.in -5n -.fi -with one entry per line. - -For convenience ~localuser@LOCALREALM is -always considered to be an entry in the file even when there is no -file or the file is unreadable. -.SH SEE ALSO -kerberos(3), ruserok(3), krb_kntoln(3) -.SH FILES -.TP 20n -~\fIlocaluser\fR/.klogin -authorization list diff --git a/crypto/kerberosIV/man/login.1 b/crypto/kerberosIV/man/login.1 deleted file mode 100644 index b05a6a4dce61..000000000000 --- a/crypto/kerberosIV/man/login.1 +++ /dev/null @@ -1,160 +0,0 @@ -.\" Copyright (c) 1980, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)login.1 8.1 (Berkeley) 6/9/93 -.\" -.Dd June 9, 1993 -.Dt LOGIN 1 -.Os BSD 4 -.Sh NAME -.Nm login -.Nd log into the computer -.Sh SYNOPSIS -.Nm login -.Op Fl fp -.Op Fl h Ar hostname -.Op Ar user -.Sh DESCRIPTION -.Sy Note: -this manual page describes the original login program for -NetBSD. Everything in here might not be true. -.Pp -The -.Nm login -utility logs users (and pseudo-users) into the computer system. -.Pp -If no user is specified, or if a user is specified and authentication -of the user fails, -.Nm login -prompts for a user name. -Authentication of users is done via passwords. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl f -The -.Fl f -option is used when a user name is specified to indicate that proper -authentication has already been done and that no password need be -requested. -This option may only be used by the super-user or when an already -logged in user is logging in as themselves. -.It Fl h -The -.Fl h -option specifies the host from which the connection was received. -It is used by various daemons such as -.Xr telnetd 8 . -This option may only be used by the super-user. -.It Fl p -By default, -.Nm login -discards any previous environment. -The -.Fl p -option disables this behavior. -.El -.Pp -If the file -.Pa /etc/nologin -exists, -.Nm login -dislays its contents to the user and exits. -This is used by -.Xr shutdown 8 -to prevent users from logging in when the system is about to go down. -.Pp -If the file -.Pa /etc/fbtab -exists, -.Nm login -changes the protection and ownership of certain devices specified in this -file. -.Pp -Immediately after logging a user in, -.Nm login -displays the system copyright notice, the date and time the user last -logged in, the message of the day as well as other information. -If the file -.Dq Pa .hushlogin -exists in the user's home directory, all of these messages are suppressed. -This is to simplify logins for non-human users, such as -.Xr uucp 1 . -.Nm Login -then records an entry in the -.Xr wtmp 5 -and -.Xr utmp 5 -files and executes the user's command interpretor. -.Pp -Login enters information into the environment (see -.Xr environ 7 ) -specifying the user's home directory (HOME), command interpreter (SHELL), -search path (PATH), terminal type (TERM) and user name (both LOGNAME and -USER). -.Pp -The standard shells, -.Xr csh 1 -and -.Xr sh 1 , -do not fork before executing the -.Nm login -utility. -.Sh FILES -.Bl -tag -width /var/mail/userXXX -compact -.It Pa /etc/fbtab -changes device protections -.It Pa /etc/motd -message-of-the-day -.It Pa /etc/nologin -disallows logins -.It Pa /var/run/utmp -current logins -.It Pa /var/log/wtmp -login account records -.It Pa /var/mail/user -system mailboxes -.It Pa \&.hushlogin -makes login quieter -.El -.Sh SEE ALSO -.Xr chpass 1 , -.Xr passwd 1 , -.Xr rlogin 1 , -.Xr getpass 3 , -.Xr fbtab 5 , -.Xr utmp 5 , -.Xr environ 7 -.Sh HISTORY -A -.Nm login -appeared in -.At v6 . diff --git a/crypto/kerberosIV/man/login.access.5 b/crypto/kerberosIV/man/login.access.5 deleted file mode 100644 index 28d423c9156c..000000000000 --- a/crypto/kerberosIV/man/login.access.5 +++ /dev/null @@ -1,50 +0,0 @@ -.\" this is comment -.Dd April 30, 1994 -.Dt SKEY.ACCESS 5 -.Os FreeBSD 1.2 -.Sh NAME -.Nm login.access -.Nd Login access control table -.Sh DESCRIPTION -The -.Nm login.access -file specifies (user, host) combinations and/or (user, tty) -combinations for which a login will be either accepted or refused. -.Pp -When someone logs in, the -.Nm login.access -is scanned for the first entry that -matches the (user, host) combination, or, in case of non-networked -logins, the first entry that matches the (user, tty) combination. The -permissions field of that table entry determines whether the login will -be accepted or refused. -.Pp -Each line of the login access control table has three fields separated by a -":" character: permission : users : origins - -The first field should be a "+" (access granted) or "-" (access denied) -character. The second field should be a list of one or more login names, -group names, or ALL (always matches). The third field should be a list -of one or more tty names (for non-networked logins), host names, domain -names (begin with "."), host addresses, internet network numbers (end -with "."), ALL (always matches) or LOCAL (matches any string that does -not contain a "." character). If you run NIS you can use @netgroupname -in host or user patterns. - -The EXCEPT operator makes it possible to write very compact rules. - -The group file is searched only when a name does not match that of the -logged-in user. Only groups are matched in which users are explicitly -listed: the program does not look at a user's primary group id value. -.Sh FILES -.Bl -tag -width /etc/login.access -compact -.It Pa /etc/login.access -The -.Nm login.access -file resides in -.Pa /etc . -.El -.Sh SEE ALSO -.Xr login 1 -.Sh AUTHOR -Guido van Rooij diff --git a/crypto/kerberosIV/man/pagsh.1 b/crypto/kerberosIV/man/pagsh.1 deleted file mode 100644 index cd95f8bfc90c..000000000000 --- a/crypto/kerberosIV/man/pagsh.1 +++ /dev/null @@ -1,22 +0,0 @@ -.\" $Id: pagsh.1,v 1.1 1996/04/27 23:03:35 d91-jda Exp $ -.\" -.Dd April 27, 1996 -.Dt PAGSH 1 -.Os KTH-KRB -.Sh NAME -.Nm pagsh -.Nd -execute a command without authentication -.Sh SYNOPSIS -.Nm pagsh -.Op Oo Fl c Oc Nm command Ar args -.Sh DESCRIPTION -Starts a new subprocess that is detached from any Kerberos ticket -cache and AFS tokens. Without -.Nm command -a new shell is started. -.Sh ENVIRONMENT -.Bl -tag -width Fl -.It Ev $SHELL -Default shell. -.El diff --git a/crypto/kerberosIV/man/rcp.1 b/crypto/kerberosIV/man/rcp.1 deleted file mode 100644 index cc5efd0c7b4f..000000000000 --- a/crypto/kerberosIV/man/rcp.1 +++ /dev/null @@ -1,161 +0,0 @@ -.\" $NetBSD: rcp.1,v 1.5 1995/03/21 08:19:04 cgd Exp $ -.\" -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rcp.1 8.1 (Berkeley) 5/31/93 -.\" -.Dd May 31, 1993 -.Dt RCP 1 -.Os BSD 4.3r -.Sh NAME -.Nm rcp -.Nd remote file copy -.Sh SYNOPSIS -.Nm rcp -.Op Fl Kpx -.Op Fl k Ar realm -.Ar file1 file2 -.Nm rcp -.Op Fl Kprx -.Op Fl k Ar realm -.Ar file ... -.Ar directory -.Sh DESCRIPTION -.Nm Rcp -copies files between machines. Each -.Ar file -or -.Ar directory -argument is either a remote file name of the -form ``rname@rhost:path'', or a local file name (containing no `:' characters, -or a `/' before any `:'s). -.Pp -.Bl -tag -width flag -.It Fl K -The -.Fl K -option turns off all Kerberos authentication. -.It Fl k -The -.Fl k -option requests -.Nm rcp -to obtain tickets -for the remote host in realm -.Ar realm -instead of the remote host's realm as determined by -.Xr krb_realmofhost 3 . -.It Fl p -The -.Fl p -option causes -.Nm rcp -to attempt to preserve (duplicate) in its copies the modification -times and modes of the source files, ignoring the -.Ar umask . -By default, the mode and owner of -.Ar file2 -are preserved if it already existed; otherwise the mode of the source file -modified by the -.Xr umask 2 -on the destination host is used. -.It Fl r -If any of the source files are directories, -.Nm rcp -copies each subtree rooted at that name; in this case -the destination must be a directory. -.It Fl x -The -.Fl x -option turns on -.Tn DES -encryption for all data passed by -.Nm rcp . -This may impact response time and -.Tn CPU -utilization, but provides -increased security. -.El -.Pp -If -.Ar path -is not a full path name, it is interpreted relative to -the login directory of the specified user -.Ar ruser -on -.Ar rhost , -or your current user name if no other remote user name is specified. -A -.Ar path -on a remote host may be quoted (using \e, ", or \(aa) -so that the metacharacters are interpreted remotely. -.Pp -.Nm Rcp -does not prompt for passwords; it performs remote execution -via -.Xr rsh 1 , -and requires the same authorization. -.Pp -.Nm Rcp -handles third party copies, where neither source nor target files -are on the current machine. -.Sh SEE ALSO -.Xr cp 1 , -.Xr ftp 1 , -.Xr rsh 1 , -.Xr rlogin 1 -.Sh HISTORY -The -.Nm rcp -command appeared in -.Bx 4.2 . -The version of -.Nm rcp -described here -has been reimplemented with Kerberos in -.Bx 4.3 Reno . -.Sh BUGS -Doesn't detect all cases where the target of a copy might -be a file in cases where only a directory should be legal. -.Pp -Is confused by any output generated by commands in a -.Pa \&.login , -.Pa \&.profile , -or -.Pa \&.cshrc -file on the remote host. -.Pp -The destination user and hostname may have to be specified as -``rhost.rname'' when the destination machine is running the -.Bx 4.2 -version of -.Nm rcp . diff --git a/crypto/kerberosIV/man/rlogin.1 b/crypto/kerberosIV/man/rlogin.1 deleted file mode 100644 index 3e1fd8d06e37..000000000000 --- a/crypto/kerberosIV/man/rlogin.1 +++ /dev/null @@ -1,190 +0,0 @@ -.\" $NetBSD: rlogin.1,v 1.3 1995/03/21 07:58:37 cgd Exp $ -.\" -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rlogin.1 8.1 (Berkeley) 6/6/93 -.