diff options
Diffstat (limited to 'eBones/kadmind/kadmind.8')
| -rw-r--r-- | eBones/kadmind/kadmind.8 | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/eBones/kadmind/kadmind.8 b/eBones/kadmind/kadmind.8 new file mode 100644 index 000000000000..1eb10d793442 --- /dev/null +++ b/eBones/kadmind/kadmind.8 @@ -0,0 +1,117 @@ +.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ +.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <Copyright.MIT>. +.\" +.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kadmind \- network daemon for Kerberos database administration +.SH SYNOPSIS +.B kadmind +[ +.B \-n +] [ +.B \-h +] [ +.B \-r realm +] [ +.B \-f filename +] [ +.B \-d dbname +] [ +.B \-a acldir +] +.SH DESCRIPTION +.I kadmind +is the network database server for the Kerberos password-changing and +administration tools. +.PP +Upon execution, it prompts the user to enter the master key string for +the database. +.PP +If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +If the +.B \-r +.I realm +option is specified, the admin server will pretend that its +local realm is +.I realm +instead of the actual local realm of the host it is running on. +This makes it possible to run a server for a foreign kerberos +realm. +.PP +If the +.B \-f +.I filename +option is specified, then that file is used to hold the log information +instead of the default. +.PP +If the +.B \-d +.I dbname +option is specified, then that file is used as the database name instead +of the default. +.PP +If the +.B \-a +.I acldir +option is specified, then +.I acldir +is used as the directory in which to search for access control lists +instead of the default. +.PP +If the +.B \-h +option is specified, +.I kadmind +prints out a short summary of the permissible control arguments, and +then exits. +.PP +When performing requests on behalf of clients, +.I kadmind +checks access control lists (ACLs) to determine the authorization of the client +to perform the requested action. +Currently three distinct access types are supported: +.TP 1i +Addition +(.add ACL file). If a principal is on this list, it may add new +principals to the database. +.TP +Retrieval +(.get ACL file). If a principal is on this list, it may retrieve +database entries. NOTE: A principal's private key is never returned by +the get functions. +.TP +Modification +(.mod ACL file). If a principal is on this list, it may modify entries +in the database. +.PP +A principal is always granted authorization to change its own password. +.SH FILES +.TP 20n +/var/log/kadmind.syslog +Default log file. +.TP +/etc/kerberosIV/admin_acl.{add,get,mod} +Access control list files +.TP +/etc/kerberosIV/principal.db +DBM file containing database +.TP +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key +Master key cache file. +.SH "SEE ALSO" +kerberos(1), kpasswd(1), kadmin(8), acl_check(3) +.SH AUTHORS +Douglas A. Church, MIT Project Athena +.br +John T. Kohl, Project Athena/Digital Equipment Corporation |