krb5: Update to 1.21.1 - src - FreeBSD source tree

diff options


context:
space:
mode:

author	Cy Schubert <cy@FreeBSD.org>	2023-08-04 17:53:10 +0000
committer	Cy Schubert <cy@FreeBSD.org>	2023-08-04 17:53:10 +0000
commit	0320e0d5bb9fbb5da53478b3fd80ad79b110191d (patch)
tree	e1185f75bd2d3f87b0c17f787debc3ee8648214b /doc/html/admin/admin_commands/kadmind.html
parent	b0e4d68d5124581ae353493d69bea352de4cff8a (diff)

vendor/krb5/1.21.1

Diffstat (limited to 'doc/html/admin/admin_commands/kadmind.html')

-rw-r--r--

doc/html/admin/admin_commands/kadmind.html

1 files changed, 50 insertions, 44 deletions

diff --git a/doc/html/admin/admin_commands/kadmind.html b/doc/html/admin/admin_commands/kadmind.html
index d30f4cede9e9..7d66d2b83bf3 100644
--- a/doc/html/admin/admin_commands/kadmind.html
+++ b/doc/html/admin/admin_commands/kadmind.html

@@ -1,33 +1,31 @@

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

- <title>kadmind — MIT Kerberos Documentation</title>

+ <title>kadmind — MIT Kerberos Documentation</title>

var DOCUMENTATION_OPTIONS = {

URL_ROOT: '../../',

- VERSION: '1.16',

+ VERSION: '1.21.1',

COLLAPSE_INDEX: false,

FILE_SUFFIX: '.html',

- HAS_SOURCE: true

+ HAS_SOURCE: true,

+ SOURCELINK_SUFFIX: '.txt'

};

</script>

+ <link rel="index" title="Index" href="../../genindex.html" />

+ <link rel="search" title="Search" href="../../search.html" />

- <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" />

- <link rel="up" title="Administration programs" href="index.html" />

</head>

@@ -61,7 +59,7 @@

- <div class="body">

+ <div class="body" role="main">

<span id="kadmind-8"></span><h1>kadmind<a class="headerlink" href="#kadmind" title="Permalink to this headline">¶</a></h1>

@@ -83,37 +81,37 @@

<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>

<p>kadmind starts the Kerberos administration server. kadmind typically

-runs on the master Kerberos server, which stores the KDC database. If

-the KDC database uses the LDAP module, the administration server and

-the KDC server need not run on the same machine. kadmind accepts

-remote requests from programs such as <a class="reference internal" href="kadmin_local.html#kadmin-1"><em>kadmin</em></a> and

-<a class="reference internal" href="../../user/user_commands/kpasswd.html#kpasswd-1"><em>kpasswd</em></a> to administer the information in these database.</p>

+runs on the primary Kerberos server, which stores the KDC database.

+If the KDC database uses the LDAP module, the administration server

+and the KDC server need not run on the same machine. kadmind accepts

+remote requests from programs such as <a class="reference internal" href="kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> and

+<a class="reference internal" href="../../user/user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a> to administer the information in these database.</p>

<p>kadmind requires a number of configuration files to be set up in order

for it to work:</p>

-<dt><a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a></dt>

+<dt><a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a></dt>

<dd>The KDC configuration file contains configuration information for

the KDC and admin servers. kadmind uses settings in this file to

locate the Kerberos database, and is also affected by the

<strong>acl_file</strong>, <strong>dict_file</strong>, <strong>kadmind_port</strong>, and iprop-related

settings.</dd>

-<dt><a class="reference internal" href="../conf_files/kadm5_acl.html#kadm5-acl-5"><em>kadm5.acl</em></a></dt>

-<dd>kadmind’s ACL (access control list) tells it which principals are

+<dt><a class="reference internal" href="../conf_files/kadm5_acl.html#kadm5-acl-5"><span class="std std-ref">kadm5.acl</span></a></dt>

+<dd>kadmind’s ACL (access control list) tells it which principals are

allowed to perform administration actions. The pathname to the

-ACL file can be specified with the <strong>acl_file</strong> <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a>

-variable; by default, it is <a class="reference internal" href="../../mitK5defaults.html#paths"><em>LOCALSTATEDIR</em></a><tt class="docutils literal"><span class="pre">/krb5kdc</span></tt><tt class="docutils literal"><span class="pre">/kadm5.acl</span></tt>.</dd>

+ACL file can be specified with the <strong>acl_file</strong> <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>

+variable; by default, it is <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal"><span class="pre">/krb5kdc</span></code><code class="docutils literal"><span class="pre">/kadm5.acl</span></code>.</dd>

</dl>

<p>After the server begins running, it puts itself in the background and

disassociates itself from its controlling terminal.</p>

<p>kadmind can be configured for incremental database propagation.