\" -.Dd June 6, 1993 -.Dt RLOGIN 1 -.Os BSD 4.2 -.Sh NAME -.Nm rlogin -.Nd remote login -.Sh SYNOPSIS -.Ar rlogin -.Op Fl 8EKLdx -.Op Fl e Ar char -.Op Fl k Ar realm -.Op Fl l Ar username -.Op Fl p Ar portnumber -.Ar host -.Sh DESCRIPTION -.Nm Rlogin -starts a terminal session on a remote host -.Ar host . -.Pp -.Nm Rlogin -first attempts to use the Kerberos authorization mechanism, described below. -If the remote host does not supporting Kerberos the standard Berkeley -.Pa rhosts -authorization mechanism is used. -The options are as follows: -.Bl -tag -width flag -.It Fl 8 -The -.Fl 8 -option allows an eight-bit input data path at all times; otherwise -parity bits are stripped except when the remote side's stop and start -characters are other than -^S/^Q . -.It Fl E -The -.Fl E -option stops any character from being recognized as an escape character. -When used with the -.Fl 8 -option, this provides a completely transparent connection. -.It Fl K -The -.Fl K -option turns off all Kerberos authentication. -.It Fl L -The -.Fl L -option allows the rlogin session to be run in ``litout'' (see -.Xr tty 4 ) -mode. -.It Fl d -The -.Fl d -option turns on socket debugging (see -.Xr setsockopt 2 ) -on the TCP sockets used for communication with the remote host. -.It Fl e -The -.Fl e -option allows user specification of the escape character, which is -``~'' by default. -This specification may be as a literal character, or as an octal -value in the form \ennn. -.It Fl k -The -.FL k -option requests rlogin to obtain tickets for the remote host -in realm -.Ar realm -instead of the remote host's realm as determined by -.Xr krb_realmofhost 3 . -.It Fl x -The -.Fl x -option turns on -.Tn DES -encryption for all data passed via the -rlogin session. -This may impact response time and -.Tn CPU -utilization, but provides -increased security. -.It Fl D -Use the TCP nodelay option (see setsockopt(2)). -.It Fl p portnumber -Specifies the port number to connect to on the remote host. -.El -.Pp -A line of the form ``<escape char>.'' disconnects from the remote host. -Similarly, the line ``<escape char>^Z'' will suspend the -.Nm rlogin -session, and ``<escape char><delayed-suspend char>'' suspends the -send portion of the rlogin, but allows output from the remote system. -By default, the tilde (``~'') character is the escape character, and -normally control-Y (``^Y'') is the delayed-suspend character. -.Pp -All echoing takes place at the remote site, so that (except for delays) -the -.Nm rlogin -is transparent. -Flow control via ^S/^Q and flushing of input and output on interrupts -are handled properly. -.Sh KERBEROS AUTHENTICATION -Each user may have a private authorization list in the file -.Pa .klogin -in their home directory. -Each line in this file should contain a Kerberos principal name of the -form -.Ar principal.instance@realm . -If the originating user is authenticated to one of the principals named -in -.Pa .klogin , -access is granted to the account. -The principal -.Ar accountname.@localrealm -is granted access if -there is no -.Pa .klogin -file. -Otherwise a login and password will be prompted for on the remote machine -as in -.Xr login 1 . -To avoid certain security problems, the -.Pa .klogin -file must be owned by -the remote user. -.Pp -If Kerberos authentication fails, a warning message is printed and the -standard Berkeley -.Nm rlogin -is used instead. -.Sh ENVIRONMENT -The following environment variable is utilized by -.Nm rlogin : -.Bl -tag -width TERM -.It Ev TERM -Determines the user's terminal type. -.El -.Sh SEE ALSO -.Xr rsh 1 , -.Xr kerberos 3 , -.Xr krb_sendauth 3 , -.Xr krb_realmofhost 3 -.Sh HISTORY -The -.Nm rlogin -command appeared in -.Bx 4.2 . -.Sh BUGS -.Nm Rlogin -will be replaced by -.Xr telnet 1 -in the near future. -.Pp -More of the environment should be propagated. diff --git a/crypto/kerberosIV/man/rlogind.8 b/crypto/kerberosIV/man/rlogind.8 deleted file mode 100644 index bc99529b81a0..000000000000 --- a/crypto/kerberosIV/man/rlogind.8 +++ /dev/null @@ -1,178 +0,0 @@ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rlogind.8 8.1 (Berkeley) 6/4/93 -.\" -.Dd August 25, 1996 -.Dt RLOGIND 8 -.Os BSD 4.2 -.Sh NAME -.Nm rlogind -.Nd remote login server -.Sh SYNOPSIS -.Nm rlogind -.Op Fl ailnkvxD -.Op Fl p Ar portnumber -.Op Fl L Ar /bin/login -.Sh DESCRIPTION -.Nm Rlogind -is the server for the -.Xr rlogin 1 -program. The server provides a remote login facility with -kerberos-based authentication or traditional pseudo-authentication with -privileged port numbers from trusted hosts. -.Pp -Options supported by -.Nm rlogind : -.Bl -tag -width Ds -.It Fl a -No-op. For backwards compatibility. Hostnames are always verified. -.It Fl l -Prevent any authentication based on the user's -.Dq Pa .rhosts -file, unless the user is logging in as the superuser. -.It Fl n -Disable keep-alive messages. -.It Fl k -Enable kerberos authentication. -.It Fl i -Do not expect to be spawned by inetd and create a socket and listen on -it yourself. -.It Fl p portnumber -Specifies the port number it should listen on in case the -.It Fl i -flag has been given. -.It Fl v -Vacuous, echo "Remote host requires Kerberos authentication" and exit. -.It Fl x -Provides an encrypted communications channel. This options requires the -.Fl k -flag. -.It Fl L pathname -Specify pathname to an alternative login program. -.It Fl D -Use the TCP nodelay option (see setsockopt(2)). -.El -.Pp -When a service request is received, -.Nm rlogind -verifies the kerberos ticket supplied by the user. -.Pp -For non-kerberised connections, the following protocol is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server -aborts the connection. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -The addresses for the hostname are requested, -verifying that the name and address correspond. -Normal authentication is bypassed if the address verification fails. -.El -.Pp -Once the source port and address have been checked, -.Nm rlogind -proceeds with the authentication process described in -.Xr rshd 8 . -.Pp -It then allocates a pseudo terminal (see -.Xr pty 4 ) , -and manipulates file descriptors so that the slave -half of the pseudo terminal becomes the -.Em stdin , -.Em stdout , -and -.Em stderr -for a login process. -The login process is an instance of the -.Xr login 1 -program, invoked with the -.Fl f -option if authentication has succeeded. -If automatic authentication fails, the user is -prompted to log in as if on a standard terminal line. -.Pp -The parent of the login process manipulates the master side of -the pseudo terminal, operating as an intermediary -between the login process and the client instance of the -.Xr rlogin -program. In normal operation, the packet protocol described -in -.Xr pty 4 -is invoked to provide -.Ql ^S/^Q -type facilities and propagate -interrupt signals to the remote programs. The login process -propagates the client terminal's baud rate and terminal type, -as found in the environment variable, -.Ql Ev TERM ; -see -.Xr environ 7 . -The screen or window size of the terminal is requested from the client, -and window size changes from the client are propagated to the pseudo terminal. -.Pp -Transport-level keepalive messages are enabled unless the -.Fl n -option is present. -The use of keepalive messages allows sessions to be timed out -if the client crashes or becomes unreachable. -.Sh DIAGNOSTICS -All initial diagnostic messages are indicated -by a leading byte with a value of 1, -after which any network connections are closed. -If there are no errors before -.Xr login -is invoked, a null byte is returned as in indication of success. -.Bl -tag -width Ds -.It Sy Try again. -A -.Xr fork -by the server failed. -.El -.Sh SEE ALSO -.Xr login 1 , -.Xr ruserok 3 , -.Xr rshd 8 -.Sh BUGS -A more extensible protocol should be used. -.Sh HISTORY -The -.Nm -command appeared in -.Bx 4.2 . diff --git a/crypto/kerberosIV/man/rsh.1 b/crypto/kerberosIV/man/rsh.1 deleted file mode 100644 index 5d79faf87feb..000000000000 --- a/crypto/kerberosIV/man/rsh.1 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Copyright (c) 1983, 1990 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" from: @(#)rsh.1 6.10 (Berkeley) 7/24/91 -.\" $Id: rsh.1,v 1.1.1.1 1995/10/23 11:20:27 d91-jda Exp $ -.\" -.Dd July 24, 1991 -.Dt RSH 1 -.Os BSD 4.2 -.Sh NAME -.Nm rsh -.Nd remote shell -.Sh SYNOPSIS -.Nm rsh -.Op Fl Kdnx -.Op Fl k Ar realm -.Op Fl l Ar username -.Ar host -.Op command -.Sh DESCRIPTION -.Nm Rsh -executes -.Ar command -on -.Ar host . -.Pp -.Nm Rsh -copies its standard input to the remote command, the standard -output of the remote command to its standard output, and the -standard error of the remote command to its standard error. -Interrupt, quit and terminate signals are propagated to the remote -command; -.Nm rsh -normally terminates when the remote command does. -The options are as follows: -.Bl -tag -width flag -.It Fl K -The -.Fl K -option turns off all Kerberos authentication. -.It Fl d -The -.Fl d -option turns on socket debugging (using -.Xr setsockopt 2 ) -on the -.Tn TCP -sockets used for communication with the remote host. -.It Fl k -The -.Fl k -option causes -.Nm rsh -to obtain tickets for the remote host in -.Ar realm -instead of the remote host's realm as determined by -.Xr krb_realmofhost 3 . -.It Fl l -By default, the remote username is the same as the local username. -The -.Fl l -option allows the remote name to be specified. -Kerberos authentication is used, and authorization is determined -as in -.Xr rlogin 1 . -.It Fl n -The -.Fl n -option redirects input from the special device -.Pa /dev/null -(see the -.Sx BUGS -section of this manual page). -.It Fl x -The -.Fl x -option turns on -.Tn DES -encryption for all data exchange. -This may introduce a significant delay in response time. -.El -.Pp -If no -.Ar command -is specified, you will be logged in on the remote host using -.Xr rlogin 1 . -.Pp -Shell metacharacters which are not quoted are interpreted on local machine, -while quoted metacharacters are interpreted on the remote machine. -For example, the command -.Pp -.Dl rsh otherhost cat remotefile >> localfile -.Pp -appends the remote file -.Ar remotefile -to the local file -.Ar localfile , -while -.Pp -.Dl rsh otherhost cat remotefile \&">>\&" other_remotefile -.Pp -appends -.Ar remotefile -to -.Ar other_remotefile . -.