diff options
Diffstat (limited to 'crypto/heimdal/kadmin/kadmind.cat8')
-rw-r--r-- | crypto/heimdal/kadmin/kadmind.cat8 | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8 new file mode 100644 index 0000000..c03ae18 --- /dev/null +++ b/crypto/heimdal/kadmin/kadmind.cat8 @@ -0,0 +1,93 @@ + +KADMIND(8) UNIX System Manager's Manual KADMIND(8) + +NNAAMMEE + kkaaddmmiinndd - server for administrative access to kerberos database + +SSYYNNOOPPSSIISS + kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] + [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t | + ----ppoorrttss==_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + kkaaddmmiinndd listens for requests for changes to the Kerberos database and + performs these, subject to permissions. When starting, if stdin is a + socket it assumes that it has been started by inetd(8), otherwise it be- + haves as a daemon, forking processes for each new connection. The ----ddeebbuugg + option causes kkaaddmmiinndd to accept exactly one connection, which is useful + for debugging. + + If built with krb4 support, it implements both the Heimdal Kerberos 5 ad- + ministrative protocol and the Kerberos 4 protocol. Password changes via + the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass- + wdd(8) daemon is responsible for the Kerberos 5 password changing proto- + col (used by kpasswd(1)) + + This daemon should only be run on ther master server, and not on any + slaves. + + Principals are always allowed to change their own password and list their + own principals. Apart from that, doing any operation requires permission + explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of + this file is: + + _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n] + + Where rights is any combination of: + + ++oo change-password | cpw + + ++oo list + + ++oo delete + + ++oo modify + + ++oo add + + ++oo get + + ++oo all + + And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals + that match the glob-style pattern. + + Supported options: + + --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e + location of config file + + --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e + location of master key file + + ----kkeeyyttaabb==_k_e_y_t_a_b + + + what keytab to use + + --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m + realm to use + + --dd, ----ddeebbuugg + enable debugging + + --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t + ports to listen to. By default, if run as a daemon, it listen to + ports 749, and 751 (if built with Kerberos 4 support), but you + can add any number of ports with this option. The port string is + a whitespace separated list of port specifications, with the spe- + cial string ``+'' representing the default set of ports. + +FFIILLEESS + _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l + +EEXXAAMMPPLLEESS + This will cause kadmind to listen to port 4711 in addition to any com- + piled in defaults: + + # kadmind --ports="+ 4711" & + +SSEEEE AALLSSOO + kdc(8), kadmin(1), kpasswdd(8), kpasswd(1) + + HEIMDAL June 7, 2000 2 |