-Incremental propagation allows slave KDC servers to receive principal

-and policy updates incrementally instead of receiving full dumps of

-the database. This facility can be enabled in the <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a>

-file with the <strong>iprop_enable</strong> option. Incremental propagation

-requires the principal <tt class="docutils literal"><span class="pre">kiprop/MASTER\@REALM</span></tt> (where MASTER is the

-master KDC’s canonical host name, and REALM the realm name). In

-release 1.13, this principal is automatically created and registered

-into the datebase.</p>

+Incremental propagation allows replica KDC servers to receive

+principal and policy updates incrementally instead of receiving full

+dumps of the database. This facility can be enabled in the

+<a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a> file with the <strong>iprop_enable</strong> option. Incremental

+propagation requires the principal <code class="docutils literal"><span class="pre">kiprop/PRIMARY\@REALM</span></code> (where

+PRIMARY is the primary KDC’s canonical host name, and REALM the realm

+name). In release 1.13, this principal is automatically created and

+registered into the datebase.</p>

</div>

<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2>

@@ -128,17 +126,16 @@ invoked with the <strong>-nofork</strong> option) rather than from a file on

disk.</dd>

<dt><strong>-nofork</strong></dt>

<dd>causes the server to remain in the foreground and remain

-associated to the terminal. In normal operation, you should allow

-the server to place itself in the background.</dd>

+associated to the terminal.</dd>

<dt><strong>-proponly</strong></dt>

-<dd>causes the server to only listen and respond to Kerberos slave

+<dd>causes the server to only listen and respond to Kerberos replica

incremental propagation polling requests. This option can be used

-to set up a hierarchical propagation topology where a slave KDC

-provides incremental updates to other Kerberos slaves.</dd>

+to set up a hierarchical propagation topology where a replica KDC

+provides incremental updates to other Kerberos replicas.</dd>

<dt><strong>-port</strong> <em>port-number</em></dt>

<dd>specifies the port on which the administration server listens for

connections. The default port is determined by the

-<strong>kadmind_port</strong> configuration variable in <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><em>kdc.conf</em></a>.</dd>

+<strong>kadmind_port</strong> configuration variable in <a class="reference internal" href="../conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>.</dd>

<dd>specifies the file to which the PID of kadmind process should be

written after it starts up. This file can be used to identify

@@ -149,22 +146,27 @@ the correct process.</dd>

KDB in response to full resync requests when iprop is enabled.</dd>

<dt><strong>-K</strong> <em>kprop_path</em></dt>

<dd>specifies the path to the kprop command to use to send full dumps

-to slaves in response to full resync requests.</dd>

+to replicas in response to full resync requests.</dd>

<dt><strong>-k</strong> <em>kprop_port</em></dt>

-<dd>specifies the port by which the kprop process that is spawned by kadmind

-connects to the slave kpropd, in order to transfer the dump file during

-an iprop full resync request.</dd>

+<dd>specifies the port by which the kprop process that is spawned by

+kadmind connects to the replica kpropd, in order to transfer the

+dump file during an iprop full resync request.</dd>

<dd>specifies the file path to be used for dumping the KDB in response

to full resync requests when iprop is enabled.</dd>

-<dd>specifies database-specific arguments. See <a class="reference internal" href="kadmin_local.html#dboptions"><em>Database Options</em></a> in <a class="reference internal" href="kadmin_local.html#kadmin-1"><em>kadmin</em></a> for supported arguments.</dd>

+<dd>specifies database-specific arguments. See <a class="reference internal" href="kadmin_local.html#dboptions"><span class="std std-ref">Database Options</span></a> in <a class="reference internal" href="kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a> for supported arguments.</dd>

