summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2004-04-03 21:31:10 +0000
committernectar <nectar@FreeBSD.org>2004-04-03 21:31:10 +0000
commit26e61e0326ec7606995e0c28ed4247e2db57df7a (patch)
treee1ce35deb91786c1f8367d3010e0d23b6b4cebe3 /crypto/heimdal/kdc
parent0b7467aa1d31177dfe7bb2ce98cb99a8731f25a1 (diff)
downloadFreeBSD-src-26e61e0326ec7606995e0c28ed4247e2db57df7a.zip
FreeBSD-src-26e61e0326ec7606995e0c28ed4247e2db57df7a.tar.gz
Resolve conflicts after import of Heimdal 0.6.1.
Diffstat (limited to 'crypto/heimdal/kdc')
-rw-r--r--crypto/heimdal/kdc/hprop.cat898
-rw-r--r--crypto/heimdal/kdc/hpropd.cat842
-rw-r--r--crypto/heimdal/kdc/kdc.cat8126
-rw-r--r--crypto/heimdal/kdc/kstash.cat833
-rw-r--r--crypto/heimdal/kdc/string2key.cat841
5 files changed, 0 insertions, 340 deletions
diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8
deleted file mode 100644
index 0ac37e2..0000000
--- a/crypto/heimdal/kdc/hprop.cat8
+++ /dev/null
@@ -1,98 +0,0 @@
-HPROP(8) NetBSD System Manager's Manual HPROP(8)
-
-NNAAMMEE
- hhpprroopp - propagate the KDC database
-
-SSYYNNOOPPSSIISS
- hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
- [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r] [--rr _s_t_r_i_n_g |
- ----vv44--rreeaallmm==_s_t_r_i_n_g] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--kk _k_e_y_t_a_b
- | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g | ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE |
- ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp]
- [_h_o_s_t[:_p_o_r_t]] _._._.
-
-DDEESSCCRRIIPPTTIIOONN
- hhpprroopp takes a principal database in a specified format and converts it
- into a stream of Heimdal database records. This stream can either be
- written to standard out, or (more commonly) be propagated to a hpropd(8)
- server running on a different machine.
-
- If propagating, it connects to all _h_o_s_t_s specified on the command by
- opening a TCP connection to port 754 (service hprop) and sends the
- database in encrypted form.
-
- Supported options:
-
- --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
- Where to find the master key to encrypt or decrypt keys with.
-
- --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
- The database to be propagated.
-
- ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r
- Specifies the type of the source database. Alternatives include:
-
- heimdal a Heimdal database
- mit-dump a MIT Kerberos 5 dump file
- krb4-db a Kerberos 4 database
- krb4-dump a Kerberos 4 dump file
- kaserver an AFS kaserver database
-
- --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
- The keytab to use for fetching the key to be used for authenti-
- cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
- from this keytab. The default is to fetch the key from the KDC
- database.
-
- --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
- Local realm override.
-
- --DD, ----ddeeccrryypptt
- The encryption keys in the database can either be in clear, or
- encrypted with a master key. This option transmits the database
- with unencrypted keys.
-
- --EE, ----eennccrryypptt
- This option transmits the database with encrypted keys.
-
- --nn, ----ssttddoouutt
- Dump the database on stdout, in a format that can be fed to
- hpropd.
-
- The following options are only valid if hhpprroopp is compiled with support
- for Kerberos 4 (kaserver).
-
- --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
- v4 realm to use
-
- --cc _c_e_l_l, ----cceellll==_c_e_l_l
- The AFS cell name, used if reading a kaserver database.
-
- --SS, ----kkaassppeecciiaallss
- Also dump the principals marked as special in the kaserver
- database.
-
- --44, ----vv44--ddbb
- Deprecated, identical to `--source=krb4-db'.
-
- --KK, ----kkaa--ddbb
- Deprecated, identical to `--source=kaserver'.
