aboutsummaryrefslogtreecommitdiff
path: root/kpasswd/kpasswdd.8
diff options
context:
space:
mode:
Diffstat (limited to 'kpasswd/kpasswdd.8')
-rw-r--r--kpasswd/kpasswdd.896
1 files changed, 96 insertions, 0 deletions
diff --git a/kpasswd/kpasswdd.8 b/kpasswd/kpasswdd.8
new file mode 100644
index 000000000000..ab750bd4993c
--- /dev/null
+++ b/kpasswd/kpasswdd.8
@@ -0,0 +1,96 @@
+.\" $Id: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $
+.\"
+.Dd April 19, 1999
+.Dt KPASSWDD 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kpasswdd
+.Nd Kerberos 5 password changing server
+.Sh SYNOPSIS
+.Nm
+.Bk -words
+.Op Fl -addresses= Ns Ar address
+.Op Fl -check-library= Ns Ar library
+.Op Fl -check-function= Ns Ar function
+.Oo Fl k Ar kspec \*(Ba Xo
+.Fl -keytab= Ns Ar kspec
+.Xc
+.Oc
+.Oo Fl r Ar realm \*(Ba Xo
+.Fl -realm= Ns Ar realm
+.Xc
+.Oc
+.Oo Fl p Ar string \*(Ba Xo
+.Fl -port= Ns Ar string
+.Xc
+.Oc
+.Op Fl -version
+.Op Fl -help
+.Ek
+.Sh DESCRIPTION
+.Nm
+serves request for password changes. It listens on UDP port 464
+(service kpasswd) and processes requests when they arrive. It changes
+the database directly and should thus only run on the master KDC.
+.Pp
+Supported options:
+.Bl -tag -width Ds
+.It Xo
+.Fl -addresses= Ns Ar address
+.Xc
+For each till the argument is given, add the address to what kpasswdd
+should listen too.
+.It Xo
+.Fl -check-library= Ns Ar library
+.Xc
+If your system has support for dynamic loading of shared libraries,
+you can use an external function to check password quality. This
+option specifies which library to load.
+.It Xo
+.Fl -check-function= Ns Ar function
+.Xc
+This is the function to call in the loaded library. The function
+should look like this:
+.Pp
+.Ft const char *
+.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
+.Pp
+.Fa context
+is an initialized context;
+.Fa principal
+is the one who tries to change passwords, and
+.Fa password
+is the new password. Note that the password (in
+.Fa password->data )
+is not zero terminated.
+.It Xo
+.Fl k Ar kspec ,
+.Fl -keytab= Ns Ar kspec
+.Xc
+Keytab to get authentication key from.
+.It Xo
+.Fl r Ar realm ,
+.Fl -realm= Ns Ar realm
+.Xc
+Default realm.
+.It Xo
+.Fl p Ar string ,
+.Fl -port= Ns Ar string
+.Xc
+Port to listen on (default service kpasswd - 464).
+.El
+.Sh DIAGNOSTICS
+If an error occurs, the error message is returned to the user and/or
+logged to syslog.
+.Sh BUGS
+The default password quality checks are too basic.
+.Sh SEE ALSO
+.Xr kpasswd 1 ,
+.Xr kdc 8
+.\".Sh ENVIRONMENT
+.\".Sh FILES
+.\".Sh EXAMPLES
+.\".Sh SEE ALSO
+.\".Sh STANDARDS
+.\".Sh HISTORY
+.\".Sh AUTHORS
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 02:54:53 +0000