</dl>

</div>

+<div class="section" id="environment">

+<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2>

+<p>See <a class="reference internal" href="../../user/user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment

+variables.</p>

+</div>

-<p><a class="reference internal" href="../../user/user_commands/kpasswd.html#kpasswd-1"><em>kpasswd</em></a>, <a class="reference internal" href="kadmin_local.html#kadmin-1"><em>kadmin</em></a>, <a class="reference internal" href="kdb5_util.html#kdb5-util-8"><em>kdb5_util</em></a>,

-<a class="reference internal" href="kdb5_ldap_util.html#kdb5-ldap-util-8"><em>kdb5_ldap_util</em></a>, <a class="reference internal" href="../conf_files/kadm5_acl.html#kadm5-acl-5"><em>kadm5.acl</em></a></p>

+<p><a class="reference internal" href="../../user/user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a>, <a class="reference internal" href="kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>, <a class="reference internal" href="kdb5_util.html#kdb5-util-8"><span class="std std-ref">kdb5_util</span></a>,

+<a class="reference internal" href="kdb5_ldap_util.html#kdb5-ldap-util-8"><span class="std std-ref">kdb5_ldap_util</span></a>, <a class="reference internal" href="../conf_files/kadm5_acl.html#kadm5-acl-5"><span class="std std-ref">kadm5.acl</span></a>, <a class="reference internal" href="../../user/user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p>

</div>

@@ -180,6 +182,7 @@ to full resync requests when iprop is enabled.</dd>

<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>

<li><a class="reference internal" href="#description">DESCRIPTION</a></li>

<li><a class="reference internal" href="#options">OPTIONS</a></li>

+<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li>

</ul>

</li>

@@ -194,6 +197,7 @@ to full resync requests when iprop is enabled.</dd>

<li class="toctree-l2"><a class="reference internal" href="../conf_files/index.html">Configuration Files</a></li>

<li class="toctree-l2"><a class="reference internal" href="../realm_config.html">Realm configuration decisions</a></li>

<li class="toctree-l2"><a class="reference internal" href="../database.html">Database administration</a></li>

+<li class="toctree-l2"><a class="reference internal" href="../dbtypes.html">Database types</a></li>

<li class="toctree-l2"><a class="reference internal" href="../lockout.html">Account lockout</a></li>

<li class="toctree-l2"><a class="reference internal" href="../conf_ldap.html">Configuring Kerberos with OpenLDAP back-end</a></li>

<li class="toctree-l2"><a class="reference internal" href="../appl_servers.html">Application servers</a></li>

@@ -201,13 +205,15 @@ to full resync requests when iprop is enabled.</dd>

<li class="toctree-l2"><a class="reference internal" href="../backup_host.html">Backups of secure hosts</a></li>

<li class="toctree-l2"><a class="reference internal" href="../pkinit.html">PKINIT configuration</a></li>

<li class="toctree-l2"><a class="reference internal" href="../otp.html">OTP Preauthentication</a></li>

+<li class="toctree-l2"><a class="reference internal" href="../spake.html">SPAKE Preauthentication</a></li>

+<li class="toctree-l2"><a class="reference internal" href="../dictionary.html">Addressing dictionary attack risks</a></li>

<li class="toctree-l2"><a class="reference internal" href="../princ_dns.html">Principal names and DNS</a></li>

<li class="toctree-l2"><a class="reference internal" href="../enctypes.html">Encryption types</a></li>

<li class="toctree-l2"><a class="reference internal" href="../https.html">HTTPS proxy configuration</a></li>

<li class="toctree-l2"><a class="reference internal" href="../auth_indicator.html">Authentication indicators</a></li>

<li class="toctree-l2 current"><a class="reference internal" href="index.html">Administration programs</a><ul class="current">

<li class="toctree-l3"><a class="reference internal" href="kadmin_local.html">kadmin</a></li>

-<li class="toctree-l3 current"><a class="current reference internal" href="">kadmind</a></li>

+<li class="toctree-l3 current"><a class="current reference internal" href="#">kadmind</a></li>

@@ -253,8 +259,8 @@ to full resync requests when iprop is enabled.</dd>

- <div class="right" ><i>Release: 1.16</i><br />

+ <div class="right" ><i>Release: 1.21.1</i><br />

</div>