-
-EEXXAAMMPPLLEESS
- The following will propagate a database to another machine (which should
- run hpropd(8):)
-
- $ hprop slave-1 slave-2
-
- Copy a Kerberos 4 database to a Kerberos 5 slave:
-
- $ hprop --source=krb4-db -E krb5-slave
-
- Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
-
- $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
-
-SSEEEE AALLSSOO
- hpropd(8)
-
- HEIMDAL June 19, 2000 2
diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8
deleted file mode 100644
index e72b4da..0000000
--- a/crypto/heimdal/kdc/hpropd.cat8
+++ /dev/null
@@ -1,42 +0,0 @@
-HPROPD(8) NetBSD System Manager's Manual HPROPD(8)
-
-NNAAMMEE
- hhpprrooppdd - receive a propagated database
-
-SSYYNNOOPPSSIISS
- hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
- ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
-
-DDEESSCCRRIIPPTTIIOONN
- hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local
- database.
-
- By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
- and expects to receive the dumped database over stdin otherwise. If the
- database is sent over the network, it is authenticated and encrypted.
- Only connections from kkaaddmmiinn/hhpprroopp are accepted.
-
- Options supported:
-
- --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
- database
-
- --nn, ----ssttddiinn
- read from stdin
-
- ----pprriinntt
- print dump to stdout
-
- --ii, ----nnoo--iinneettdd
- Not started from inetd
-
- --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
- keytab to use for authentication
-
- --44, ----vv44dduummpp
- create v4 type DB
-
-SSEEEE AALLSSOO
- hprop(8)
-
- HEIMDAL August 27, 1997 1
diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8
deleted file mode 100644
index 4d83d59..0000000
--- a/crypto/heimdal/kdc/kdc.cat8
+++ /dev/null
@@ -1,126 +0,0 @@
-KDC(8) NetBSD System Manager's Manual KDC(8)
-
-NNAAMMEE
- kkddcc - Kerberos 5 server
-
-SSYYNNOOPPSSIISS
- kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
- [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
- [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
- ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
-
-DDEESSCCRRIIPPTTIIOONN
- kkddcc serves requests for tickets. When it starts, it first checks the
- flags passed, any options that are not specified with a command line flag
- is taken from a config file, or from a default compiled-in value.
-
- Options supported:
-
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
- Specifies the location of the config file, the default is
- _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be
- specified in the config file.
-
- --pp, ----nnoo--rreeqquuiirree--pprreeaauutthh
- Turn off the requirement for pre-autentication in the initial AS-
- REQ for all principals. The use of pre-authentication makes it
- more difficult to do offline password attacks. You might want to
- turn it off if you have clients that doesn't do pre-authentica-
- tion. Since the version 4 protocol doesn't support any pre-au-
- thentication, so serving version 4 clients is just about the same
- as not requiring pre-athentication. The default is to require
- pre-authentication. Adding the require-preauth per principal is a
- more flexible way of handling this.
-
- ----mmaaxx--rreeqquueesstt==_s_i_z_e
- Gives an upper limit on the size of the requests that the kdc is
- willing to handle.
-
- --HH, ----eennaabbllee--hhttttpp
- Makes the kdc listen on port 80 and handle requests encapsulated
- in HTTP.
-
- --KK, ----nnoo--kkaasseerrvveerr
- Disables kaserver emulation (in case it's compiled in).
-
- --rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m
- What realm this server should act as when dealing with version 4
- requests. The database can contain any number of realms, but
- since the version 4 protocol doesn't contain a realm for the
- server, it must be explicitly specified. The default is whatever
- is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if
- the KDC has been compiled with version 4 support.
-
- --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
- Specifies the set of ports the KDC should listen on. It is given
- as a white-space separated list of services or port numbers.
-
- ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
- The list of addresses to listen for requests on. By default, the
- kdc will listen on all the locally configured addresses. If only
- a subset is desired, or the automatic detection fails, this op-
- tion might be used.
-
- All activities , are logged to one or more destinations, see
- krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc.
-
-CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
- The configuration file has the same syntax as krb5.conf(5), but will be
- read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op-
- tions specific to the KDC only are found in the ``[kdc]'' section. All
- the command-line options can preferably be added in the configuration
- file. The only difference is the pre-authentication flag, that has to be
- specified as:
-
- require-preauth = no
-
- (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
-
- And there are some configuration options which do not have command-line
- equivalents:
-
- check-ticket-addresses = _b_o_o_l_e_a_n
- Check the addresses in the ticket when processing TGS re-
- quests. The default is FALSE.