\" .Pp -.\" Many sites specify a large number of host names as commands in the -.\" directory /usr/hosts. -.\" If this directory is included in your search path, you can use the -.\" shorthand ``host command'' for the longer form ``rsh host command''. -.Sh FILES -.Bl -tag -width /etc/hosts -compact -.It Pa /etc/hosts -.El -.Sh SEE ALSO -.Xr rlogin 1 , -.Xr kerberos 3 , -.Xr krb_sendauth 3 , -.Xr krb_realmofhost 3 -.Sh HISTORY -The -.Nm rsh -command appeared in -.Bx 4.2 . -.Sh BUGS -If you are using -.Xr csh 1 -and put a -.Nm rsh -in the background without redirecting its input away from the terminal, -it will block even if no reads are posted by the remote command. -If no input is desired you should redirect the input of -.Nm rsh -to -.Pa /dev/null -using the -.Fl n -option. -.Pp -You cannot run an interactive command -(like -.Xr rogue 6 -or -.Xr vi 1 ) -using -.Nm rsh ; -use -.Xr rlogin 1 -instead. -.Pp -Stop signals stop the local -.Nm rsh -process only; this is arguably wrong, but currently hard to fix for reasons -too complicated to explain here. diff --git a/crypto/kerberosIV/man/rshd.8 b/crypto/kerberosIV/man/rshd.8 deleted file mode 100644 index 8bd661f1527f..000000000000 --- a/crypto/kerberosIV/man/rshd.8 +++ /dev/null @@ -1,221 +0,0 @@ -.\" Copyright (c) 1983, 1989, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)rshd.8 8.1 (Berkeley) 6/4/93 -.\" -.Dd August 25, 1996 -.Dt RSHD 8 -.Os BSD 4.2 -.Sh NAME -.Nm rshd -.Nd remote shell server -.Sh SYNOPSIS -.Nm rshd -.Op Fl ailnkvxLP -.Op Fl p Ar portnumber -.Sh DESCRIPTION -The -.Nm rshd -server -is the server for the -.Xr rcmd 3 -routine and, consequently, for the -.Xr rsh 1 -program. The server provides remote execution facilities with -kerberos-based authentication or traditional pseudo-authentication -with privileged port numbers from trusted hosts. -.Pp -The -.Nm rshd -server -listens for service requests at the port indicated in -the ``cmd'' service specification; see -.Xr services 5 . -When a service request is received -.Nm rshd -verifies the kerberos ticket supplied by the user. -.Pp -For non-kerberised connections, the following protocol is initiated: -.Bl -enum -.It -The server checks the client's source port. -If the port is not in the range 512-1023, the server -aborts the connection. -.It -The server reads characters from the socket up -to a null (`\e0') byte. The resultant string is -interpreted as an -.Tn ASCII -number, base 10. -.It -If the number received in step 2 is non-zero, -it is interpreted as the port number of a secondary -stream to be used for the -.Em stderr . -A second connection is then created to the specified -port on the client's machine. The source port of this -second connection is also in the range 512-1023. -.It -The server checks the client's source address -and requests the corresponding host name (see -.Xr gethostbyaddr 3 , -.Xr hosts 5 -and -.Xr named 8 ) . -If the hostname cannot be determined, -the dot-notation representation of the host address is used. -The addresses for the hostname are requested, -verifying that the name and address correspond. -If address verification fails, the connection is aborted -with the message, ``Host address mismatch.'' -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as the user identity on the -.Em client Ns 's -machine. -.It -A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name -is interpreted as a user identity to use on the -.Sy server Ns 's -machine. -.It -A null terminated command to be passed to a -shell is retrieved on the initial socket. The length of -the command is limited by the upper bound on the size of -the system's argument list. -.It -.Nm Rshd -then validates the user using -.Xr ruserok 3 , -which uses the file -.Pa /etc/hosts.equiv -and the -.Pa .rhosts -file found in the user's home directory. The -.Fl l -option prevents -.Xr ruserok 3 -from doing any validation based on the user's ``.rhosts'' file, -unless the user is the superuser. -.It -If the file -.Pa /etc/nologin -exists and the user is not the superuser, -the connection is closed. -.It -A null byte is returned on the initial socket -and the command line is passed to the normal login -shell of the user. The -shell inherits the network connections established -by -.Nm rshd . -.El -.Pp -Transport-level keepalive messages are enabled unless the -.Fl n -option is present. -The use of keepalive messages allows sessions to be timed out -if the client crashes or becomes unreachable. -.Pp -The -.Fl L -option causes all successful accesses to be logged to -.Xr syslogd 8 -as -.Li auth.info -messages. -.Bl -tag -width Ds -.It Fl k -Enable kerberos authentication. -.It Fl i -Do not expect to be spawned by inetd and create a socket and listen on -it yourself. -.It Fl p portnumber -Specifies the port number it should listen on in case the -.It Fl i -flag has been given. -.It Fl v -Vacuous, echo "Remote host requires Kerberos authentication" and exit. -.It Fl x -Provides an encrypted communications channel. This option requires the -.Fl k -flag. -.It Fl P -AFS only! Doesn't put the remote proccess in a new PAG. -.El -.Sh DIAGNOSTICS -Except for the last one listed below, -all diagnostic messages -are returned on the initial socket, -after which any network connections are closed. -An error is indicated by a leading byte with a value of -1 (0 is returned in step 10 above upon successful completion -of all the steps prior to the execution of the login shell). -.Bl -tag -width indent -.It Sy Locuser too long. -The name of the user on the client's machine is -longer than 16 characters. -.It Sy Ruser too long. -The name of the user on the remote machine is -longer than 16 characters. -.It Sy Command too long . -The command line passed exceeds the size of the argument -list (as configured into the system). -.It Sy Login incorrect. -No password file entry for the user name existed. -.It Sy Remote directory. -The -.Xr chdir -command to the home directory failed. -.It Sy Permission denied. -The authentication procedure described above failed. -.It Sy Can't make pipe. -The pipe needed for the -.Em stderr , -wasn't created. -.It Sy Can't fork; try again. -A -.Xr fork -by the server failed. -.It Sy <shellname>: ... -The user's login shell could not be started. This message is returned -on the connection associated with the -.Em stderr , -and is not preceded by a flag byte. -.El -.Sh SEE ALSO -.Xr rsh 1 , -.Xr rcmd 3 , -.Xr ruserok 3 -.Sh BUGS -A more extensible protocol (such as Telnet) should be used. diff --git a/crypto/kerberosIV/man/su.1 b/crypto/kerberosIV/man/su.1 deleted file mode 100644 index 78d5c8d48304..000000000000 --- a/crypto/kerberosIV/man/su.1 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Copyright (c) 1988, 1990 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" from: @(#)su.1 6.12 (Berkeley) 7/29/91 -.\" $Id: su.1,v 1.3 1996/02/11 23:56:09 d91-jda Exp $ -.\" -.Dd July 29, 1991 -.Dt SU 1 -.Os -.Sh NAME -.Nm su -.Nd substitute user identity -.Sh SYNOPSIS -.Nm su -.Op Fl Kflmi -.Op Ar login Op Ar "shell arguments" -.Sh DESCRIPTION -.Nm Su -requests the Kerberos password for -.Ar login -(or for -.Dq Ar login Ns .root , -if no login is provided), and switches to -that user and group ID after obtaining a Kerberos ticket granting ticket. -A shell is then executed, and any additional -.Ar "shell arguments" -after the login name -are passed to the shell. -.Nm Su -will resort to the local password file to find the password for -.Ar login -if there is a Kerberos error. -If -.Nm su -is executed by root, no password is requested and a shell -with the appropriate user ID is executed; no additional Kerberos tickets -are obtained. -.Pp -Alternately, if the user enters the password "s/key", they will be -authenticated using the S/Key one-time password system as described in -.Xr skey 1 . -S/Key is a Trademark of Bellcore. -.Pp -By default, the environment is unmodified with the exception of -.Ev USER , -.Ev HOME , -and -.Ev SHELL . -.Ev HOME -and -.Ev SHELL -are set to the target login's default values. -.Ev USER -is set to the target login, unless the target login has a user ID of 0, -in which case it is unmodified. -The invoked shell is the target login's. -This is the traditional behavior of -.Nm su . -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl K -Do not attempt to use Kerberos to authenticate the user. -.It Fl f -If the invoked shell is -.Xr csh 1 , -this option prevents it from reading the -.Dq Pa .cshrc -file. -.It Fl l -Simulate a full login. -The environment is discarded except for -.Ev HOME , -.Ev SHELL , -.Ev PATH , -.Ev TERM , -and -.Ev USER . -.Ev HOME -and -.Ev SHELL -are modified as above. -.Ev USER -is set to the target login. -.Ev PATH -is set to -.Dq Pa /bin:/usr/bin . -.Ev TERM -is imported from your current environment. -The invoked shell is the target login's, and -.Nm su -will change directory to the