summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kadmin/kadmind.cat8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin/kadmind.cat8')
-rw-r--r--crypto/heimdal/kadmin/kadmind.cat893
1 files changed, 93 insertions, 0 deletions
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
new file mode 100644
index 0000000..c03ae18
--- /dev/null
+++ b/crypto/heimdal/kadmin/kadmind.cat8
@@ -0,0 +1,93 @@
+
+KADMIND(8) UNIX System Manager's Manual KADMIND(8)
+
+NNAAMMEE
+ kkaaddmmiinndd - server for administrative access to kerberos database
+
+SSYYNNOOPPSSIISS
+ kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+ [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
+ ----ppoorrttss==_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkaaddmmiinndd listens for requests for changes to the Kerberos database and
+ performs these, subject to permissions. When starting, if stdin is a
+ socket it assumes that it has been started by inetd(8), otherwise it be-
+ haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
+ option causes kkaaddmmiinndd to accept exactly one connection, which is useful
+ for debugging.
+
+ If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
+ ministrative protocol and the Kerberos 4 protocol. Password changes via
+ the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the kpass-
+ wdd(8) daemon is responsible for the Kerberos 5 password changing proto-
+ col (used by kpasswd(1))
+
+ This daemon should only be run on ther master server, and not on any
+ slaves.
+
+ Principals are always allowed to change their own password and list their
+ own principals. Apart from that, doing any operation requires permission
+ explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
+ this file is:
+
+ _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
+
+ Where rights is any combination of:
+
+ ++oo change-password | cpw
+
+ ++oo list
+
+ ++oo delete
+
+ ++oo modify
+
+ ++oo add
+
+ ++oo get
+
+ ++oo all
+
+ And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to principals
+ that match the glob-style pattern.
+
+ Supported options:
+
+ --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
+ location of config file
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ location of master key file
+
+ ----kkeeyyttaabb==_k_e_y_t_a_b
+
+
+ what keytab to use
+
+ --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
+ realm to use
+
+ --dd, ----ddeebbuugg
+ enable debugging
+
+ --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
+ ports to listen to. By default, if run as a daemon, it listen to
+ ports 749, and 751 (if built with Kerberos 4 support), but you
+ can add any number of ports with this option. The port string is
+ a whitespace separated list of port specifications, with the spe-
+ cial string ``+'' representing the default set of ports.
+
+FFIILLEESS
+ _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
+
+EEXXAAMMPPLLEESS
+ This will cause kadmind to listen to port 4711 in addition to any com-
+ piled in defaults:
+
+ # kadmind --ports="+ 4711" &
+
+SSEEEE AALLSSOO
+ kdc(8), kadmin(1), kpasswdd(8), kpasswd(1)
+
+ HEIMDAL June 7, 2000 2
OpenPOWER on IntegriCloud