-
- allow-null-ticket-addresses = _b_o_o_l_e_a_n
- Permit tickets with no addresses. This option is only rele-
- vant when check-ticket-addresses is TRUE.
-
- allow-anonymous = _b_o_o_l_e_a_n
- Permit anonymous tickets with no addresses.
-
- encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
- Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
- code. The Heimdal clients allow both.
-
- kdc_warn_pwexpire = _t_i_m_e
- How long before password/principal expiration the KDC should
- start sending out warning messages.
-
- An example of a config file:
-
- [kdc]
- require-preauth = no
- v4-realm = FOO.SE
- key-file = /key-file
-
-BBUUGGSS
- If the machine running the KDC has new addresses added to it, the KDC
- will have to be restarted to listen to them. The reason it doesn't just
- listen to wildcarded (like INADDR_ANY) addresses, is that the replies has
- to come from the same address they were sent to, and most OS:es doesn't
- pass this information to the application. If your normal mode of opera-
- tion require that you add and remove addresses, the best option is proba-
- bly to listen to a wildcarded TCP socket, and make sure your clients use
- TCP to connect. For instance, this will listen to IPv4 TCP port 88 only:
-
- kdc --addresses=0.0.0.0 --ports="88/tcp"
-
- There should be a way to specify protocol, port, and address triplets,
- not just addresses and protocol, port tuples.
-
-SSEEEE AALLSSOO
- kinit(1), krb5.conf(5)
-
- HEIMDAL August 22, 2002 2
diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8
deleted file mode 100644
index 266648e..0000000
--- a/crypto/heimdal/kdc/kstash.cat8
+++ /dev/null
@@ -1,33 +0,0 @@
-KSTASH(8) NetBSD System Manager's Manual KSTASH(8)
-
-NNAAMMEE
- kkssttaasshh - store the KDC master password in a file
-
-SSYYNNOOPPSSIISS
- kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
- [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
-
-DDEESSCCRRIIPPTTIIOONN
- kkssttaasshh reads the Kerberos master key and stores it in a file that will be
- used by the KDC.
-
- Supported options:
-
- --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
- the encryption type to use, defaults to DES3-CBC-SHA1
-
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
- the name of the master key file
-
- ----ccoonnvveerrtt--ffiillee
- don't ask for a new master key, just read an old master key file,
- and write it back in the new keyfile format
-
- ----mmaasstteerr--kkeeyy--ffdd==_f_d
- filedescriptor to read passphrase from, if not specified the
- passphrase will be read from the terminal
-
-SSEEEE AALLSSOO
- kdc(8)
-
- HEIMDAL September 1, 2000 1
diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8
deleted file mode 100644
index 60a819e..0000000
--- a/crypto/heimdal/kdc/string2key.cat8
+++ /dev/null
@@ -1,41 +0,0 @@
-STRING2KEY(8) NetBSD System Manager's Manual STRING2KEY(8)
-
-NNAAMMEE
- ssttrriinngg22kkeeyy - map a password into a key
-
-SSYYNNOOPPSSIISS
- ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
- ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
- ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
-
-DDEESSCCRRIIPPTTIIOONN
- ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you
- want to handle the raw key instead of the password. Supported options:
-
- --55, ----vveerrssiioonn55
- Output Kerberos v5 string-to-key
-
- --44, ----vveerrssiioonn44
- Output Kerberos v4 string-to-key
-
- --aa, ----aaffss
- Output AFS string-to-key
-
- --cc _c_e_l_l, ----cceellll==_c_e_l_l
- AFS cell to use
-
- --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
- Password to use
-
- --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
- Kerberos v5 principal to use
-
- --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
- Keytype
-
- ----vveerrssiioonn
- print version
-
- ----hheellpp
-
- HEIMDAL March 4, 2000 1
OpenPOWER on IntegriCloud