target login's home directory. -.It Fl m -Leave the environment unmodified. -The invoked shell is your login shell, and no directory changes are made. -As a security precaution, if the target user's shell is a non-standard -shell (as defined by -.Xr getusershell 3 ) -and the caller's real uid is -non-zero, -.Nm su -will fail. -.It Fl i -If the kerberos root instance is not root any other value can be passed -using this switch. -.El -.Pp -The -.Fl l -and -.Fl m -options are mutually exclusive; the last one specified -overrides any previous ones. -.Pp -Only users mentioned in -.Dq Pa ~root/.klogin -(or in group 0 when not doing kerberos) can -.Nm su -to -.Dq root . -.Pp -By default (unless the prompt is reset by a startup file) the super-user -prompt is set to -.Dq Sy \&# -to remind one of its awesome power. -.Sh SEE ALSO -.Xr csh 1 , -.Xr login 1 , -.Xr sh 1 , -.Xr skey 1 , -.Xr kinit 1 , -.Xr kerberos 1 , -.Xr passwd 5 , -.Xr group 5 , -.Xr environ 7 -.Sh ENVIRONMENT -Environment variables used by -.Nm su : -.Bl -tag -width HOME -.It Ev HOME -Default home directory of real user ID unless modified as -specified above. -.It Ev PATH -Default search path of real user ID unless modified as specified above. -.It Ev TERM -Provides terminal type which may be retained for the substituted -user ID. -.It Ev USER -The user ID is always the effective ID (the target user ID) after an -.Nm su -unless the user ID is 0 (root). -.El -.Sh HISTORY -A -.Nm -command appeared in -.At v7 . -The version described -here is an adaptation of the -.Tn MIT -Athena Kerberos command. diff --git a/crypto/kerberosIV/man/telnet.1 b/crypto/kerberosIV/man/telnet.1 deleted file mode 100644 index 2b3198ec110a..000000000000 --- a/crypto/kerberosIV/man/telnet.1 +++ /dev/null @@ -1,1369 +0,0 @@ -.\" Copyright (c) 1983, 1990, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)telnet.1 8.6 (Berkeley) 6/1/94 -.\" -.Dd June 1, 1994 -.Dt TELNET 1 -.Os BSD 4.2 -.Sh NAME -.Nm telnet -.Nd user interface to the -.Tn TELNET -protocol -.Sh SYNOPSIS -.Nm telnet -.Op Fl 78EFKLacdfrx -.Op Fl S Ar tos -.Op Fl X Ar authtype -.Op Fl e Ar escapechar -.Op Fl k Ar realm -.Op Fl l Ar user -.Op Fl n Ar tracefile -.Oo -.Ar host -.Op port -.Oc -.Sh DESCRIPTION -The -.Nm telnet -command -is used to communicate with another host using the -.Tn TELNET -protocol. -If -.Nm telnet -is invoked without the -.Ar host -argument, it enters command mode, -indicated by its prompt -.Pq Nm telnet\&> . -In this mode, it accepts and executes the commands listed below. -If it is invoked with arguments, it performs an -.Ic open -command with those arguments. -.Pp -Options: -.Bl -tag -width indent -.It Fl 8 -Specifies an 8-bit data path. This causes an attempt to -negotiate the -.Dv TELNET BINARY -option on both input and output. -.It Fl 7 -Do not try to negotiate -.Dv TELNET BINARY -option. -.It Fl E -Stops any character from being recognized as an escape character. -.It Fl F -If Kerberos V5 authentication is being used, the -.Fl F -option allows the local credentials to be forwarded -to the remote system, including any credentials that -have already been forwarded into the local environment. -.It Fl K -Specifies no automatic login to the remote system. -.It Fl L -Specifies an 8-bit data path on output. This causes the -BINARY option to be negotiated on output. -.It Fl S Ar tos -Sets the IP type-of-service (TOS) option for the telnet -connection to the value -.Ar tos, -which can be a numeric TOS value -or, on systems that support it, a symbolic -TOS name found in the /etc/iptos file. -.It Fl X Ar atype -Disables the -.Ar atype -type of authentication. -.It Fl a -Attempt automatic login. -Currently, this sends the user name via the -.Ev USER -variable -of the -.Ev ENVIRON -option if supported by the remote system. -The name used is that of the current user as returned by -.Xr getlogin 2 -if it agrees with the current user ID, -otherwise it is the name associated with the user ID. -.It Fl c -Disables the reading of the user's -.Pa \&.telnetrc -file. (See the -.Ic toggle skiprc -command on this man page.) -.It Fl d -Sets the initial value of the -.Ic debug -toggle to -.Dv TRUE -.It Fl e Ar escape char -Sets the initial -.Nm -.Nm telnet -escape character to -.Ar escape char. -If -.Ar escape char -is omitted, then -there will be no escape character. -.It Fl f -If Kerberos V5 authentication is being used, the -.Fl f -option allows the local credentials to be forwarded to the remote system. -.ne 1i -.It Fl k Ar realm -If Kerberos authentication is being used, the -.Fl k -option requests that telnet obtain tickets for the remote host in -realm realm instead of the remote host's realm, as determined -by -.Xr krb_realmofhost 3 . -.It Fl l Ar user -When connecting to the remote system, if the remote system -understands the -.Ev ENVIRON -option, then -.Ar user -will be sent to the remote system as the value for the variable USER. -This option implies the -.Fl a -option. -This option may also be used with the -.Ic open -command. -.It Fl n Ar tracefile -Opens -.Ar tracefile -for recording trace information. -See the -.Ic set tracefile -command below. -.It Fl r -Specifies a user interface similar to -.Xr rlogin 1 . -In this -mode, the escape character is set to the tilde (~) character, -unless modified by the -e option. -.It Fl x -Turns on encryption of the data stream if possible. This is -currently the default and when it fails a warning is issued. -.It Ar host -Indicates the official name, an alias, or the Internet address -of a remote host. -.It Ar port -Indicates a port number (address of an application). If a number is -not specified, the default -.Nm telnet -port is used. -.El -.Pp -When in rlogin mode, a line of the form ~. disconnects from the -remote host; ~ is the telnet escape character. -Similarly, the line ~^Z suspends the telnet session. -The line ~^] escapes to the normal telnet escape prompt. -.Pp -Once a connection has been opened, -.Nm telnet -will attempt to enable the -.Dv TELNET LINEMODE -option. -If this fails, then -.Nm telnet -will revert to one of two input modes: -either \*(Lqcharacter at a time\*(Rq -or \*(Lqold line by line\*(Rq -depending on what the remote system supports. -.Pp -When -.Dv LINEMODE -is enabled, character processing is done on the -local system, under the control of the remote system. When input -editing or character echoing is to be disabled, the remote system -will relay that information. The remote system will also relay -changes to any special characters that happen on the remote -system, so that they can take effect on the local system. -.Pp -In \*(Lqcharacter at a time\*(Rq mode, most -text typed is immediately sent to the remote host for processing. -.Pp -In \*(Lqold line by line\*(Rq mode, all text is echoed locally, -and (normally) only completed lines are sent to the remote host. -The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used -to turn off and on the local echo -(this would mostly be used to enter passwords -without the password being echoed). -.Pp -If the -.Dv LINEMODE -option is enabled, or if the -.Ic localchars -toggle is -.Dv TRUE -(the default for \*(Lqold line by line\*(Lq; see below), -the user's -.Ic quit , -.Ic intr , -and -.Ic flush -characters are trapped locally, and sent as -.Tn TELNET -protocol sequences to the remote side. -If -.Dv LINEMODE -has ever been enabled, then the user's -.Ic susp -and -.Ic eof -are also sent as -.Tn TELNET -protocol sequences, -and -.Ic quit -is sent as a -.Dv TELNET ABORT -instead of -.Dv BREAK -There are options (see -.Ic toggle -.Ic autoflush -and -.Ic toggle -.Ic autosynch -below) -which cause this action to flush subsequent output to the terminal -(until the remote host acknowledges the -.Tn TELNET -sequence) and flush previous terminal input -(in the case of -.Ic quit -and -.Ic intr ) . -.Pp -While connected to a remote host, -.Nm telnet -command mode may be entered by typing the -.Nm telnet -\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq). -When in command mode, the normal terminal editing conventions are available. -.Pp -The following -.Nm telnet -commands are available. -Only enough of each command to uniquely identify it need be typed -(this is also true for arguments to the -.Ic mode , -.Ic set , -.Ic toggle , -.Ic unset , -.Ic slc , -.Ic environ , -and -.Ic display -commands). -.Pp -.Bl -tag -width "mode type" -.It Ic auth Ar argument ... -The auth command manipulates the information sent through the -.Dv TELNET AUTHENTICATE -option. Valid arguments for the -auth command are as follows: -.Bl -tag -width "disable type" -.It Ic disable Ar type -Disables the specified type of authentication. To -obtain a list of available types, use the -.Ic auth disable \&? -command. -.It Ic enable Ar type -Enables the specified type of authentication. To -obtain a list of available types, use the -.Ic auth enable \&? -command. -.It Ic status -Lists the current status of the various types of -authentication. -.El -.It Ic close -Close a -.Tn TELNET -session and return to command mode. -.It Ic display Ar argument ... -Displays all, or some, of the -.Ic set -and -.Ic toggle -values (see below). -.It Ic encrypt Ar argument ... -The encrypt command manipulates the information sent through the -.Dv TELNET ENCRYPT -option. -.Pp -Note: Because of export controls, the -.Dv TELNET ENCRYPT -option is not supported outside of the United States and Canada. -.Pp -Valid arguments for the encrypt command are as follows: -.Bl -tag -width Ar -.It Ic disable Ar type Ic [input|output] -Disables the specified type of encryption. If you -omit the