diff options
author | nectar <nectar@FreeBSD.org> | 2002-08-30 21:23:27 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-08-30 21:23:27 +0000 |
commit | a77dba08ca7d8ad2f2dcd653974ac66df78cfa49 (patch) | |
tree | 6015f89700252fb05eb8fa267c46dba41913e9d8 /crypto/heimdal/kadmin/kadmind.8 | |
parent | 69a91bec14ec3ad49d1c8a82c40a796755f9e4a3 (diff) | |
download | FreeBSD-src-a77dba08ca7d8ad2f2dcd653974ac66df78cfa49.zip FreeBSD-src-a77dba08ca7d8ad2f2dcd653974ac66df78cfa49.tar.gz |
Import of Heimdal Kerberos from KTH repository circa 2002/08/29.
Diffstat (limited to 'crypto/heimdal/kadmin/kadmind.8')
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.8 | 47 |
1 files changed, 29 insertions, 18 deletions
diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index 1169530..f7a3f5b 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -1,4 +1,6 @@ -.Dd June 7, 2000 +.\" $Id: kadmind.8,v 1.10 2002/08/20 17:07:11 joda Exp $ +.\" +.Dd March 5, 2002 .Dt KADMIND 8 .Os HEIMDAL .Sh NAME @@ -27,21 +29,22 @@ .Sh DESCRIPTION .Nm listens for requests for changes to the Kerberos database and performs -these, subject to permissions. When starting, if stdin is a socket it assumes that it has been started by +these, subject to permissions. When starting, if stdin is a socket it +assumes that it has been started by .Xr inetd 8 , otherwise it behaves as a daemon, forking processes for each new -connection. The +connection. The .Fl -debug -option causes +option causes .Nm -to accept exactly one connection, which is useful for debugging. +to accept exactly one connection, which is useful for debugging. .Pp If built with krb4 support, it implements both the Heimdal Kerberos 5 administrative protocol and the Kerberos 4 protocol. Password changes via the Kerberos 4 protocol are also performed by .Nm kadmind , but the -.Xr kpasswdd 8 +.Xr kpasswdd 8 daemon is responsible for the Kerberos 5 password changing protocol (used by .Xr kpasswd 1 ) @@ -51,7 +54,7 @@ This daemon should only be run on ther master server, and not on any slaves. .Pp Principals are always allowed to change their own password and list -their own principals. Apart from that, doing any operation requires +their own principal. Apart from that, doing any operation requires permission explicitly added in the ACL file .Pa /var/heimdal/kadmind.acl . The format of this file is: @@ -61,10 +64,10 @@ The format of this file is: .Op Va principal-pattern .Ed .Pp -Where rights is any combination of: -.Bl -bullet +Where rights is any (comma separated) combination of: +.Bl -bullet -compact .It -change-password | cpw +change-password or cpw .It list .It @@ -81,17 +84,18 @@ all .Pp And the optional .Ar principal-pattern -restricts the rights to principals that match the glob-style pattern. +restricts the rights to operations on principals that match the +glob-style pattern. .Pp Supported options: .Bl -tag -width Ds .It Xo -.Fl c Ar file Ns , +.Fl c Ar file , .Fl -config-file= Ns Ar file .Xc location of config file .It Xo -.Fl k Ar file Ns , +.Fl k Ar file , .Fl -key-file= Ns Ar file .Xc location of master key file @@ -100,23 +104,23 @@ location of master key file .Xc what keytab to use .It Xo -.Fl r Ar realm Ns , +.Fl r Ar realm , .Fl -realm= Ns Ar realm .Xc realm to use .It Xo -.Fl d Ns , +.Fl d , .Fl -debug .Xc enable debugging .It Xo -.Fl p Ar port Ns , +.Fl p Ar port , .Fl -ports= Ns Ar port .Xc ports to listen to. By default, if run as a daemon, it listen to ports 749, and 751 (if built with Kerberos 4 support), but you can add any number of ports with this option. The port string is a whitespace -separated list of port specifications, with the special string +separated list of port specifications, with the special string .Dq + representing the default set of ports. .El @@ -130,9 +134,16 @@ to listen to port 4711 in addition to any compiled in defaults: .Pp .D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &" +.Pp +This acl file will grant Joe all rights, and allow Mallory to view and +add host principals. +.Bd -literal -offset indent +joe/admin@EXAMPLE.COM all +mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM +.Ed .\".Sh DIAGNOSTICS .Sh SEE ALSO -.Xr kadmin 1 , .Xr kpasswd 1 , +.Xr kadmin 8 , .Xr kdc 8 , .Xr kpasswdd 8 |