input and output, both input and output -are disabled. To obtain a list of available -types, use the -.Ic encrypt disable \&? -command. -.It Ic enable Ar type Ic [input|output] -Enables the specified type of encryption. If you -omit input and output, both input and output are -enabled. To obtain a list of available types, use the -.Ic encrypt enable \&? -command. -.It Ic input -This is the same as the -.Ic encrypt start input -command. -.It Ic -input -This is the same as the -.Ic encrypt stop input -command. -.It Ic output -This is the same as the -.Ic encrypt start output -command. -.It Ic -output -This is the same as the -.Ic encrypt stop output -command. -.It Ic start Ic [input|output] -Attempts to start encryption. If you omit -.Ic input -and -.Ic output, -both input and output are enabled. To -obtain a list of available types, use the -.Ic encrypt enable \&? -command. -.It Ic status -Lists the current status of encryption. -.It Ic stop Ic [input|output] -Stops encryption. If you omit input and output, -encryption is on both input and output. -.It Ic type Ar type -Sets the default type of encryption to be used -with later -.Ic encrypt start -or -.Ic encrypt stop -commands. -.El -.It Ic environ Ar arguments... -The -.Ic environ -command is used to manipulate the -the variables that my be sent through the -.Dv TELNET ENVIRON -option. -The initial set of variables is taken from the users -environment, with only the -.Ev DISPLAY -and -.Ev PRINTER -variables being exported by default. -The -.Ev USER -variable is also exported if the -.Fl a -or -.Fl l -options are used. -.br -Valid arguments for the -.Ic environ -command are: -.Bl -tag -width Fl -.It Ic define Ar variable value -Define the variable -.Ar variable -to have a value of -.Ar value. -Any variables defined by this command are automatically exported. -The -.Ar value -may be enclosed in single or double quotes so -that tabs and spaces may be included. -.It Ic undefine Ar variable -Remove -.Ar variable -from the list of environment variables. -.It Ic export Ar variable -Mark the variable -.Ar variable -to be exported to the remote side. -.It Ic unexport Ar variable -Mark the variable -.Ar variable -to not be exported unless -explicitly asked for by the remote side. -.It Ic list -List the current set of environment variables. -Those marked with a -.Cm * -will be sent automatically, -other variables will only be sent if explicitly requested. -.It Ic \&? -Prints out help information for the -.Ic environ -command. -.El -.It Ic logout -Sends the -.Dv TELNET LOGOUT -option to the remote side. -This command is similar to a -.Ic close -command; however, if the remote side does not support the -.Dv LOGOUT -option, nothing happens. -If, however, the remote side does support the -.Dv LOGOUT -option, this command should cause the remote side to close the -.Tn TELNET -connection. -If the remote side also supports the concept of -suspending a user's session for later reattachment, -the logout argument indicates that you -should terminate the session immediately. -.It Ic mode Ar type -.Ar Type -is one of several options, depending on the state of the -.Tn TELNET -session. -The remote host is asked for permission to go into the requested mode. -If the remote host is capable of entering that mode, the requested -mode will be entered. -.Bl -tag -width Ar -.It Ic character -Disable the -.Dv TELNET LINEMODE -option, or, if the remote side does not understand the -.Dv LINEMODE -option, then enter \*(Lqcharacter at a time\*(Lq mode. -.It Ic line -Enable the -.Dv TELNET LINEMODE -option, or, if the remote side does not understand the -.Dv LINEMODE -option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode. -.It Ic isig Pq Ic \-isig -Attempt to enable (disable) the -.Dv TRAPSIG -mode of the -.Dv LINEMODE -option. -This requires that the -.Dv LINEMODE -option be enabled. -.It Ic edit Pq Ic \-edit -Attempt to enable (disable) the -.Dv EDIT -mode of the -.Dv LINEMODE -option. -This requires that the -.Dv LINEMODE -option be enabled. -.It Ic softtabs Pq Ic \-softtabs -Attempt to enable (disable) the -.Dv SOFT_TAB -mode of the -.Dv LINEMODE -option. -This requires that the -.Dv LINEMODE -option be enabled. -.ne 1i -.It Ic litecho Pq Ic \-litecho -Attempt to enable (disable) the -.Dv LIT_ECHO -mode of the -.Dv LINEMODE -option. -This requires that the -.Dv LINEMODE -option be enabled. -.It Ic \&? -Prints out help information for the -.Ic mode -command. -.El -.It Xo -.Ic open Ar host -.Oo Op Fl l -.Ar user -.Oc Ns Oo Fl -.Ar port Oc -.Xc -Open a connection to the named host. -If no port number -is specified, -.Nm telnet -will attempt to contact a -.Tn TELNET -server at the default port. -The host specification may be either a host name (see -.Xr hosts 5 ) -or an Internet address specified in the \*(Lqdot notation\*(Rq (see -.Xr inet 3 ) . -The -.Op Fl l -option may be used to specify the user name -to be passed to the remote system via the -.Ev ENVIRON -option. -When connecting to a non-standard port, -.Nm telnet -omits any automatic initiation of -.Tn TELNET -options. When the port number is preceded by a minus sign, -the initial option negotiation is done. -After establishing a connection, the file -.Pa \&.telnetrc -in the -users home directory is opened. Lines beginning with a # are -comment lines. Blank lines are ignored. Lines that begin -without white space are the start of a machine entry. The -first thing on the line is the name of the machine that is -being connected to. The rest of the line, and successive -lines that begin with white space are assumed to be -.Nm telnet -commands and are processed as if they had been typed -in manually to the -.Nm telnet -command prompt. -.It Ic quit -Close any open -.Tn TELNET -session and exit -.Nm telnet . -An end of file (in command mode) will also close a session and exit. -.It Ic send Ar arguments -Sends one or more special character sequences to the remote host. -The following are the arguments which may be specified -(more than one argument may be specified at a time): -.Pp -.Bl -tag -width escape -.It Ic abort -Sends the -.Dv TELNET ABORT -(Abort -processes) -sequence. -.It Ic ao -Sends the -.Dv TELNET AO -(Abort Output) sequence, which should cause the remote system to flush -all output -.Em from -the remote system -.Em to -the user's terminal. -.It Ic ayt -Sends the -.Dv TELNET AYT -(Are You There) -sequence, to which the remote system may or may not choose to respond. -.It Ic brk -Sends the -.Dv TELNET BRK -(Break) sequence, which may have significance to the remote -system. -.It Ic ec -Sends the -.Dv TELNET EC -(Erase Character) -sequence, which should cause the remote system to erase the last character -entered. -.It Ic el -Sends the -.Dv TELNET EL -(Erase Line) -sequence, which should cause the remote system to erase the line currently -being entered. -.It Ic eof -Sends the -.Dv TELNET EOF -(End Of File) -sequence. -.It Ic eor -Sends the -.Dv TELNET EOR -(End of Record) -sequence. -.It Ic escape -Sends the current -.Nm telnet -escape character (initially \*(Lq^\*(Rq). -.It Ic ga -Sends the -.Dv TELNET GA -(Go Ahead) -sequence, which likely has no significance to the remote system. -.It Ic getstatus -If the remote side supports the -.Dv TELNET STATUS -command, -.Ic getstatus -will send the subnegotiation to request that the server send -its current option status. -.ne 1i -.It Ic ip -Sends the -.Dv TELNET IP -(Interrupt Process) sequence, which should cause the remote -system to abort the currently running process. -.It Ic nop -Sends the -.Dv TELNET NOP -(No OPeration) -sequence. -.It Ic susp -Sends the -.Dv TELNET SUSP -(SUSPend process) -sequence. -.It Ic synch -Sends the -.Dv TELNET SYNCH -sequence. -This sequence causes the remote system to discard all previously typed -(but not yet read) input. -This sequence is sent as -.Tn TCP -urgent -data (and may not work if the remote system is a -.Bx 4.2 -system -- if -it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal). -.It Ic do Ar cmd -.It Ic dont Ar cmd -.It Ic will Ar cmd -.It Ic wont Ar cmd -Sends the -.Dv TELNET DO -.Ar cmd -sequence. -.Ar Cmd -can be either a decimal number between 0 and 255, -or a symbolic name for a specific -.Dv TELNET -command. -.Ar Cmd -can also be either -.Ic help -or -.Ic \&? -to print out help information, including -a list of known symbolic names. -.It Ic \&? -Prints out help information for the -.Ic send -command. -.El -.It Ic set Ar argument value -.It Ic unset Ar argument value -The -.Ic set -command will set any one of a number of -.Nm telnet -variables to a specific value or to -.Dv TRUE . -The special value -.Ic off -turns off the function associated with -the variable, this is equivalent to using the -.Ic unset -command. -The -.Ic unset -command will disable or set to -.Dv FALSE -any of the specified functions. -The values of variables may be interrogated with the -.Ic display -command. -The variables which may be set or unset, but not toggled, are -listed here. In addition, any of the variables for the -.Ic toggle -command may be explicitly set or unset using -the -.Ic set -and -.Ic unset -commands. -.Bl -tag -width escape -.It Ic ayt -If -.Tn TELNET -is in localchars mode, or -.Dv LINEMODE -is enabled, and the status character is typed, a -.Dv TELNET AYT -sequence (see -.Ic send ayt -preceding) is sent to the -remote host. The initial value for the "Are You There" -character is the terminal's status character. -.It Ic echo -This is the value (initially \*(Lq^E\*(Rq) which, when in -\*(Lqline by line\*(Rq mode, toggles between doing local echoing -of entered characters (for normal processing), and suppressing -echoing of entered characters (for entering, say, a password). -.It Ic eof -If -.Nm telnet -is operating in -.Dv LINEMODE -or \*(Lqold line by line\*(Rq mode, entering this character -as the first character on a line will cause this character to be -sent to the remote system. -The initial value of the eof character is taken to be the terminal's -.Ic eof -character. -.It Ic erase -If -.Nm telnet -is in -.Ic localchars -mode (see -.Ic toggle -.Ic localchars -below), -.Sy and -if -.Nm telnet -is operating in \*(Lqcharacter at a time\*(Rq mode, then when this -character is typed, a -.Dv TELNET EC -sequence (see -.Ic send -.Ic ec -above) -is sent to the remote system. -The initial value for the erase character is taken to be -the terminal's -.Ic erase -character. -.It Ic escape -This is the -.Nm telnet -escape character (initially \*(Lq^[\*(Rq) which causes entry -into -.Nm telnet -command mode (when connected to a remote system). -.It Ic flushoutput -If -.Nm telnet -is in -.Ic localchars -mode (see -.Ic toggle -.Ic localchars -below) -and the -.Ic flushoutput -character is typed, a -.Dv TELNET AO -sequence (see -.Ic send -.Ic ao -above) -is sent to the remote host. -The initial value for the flush character is taken to be -the terminal's -.Ic flush -character. -.It Ic forw1 -.It Ic forw2 -If -.Tn TELNET -is operating in -.Dv LINEMODE , -these are the -characters that, when typed, cause partial lines to be -forwarded to the remote system. The initial value for -the forwarding characters are taken from the terminal's -eol and eol2 characters. -.It Ic interrupt -If -.Nm telnet -is in -.Ic localchars -mode (see -.Ic toggle -.Ic localchars -below) -and the -.Ic interrupt -character is typed, a -.Dv TELNET IP -sequence (see -.Ic send -.Ic ip -above) -is sent to the remote host. -The initial value for the interrupt character is taken to be -the terminal's -.Ic intr -character. -.It Ic kill -If -.Nm telnet -is in -.Ic localchars -mode (see -.Ic toggle -.Ic localchars -below), -.Ic and -if -.Nm telnet -is operating in \*(Lqcharacter at a time\*(Rq mode, then when this -character is typed, a -.Dv TELNET EL -sequence (see -.Ic send -.Ic el -above) -is sent to the remote system. -The initial value for the kill character is taken to be -the terminal's -.Ic kill -character. -.It Ic lnext -If -.Nm telnet -is operating in -.Dv LINEMODE -or \*(Lqold line by line\*(Lq mode, then this character is taken to -be the terminal's -.Ic lnext -character. -The initial value for the lnext character is taken to be -the terminal's -.Ic lnext -character. -.It Ic quit -If -.Nm telnet -is in -.Ic localchars -mode (see -.Ic toggle -.Ic localchars -below) -and the -.Ic quit -character is typed, a -.Dv TELNET BRK -sequence (see -.Ic send -.Ic brk -above) -is sent to the remote host. -The initial value for the quit character is taken to be -the terminal's -.Ic quit -character. -.It Ic reprint -If -.Nm telnet -is operating in -.Dv LINEMODE -or \*(Lqold line by line\*(Lq mode, then this character is taken to -be the terminal's -.Ic reprint -character. -The initial value for the reprint character is taken to be -the terminal's -.Ic reprint -character. -.It Ic rlogin -This is the rlogin escape character. -If set, the normal -.Tn TELNET -escape character is ignored unless it is -preceded by this character at the beginning of a line. -This character, at the beginning of a line followed by -a "." closes the connection; when followed by a ^Z it -suspends the telnet command. The initial state is to -disable the rlogin escape character. -.It Ic start -If the -.Dv TELNET TOGGLE-FLOW-CONTROL -option has been enabled, -then this character is taken to -be the terminal's -.Ic start -character. -The initial value for the kill character is taken to be -the terminal's -.Ic start -character. -.It Ic stop -If the -.Dv TELNET TOGGLE-FLOW-CONTROL -option has been enabled, -then this character is taken to -be the terminal's -.Ic stop -character. -The initial value for the kill character is taken to be -the terminal's -.Ic stop -character. -.It Ic susp -If -.Nm telnet -is in -.Ic localchars -mode, or -.Dv LINEMODE -is enabled, and the -.Ic suspend -character is typed, a -.Dv TELNET SUSP -sequence (see -.Ic send -.Ic susp -above) -is sent to the remote host. -The initial value for the suspend character is taken to be -the terminal's -.Ic suspend -character. -.ne 1i -.It Ic tracefile -This is the file to which the output, caused by -.Ic netdata -or -.Ic option -tracing being -.Dv TRUE , -will be written. If it is set to -.Dq Fl , -then tracing information will be written to standard output (the default). -.It Ic worderase -If -.Nm telnet -is operating in -.Dv LINEMODE -or \*(Lqold line by line\*(Lq mode, then this character is taken to -be the terminal's -.Ic worderase -character. -The initial value for the worderase character is taken to be -the terminal's -.Ic worderase -character. -.It Ic \&? -Displays the legal -.Ic set -.Pq Ic unset -commands. -.El -.It Ic slc Ar state -The -.Ic slc -command (Set Local Characters) is used to set -or change the state of the the special -characters when the -.Dv TELNET LINEMODE -option has -been enabled. Special characters are characters that get -mapped to -.Tn TELNET -commands sequences (like -.Ic ip -or -.Ic quit ) -or line editing characters (like -.Ic erase -and -.Ic kill ) . -By default, the local special characters are exported. -.Bl -tag -width Fl -.It Ic check -Verify the current settings for the current special characters. -The remote side is requested to send all the current special -character settings, and if there are any discrepancies with -the local side, the local side will switch to the remote value. -.It Ic export -Switch to the local defaults for the special characters. The -local default characters are those of the local terminal at -the time when -.Nm telnet -was started. -.It Ic import -Switch to the remote defaults for the special characters. -The remote default characters are those of the remote system -at the time when the -.Tn TELNET -connection was established. -.It Ic \&? -Prints out help information for the -.Ic slc -command. -.El -.It Ic status -Show the current status of -.Nm telnet . -This includes the peer one is connected to, as well -as the current mode. -.It Ic toggle Ar arguments ... -Toggle (between -.Dv TRUE -and -.Dv FALSE ) -various flags that control how -.Nm telnet -responds to events. -These flags may be set explicitly to -.Dv TRUE -or -.Dv FALSE -using the -.Ic set -and -.Ic unset -commands listed above. -More than one argument may be specified. -The state of these flags may be interrogated with the -.Ic display -command. -Valid arguments are: -.Bl -tag -width Ar -.It Ic authdebug -Turns on debugging information for the authentication code. -.It Ic autoflush -If -.Ic autoflush -and -.Ic localchars -are both -.Dv TRUE , -then when the -.Ic ao , -or -.Ic quit -characters are recognized (and transformed into -.Tn TELNET -sequences; see -.Ic set -above for details), -.Nm telnet -refuses to display any data on the user's terminal -until the remote system acknowledges (via a -.Dv TELNET TIMING MARK -option) -that it has processed those -.Tn TELNET -sequences. -The initial value for this toggle is -.Dv TRUE -if the terminal user had not -done an "stty noflsh", otherwise -.Dv FALSE -(see -.Xr stty 1 ) . -.It Ic autodecrypt -When the -.Dv TELNET ENCRYPT -option is negotiated, by -default the actual encryption (decryption) of the data -stream does not start automatically. The autoencrypt -(autodecrypt) command states that encryption of the -output (input) stream should be enabled as soon as -possible. -.sp -.Pp -Note: Because of export controls, the -.Dv TELNET ENCRYPT -option is not supported outside the United States and Canada. -.It Ic autologin -If the remote side supports the -.Dv TELNET AUTHENTICATION -option -.Tn TELNET -attempts to use it to perform automatic authentication. If the -.Dv AUTHENTICATION -option is not supported, the user's login -name are propagated through the -.Dv TELNET ENVIRON -option. -This command is the same as specifying -.Ar a -option on the -.Ic open -command. -.It Ic autosynch -If -.Ic autosynch -and -.Ic localchars -are both -.Dv TRUE , -then when either the -.Ic intr -or -.Ic quit -characters is typed (see -.Ic set -above for descriptions of the -.Ic intr -and -.Ic quit -characters), the resulting -.Tn TELNET -sequence sent is followed by the -.Dv TELNET SYNCH -sequence. -This procedure -.Ic should -cause the remote system to begin throwing away all previously -typed input until both of the -.Tn TELNET -sequences have been read and acted upon. -The initial value of this toggle is -.Dv FALSE . -.It Ic binary -Enable or disable the -.Dv TELNET BINARY -option on both input and output. -.It Ic inbinary -Enable or disable the -.Dv TELNET BINARY -option on input. -.It Ic outbinary -Enable or disable the -.Dv TELNET BINARY -option on output. -.It Ic crlf -If this is -.Dv TRUE , -then carriage returns will be sent as -.Li <CR><LF> . -If this is -.Dv FALSE , -then carriage returns will be send as -.Li <CR><NUL> . -The initial value for this toggle is -.Dv FALSE . -.It Ic crmod -Toggle carriage return mode. -When this mode is enabled, most carriage return characters received from -the remote host will be mapped into a carriage return followed by -a line feed. -This mode does not affect those characters typed by the user, only -those received from the remote host. -This mode is not very useful unless the remote host -only sends carriage return, but never line feed. -The initial value for this toggle is -.Dv FALSE . -.It Ic debug -Toggles socket level debugging (useful only to the -.Ic super user ) . -The initial value for this toggle is -.Dv FALSE . -.It Ic encdebug -Turns on debugging information for the encryption code. -.It Ic localchars -If this is -.Dv TRUE , -then the -.Ic flush , -.Ic interrupt , -.Ic quit , -.Ic erase , -and -.Ic kill -characters (see -.Ic set -above) are recognized locally, and transformed into (hopefully) appropriate -.Tn TELNET -control sequences -(respectively -.Ic ao , -.Ic ip , -.Ic brk , -.Ic ec , -and -.Ic el ; -see -.Ic send -above). -The initial value for this toggle is -.Dv TRUE -in \*(Lqold line by line\*(Rq mode, -and -.Dv FALSE -in \*(Lqcharacter at a time\*(Rq mode. -When the -.Dv LINEMODE -option is enabled, the value of -.Ic localchars -is ignored, and assumed to always be -.Dv TRUE . -If -.Dv LINEMODE -has ever been enabled, then -.Ic quit -is sent as -.Ic abort , -and -.Ic eof and -.B suspend -are sent as -.Ic eof and -.Ic susp , -see -.Ic send -above). -.It Ic netdata -Toggles the display of all network data (in hexadecimal format). -The initial value for this toggle is -.Dv FALSE . -.It Ic options -Toggles the display of some internal -.Nm telnet -protocol processing (having to do with -.Tn TELNET -options). -The initial value for this toggle is -.Dv FALSE . -.ne 1i -.It Ic prettydump -When the -.Ic netdata -toggle is enabled, if -.Ic prettydump -is enabled the output from the -.Ic netdata -command will be formatted in a more user readable format. -Spaces are put between each character in the output, and the -beginning of any -.Tn TELNET -escape sequence is preceded by a '*' to aid in locating them. -.It Ic skiprc -When the skiprc toggle is -.Dv TRUE , -.Tn TELNET -skips the reading of the -.Pa \&.telnetrc -file in the users home -directory when connections are opened. The initial -value for this toggle is -.Dv FALSE. -.It Ic termdata -Toggles the display of all terminal data (in hexadecimal format). -The initial value for this toggle is -.Dv FALSE . -.It Ic verbose_encrypt -When the -.Ic verbose_encrypt -toggle is -.Dv TRUE , -.Tn TELNET -prints out a message each time encryption is enabled or -disabled. The initial value for this toggle is -.Dv FALSE. -Note: Because of export controls, data encryption -is not supported outside of the United States and Canada. -.It Ic \&? -Displays the legal -.Ic toggle -commands. -.El -.It Ic z -Suspend -.Nm telnet . -This command only works when the user is using the -.Xr csh 1 . -.It Ic \&! Op Ar command -Execute a single command in a subshell on the local -system. If -.Ic command -is omitted, then an interactive -subshell is invoked. -.It Ic \&? Op Ar command -Get help. With no arguments, -.Nm telnet -prints a help summary. -If a command is specified, -.Nm telnet -will print the help information for just that command. -.El -.Sh ENVIRONMENT -.Nm Telnet -uses at least the -.Ev HOME , -.Ev SHELL , -.Ev DISPLAY , -and -.Ev TERM -environment variables. -Other environment variables may be propagated -to the other side via the -.Dv TELNET ENVIRON -option. -.Sh FILES -.Bl -tag -width ~/.telnetrc -compact -.It Pa ~/.telnetrc -user customized telnet startup values -.El -.Sh HISTORY -The -.Nm Telnet -command appeared in -.Bx 4.2 . -.Sh NOTES -.Pp -On some remote systems, echo has to be turned off manually when in -\*(Lqold line by line\*(Rq mode. -.Pp -In \*(Lqold line by line\*(Rq mode or -.Dv LINEMODE -the terminal's -.Ic eof -character is only recognized (and sent to the remote system) -when it is the first character on a line. diff --git a/crypto/kerberosIV/man/telnetd.8 b/crypto/kerberosIV/man/telnetd.8 deleted file mode 100644 index b26d8ddf1619..000000000000 --- a/crypto/kerberosIV/man/telnetd.8 +++ /dev/null @@ -1,527 +0,0 @@ -.\" Copyright (c) 1983, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 -.\" -.Dd June 1, 1994 -.Dt TELNETD 8 -.Os BSD 4.2 -.Sh NAME -.Nm telnetd -.Nd DARPA -.Tn TELNET -protocol server -.Sh SYNOPSIS -.Nm telnetd -.Op Fl BUhkln -.Op Fl D Ar debugmode -.Op Fl S Ar tos -.Op Fl X Ar authtype -.Op Fl a Ar authmode -.Op Fl r Ns Ar lowpty-highpty -.Op Fl u Ar len -.Op Fl debug -.Op Fl L Ar /bin/login -.Op Ar port -.Sh DESCRIPTION -The -.Nm telnetd -command is a server which supports the -.Tn DARPA -standard -.Tn TELNET -virtual terminal protocol. -.Nm Telnetd -is normally invoked by the internet server (see -.Xr inetd 8 ) -for requests to connect to the -.Tn TELNET -port as indicated by the -.Pa /etc/services -file (see -.Xr services 5 ) . -The -.Fl debug -option may be used to start up -.Nm telnetd -manually, instead of through -.Xr inetd 8 . -If started up this way, -.Ar port -may be specified to run -.Nm telnetd -on an alternate -.Tn TCP -port number. -.Pp -The -.Nm telnetd -command accepts the following options: -.Bl -tag -width "-a authmode" -.It Fl a Ar authmode -This option may be used for specifying what mode should -be used for authentication. -Note that this option is only useful if -.Nm telnetd -has been compiled with support for the -.Dv AUTHENTICATION -option. -There are several valid values for -.Ar authmode: -.Bl -tag -width debug -.It debug -Turns on authentication debugging code. -.It user -Only allow connections when the remote user -can provide valid authentication information -to identify the remote user, -and is allowed access to the specified account -without providing a password. -.It valid -Only allow connections when the remote user -can provide valid authentication information -to identify the remote user. -The -.Xr login 1 -command will provide any additional user verification -needed if the remote user is not allowed automatic -access to the specified account. -.It other -Only allow connections that supply some authentication information. -This option is currently not supported -by any of the existing authentication mechanisms, -and is thus the same as specifying -.Fl a -.Cm valid . -.It otp -Only allow authenticated connections (as with -.Fl a -.Cm user ) -and also logins with one-time passwords (OTPs). This option will call -login with an option so that only OTPs are accepted. The user can of -course still type secret information at the prompt. -.It none -This is the default state. -Authentication information is not required. -If no or insufficient authentication information -is provided, then the -.Xr login 1 -program will provide the necessary user -verification. -.It off -This disables the authentication code. -All user verification will happen through the -.Xr login 1 -program. -.El -.It Fl B -Ignored. -.It Fl D Ar debugmode -This option may be used for debugging purposes. -This allows -.Nm telnetd -to print out debugging information -to the connection, allowing the user to see what -.Nm telnetd -is doing. -There are several possible values for -.Ar debugmode: -.Bl -tag -width exercise -.It Cm options -Prints information about the negotiation of -.Tn TELNET -options. -.It Cm report -Prints the -.Cm options -information, plus some additional information -about what processing is going on. -.It Cm netdata -Displays the data stream received by -.Nm telnetd. -.It Cm ptydata -Displays data written to the pty. -.It Cm exercise -Has not been implemented yet. -.El -.It Fl h -Disables the printing of host-specific information before -login has been completed. -.It Fl k -.It Fl l -Ignored. -.It Fl n -Disable -.Dv TCP -keep-alives. Normally -.Nm telnetd -enables the -.Tn TCP -keep-alive mechanism to probe connections that -have been idle for some period of time to determine -if the client is still there, so that idle connections -from machines that have crashed or can no longer -be reached may be cleaned up. -.It Fl r Ar lowpty-highpty -This option is only enabled when -.Nm telnetd -is compiled for -.Dv UNICOS. -It specifies an inclusive range of pseudo-terminal devices to -use. If the system has sysconf variable -.Dv _SC_CRAY_NPTY -configured, the default pty search range is 0 to -.Dv _SC_CRAY_NPTY; -otherwise, the default range is 0 to 128. Either -.Ar lowpty -or -.Ar highpty -may be omitted to allow changing -either end of the search range. If -.Ar lowpty -is omitted, the - character is still required so that -.Nm telnetd -can differentiate -.Ar highpty -from -.Ar lowpty . -.It Fl S Ar tos -.It Fl u Ar len -This option is used to specify the size of the field -in the -.Dv utmp -structure that holds the remote host name. -If the resolved host name is longer than -.Ar len , -the dotted decimal value will be used instead. -This allows hosts with very long host names that -overflow this field to still be uniquely identified. -Specifying -.Fl u0 -indicates that only dotted decimal addresses -should be put into the -.Pa utmp -file. -.ne 1i -.It Fl U -This option causes -.Nm telnetd -to refuse connections from addresses that -cannot be mapped back into a symbolic name -via the -.Xr gethostbyaddr 3 -routine. -.It Fl X Ar authtype -This option is only valid if -.Nm telnetd -has been built with support for the authentication option. -It disables the use of -.Ar authtype -authentication, and -can be used to temporarily disable -a specific authentication type without having to recompile -.Nm telnetd . -.It Fl L pathname -Specify pathname to an alternative login program. -.El -.Pp -.Nm Telnetd -operates by allocating a pseudo-terminal device (see -.Xr pty 4 ) -for a client, then creating a login process which has -the slave side of the pseudo-terminal as -.Dv stdin , -.Dv stdout -and -.Dv stderr . -.Nm Telnetd -manipulates the master side of the pseudo-terminal, -implementing the -.Tn TELNET -protocol and passing characters -between the remote client and the login process. -.Pp -When a -.Tn TELNET -session is started up, -.Nm telnetd -sends -.Tn TELNET -options to the client side indicating -a willingness to do the -following -.Tn TELNET -options, which are described in more detail below: -.Bd -literal -offset indent -DO AUTHENTICATION -WILL ENCRYPT -DO TERMINAL TYPE -DO TSPEED -DO XDISPLOC -DO NEW-ENVIRON -DO ENVIRON -WILL SUPPRESS GO AHEAD -DO ECHO -DO LINEMODE -DO NAWS -WILL STATUS -DO LFLOW -DO TIMING-MARK -.Ed -.Pp -The pseudo-terminal allocated to the client is configured -to operate in \*(lqcooked\*(rq mode, and with -.Dv XTABS and -.Dv CRMOD -enabled (see -.Xr tty 4 ) . -.Pp -.Nm Telnetd -has support for enabling locally the following -.Tn TELNET -options: -.Bl -tag -width "DO AUTHENTICATION" -.It "WILL ECHO" -When the -.Dv LINEMODE -option is enabled, a -.Dv WILL ECHO -or -.Dv WONT ECHO -will be sent to the client to indicate the -current state of terminal echoing. -When terminal echo is not desired, a -.Dv WILL ECHO -is sent to indicate that -.Tn telnetd -will take care of echoing any data that needs to be -echoed to the terminal, and then nothing is echoed. -When terminal echo is desired, a -.Dv WONT ECHO -is sent to indicate that -.Tn telnetd -will not be doing any terminal echoing, so the -client should do any terminal echoing that is needed. -.It "WILL BINARY" -Indicates that the client is willing to send a -8 bits of data, rather than the normal 7 bits -of the Network Virtual Terminal. -.It "WILL SGA" -Indicates that it will not be sending -.Dv IAC GA, -go ahead, commands. -.It "WILL STATUS" -Indicates a willingness to send the client, upon -request, of the current status of all -.Tn TELNET -options. -.It "WILL TIMING-MARK" -Whenever a -.Dv DO TIMING-MARK -command is received, it is always responded -to with a -.Dv WILL TIMING-MARK -.ne 1i -.It "WILL LOGOUT" -When a -.Dv DO LOGOUT -is received, a -.Dv WILL LOGOUT -is sent in response, and the -.Tn TELNET -session is shut down. -.It "WILL ENCRYPT" -Only sent if -.Nm telnetd -is compiled with support for data encryption, and -indicates a willingness to decrypt -the data stream. -.El -.Pp -.Nm Telnetd -has support for enabling remotely the following -.Tn TELNET -options: -.Bl -tag -width "DO AUTHENTICATION" -.It "DO BINARY" -Sent to indicate that -.Tn telnetd -is willing to receive an 8 bit data stream. -.It "DO LFLOW" -Requests that the client handle flow control -characters remotely. -.It "DO ECHO" -This is not really supported, but is sent to identify a 4.2BSD -.Xr telnet 1 -client, which will improperly respond with -.Dv WILL ECHO. -If a -.Dv WILL ECHO -is received, a -.Dv DONT ECHO -will be sent in response. -.It "DO TERMINAL-TYPE" -Indicates a desire to be able to request the -name of the type of terminal that is attached -to the client side of the connection. -.It "DO SGA" -Indicates that it does not need to receive -.Dv IAC GA, -the go ahead command. -.It "DO NAWS" -Requests that the client inform the server when -the window (display) size changes. -.It "DO TERMINAL-SPEED" -Indicates a desire to be able to request information -about the speed of the serial line to which -the client is attached. -.It "DO XDISPLOC" -Indicates a desire to be able to request the name -of the X windows display that is associated with -the telnet client. -.It "DO NEW-ENVIRON" -Indicates a desire to be able to request environment -variable information, as described in RFC 1572. -.It "DO ENVIRON" -Indicates a desire to be able to request environment -variable information, as described in RFC 1408. -.It "DO LINEMODE" -Only sent if -.Nm telnetd -is compiled with support for linemode, and -requests that the client do line by line processing. -.It "DO TIMING-MARK" -Only sent if -.Nm telnetd -is compiled with support for both linemode and -kludge linemode, and the client responded with -.Dv WONT LINEMODE. -If the client responds with -.Dv WILL TM, -the it is assumed that the client supports -kludge linemode. -Note that the -.Op Fl k -option can be used to disable this. -.It "DO AUTHENTICATION" -Only sent if -.Nm telnetd -is compiled with support for authentication, and -indicates a willingness to receive authentication -information for automatic login. -.It "DO ENCRYPT" -Only sent if -.Nm telnetd -is compiled with support for data encryption, and -indicates a willingness to decrypt -the data stream. -.Sh ENVIRONMENT -.Sh FILES -.Pa /etc/services -.br -.Pa /etc/inittab -(UNICOS systems only) -.br -.Pa /etc/iptos -(if supported) -.br -.Sh "SEE ALSO" -.Xr telnet 1 , -.Xr login 1 -.Sh STANDARDS -.Bl -tag -compact -width RFC-1572 -.It Cm RFC-854 -.Tn TELNET -PROTOCOL SPECIFICATION -.It Cm RFC-855 -TELNET OPTION SPECIFICATIONS -.It Cm RFC-856 -TELNET BINARY TRANSMISSION -.It Cm RFC-857 -TELNET ECHO OPTION -.It Cm RFC-858 -TELNET SUPPRESS GO AHEAD OPTION -.It Cm RFC-859 -TELNET STATUS OPTION -.It Cm RFC-860 -TELNET TIMING MARK OPTION -.It Cm RFC-861 -TELNET EXTENDED OPTIONS - LIST OPTION -.It Cm RFC-885 -TELNET END OF RECORD OPTION -.It Cm RFC-1073 -Telnet Window Size Option -.It Cm RFC-1079 -Telnet Terminal Speed Option -.It Cm RFC-1091 -Telnet Terminal-Type Option -.It Cm RFC-1096 -Telnet X Display Location Option -.It Cm RFC-1123 -Requirements for Internet Hosts -- Application and Support -.It Cm RFC-1184 -Telnet Linemode Option -.It Cm RFC-1372 -Telnet Remote Flow Control Option -.It Cm RFC-1416 -Telnet Authentication Option -.It Cm RFC-1411 -Telnet Authentication: Kerberos Version 4 -.It Cm RFC-1412 -Telnet Authentication: SPX -.It Cm RFC-1571 -Telnet Environment Option Interoperability Issues -.It Cm RFC-1572 -Telnet Environment Option -.Sh BUGS -Some -.Tn TELNET -commands are only partially implemented. -.Pp -Because of bugs in the original 4.2 BSD -.Xr telnet 1 , -.Nm telnetd -performs some dubious protocol exchanges to try to discover if the remote -client is, in fact, a 4.2 BSD -.Xr telnet 1 . -.Pp -Binary mode -has no common interpretation except between similar operating systems -(Unix in this case). -.Pp -The terminal type name received from the remote client is converted to -lower case. -.Pp -.Nm Telnetd -never sends -.Tn TELNET -.Dv IAC GA -(go ahead) commands. diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3 deleted file mode 100644 index 3f98321d491c..000000000000 --- a/crypto/kerberosIV/man/tf_util.3 +++ /dev/null @@ -1,150 +0,0 @@ -.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ -\- Routines for manipulating a Kerberos ticket file -.SH SYNOPSIS -.nf -.nj -.ft B -#include <krb.h> -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -tf_init(tf_name, rw) -char *tf_name; -int rw; -.PP -.ft B -tf_get_pname(pname) -char *pname; -.PP -.ft B -tf_get_pinst(pinst) -char *pinst; -.PP -.ft B -tf_get_cred(c) -CREDENTIALS *c; -.PP -.ft B -tf_close() -.PP -.fi -.SH DESCRIPTION -This group of routines are provided to manipulate the Kerberos tickets -file. A ticket file has the following format: -.nf -.in +4 -.sp -principal's name (null-terminated string) -principal's instance (null-terminated string) -CREDENTIAL_1 -CREDENTIAL_2 - ... -CREDENTIAL_n -EOF -.sp -.in -4 -.LP -Where "CREDENTIAL_x" consists of the following fixed-length -fields from the CREDENTIALS structure (defined in <krb.h>): -.nf -.sp -.in +4 - char service[ANAME_SZ] - char instance[INST_SZ] - char realm[REALM_SZ] - des_cblock session - int lifetime - int kvno - KTEXT_ST ticket_st - long issue_date -.in -4 -.sp -.fi -.PP -.I tf_init -must be called before the other ticket file -routines. -It takes the name of the ticket file to use, -and a read/write flag as arguments. -It tries to open the ticket file, checks the mode and if -everything is okay, locks the file. If it's opened for -reading, the lock is shared. If it's opened for writing, -the lock is exclusive. -KSUCCESS is returned if all went well, otherwise one of the -following: -.nf -.sp -NO_TKT_FIL - file wasn't there -TKT_FIL_ACC - file was in wrong mode, etc. -TKT_FIL_LCK - couldn't lock the file, even after a retry -.sp -.fi -.PP -The -.I tf_get_pname -reads the principal's name from a ticket file. -It should only be called after tf_init has been called. The -principal's name is filled into the -.I pname -parameter. If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If the principal's name was null, or EOF was encountered, or the -name was longer than ANAME_SZ, TKT_FIL_FMT is returned. -.PP -The -.I tf_get_pinst -reads the principal's instance from a ticket file. -It should only be called after tf_init and tf_get_pname -have been called. -The principal's instance is filled into the -.I pinst -parameter. -If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If EOF was encountered, or the -name was longer than INST_SZ, TKT_FIL_FMT is returned. -Note that, unlike the principal name, the instance name may be null. -.PP -The -.I tf_get_cred -routine reads a CREDENTIALS record from a ticket file and -fills in the given structure. -It should only be called after -tf_init, tf_get_pname, and tf_get_pinst have been called. -If all goes well, KSUCCESS is returned. Possible error codes -are: -.nf -.sp -TKT_FIL_INI - tf_init wasn't called first -TKT_FIL_FMT - bad format -EOF - end of file encountered -.sp -.fi -.PP -.I tf_close -closes the ticket file and releases the lock on it. -.SH "SEE ALSO" -krb(3) -.SH DIAGNOSTICS -.SH BUGS -The ticket file routines have to be called in a certain order. -.SH AUTHORS -Jennifer Steiner, MIT Project Athena -.br -Bill Bryant, MIT Project Athena -.SH RESTRICTIONS -Copyright 1987 Massachusetts Institute of Technology |