summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kadmin/kadmind.cat8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kadmin/kadmind.cat8')
-rw-r--r--crypto/heimdal/kadmin/kadmind.cat893
1 files changed, 0 insertions, 93 deletions
diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8
deleted file mode 100644
index b7172bc..0000000
--- a/crypto/heimdal/kadmin/kadmind.cat8
+++ /dev/null
@@ -1,93 +0,0 @@
-KADMIND(8) NetBSD System Manager's Manual KADMIND(8)
-
-NNAAMMEE
- kkaaddmmiinndd - server for administrative access to kerberos database
-
-SSYYNNOOPPSSIISS
- kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
- [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
- ----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44]
-
-DDEESSCCRRIIPPTTIIOONN
- kkaaddmmiinndd listens for requests for changes to the Kerberos database and
- performs these, subject to permissions. When starting, if stdin is a
- socket it assumes that it has been started by inetd(8), otherwise it be-
- haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
- option causes kkaaddmmiinndd to accept exactly one connection, which is useful
- for debugging.
-
- If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
- ministrative protocol and the Kerberos 4 protocol. Password changes via
- the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the
- kpasswdd(8) daemon is responsible for the Kerberos 5 password changing
- protocol (used by kpasswd(1))
-
- This daemon should only be run on ther master server, and not on any
- slaves.
-
- Principals are always allowed to change their own password and list their
- own principal. Apart from that, doing any operation requires permission
- explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
- this file is:
-
- _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
-
- Where rights is any (comma separated) combination of:
- ++oo change-password or cpw
- ++oo list
- ++oo delete
- ++oo modify
- ++oo add
- ++oo get
- ++oo all
-
- And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
- principals that match the glob-style pattern.
-
- Supported options:
-
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
- location of config file
-
- --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
- location of master key file
-
- ----kkeeyyttaabb==_k_e_y_t_a_b
- what keytab to use
-
- --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
- realm to use
-
- --dd, ----ddeebbuugg
- enable debugging
-
- --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
- ports to listen to. By default, if run as a daemon, it listen to
- ports 749, and 751 (if Kerberos 4 support is built and enabled),
- but you can add any number of ports with this option. The port
- string is a whitespace separated list of port specifications,
- with the special string ``+'' representing the default set of
- ports.
-
- ----nnoo--kkeerrbbeerrooss44
- make kkaaddmmiinndd ignore Kerberos 4 kadmin requests.
-
-FFIILLEESS
- _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
-
-EEXXAAMMPPLLEESS
- This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
- piled in defaults:
-
- kkaaddmmiinndd----ppoorrttss="+ 4711" &
-
- This acl file will grant Joe all rights, and allow Mallory to view and
- add host principals.
-
- joe/admin@EXAMPLE.COM all
- mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
-
-SSEEEE AALLSSOO
- kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
-
- HEIMDAL March 5, 2002 2
OpenPOWER on IntegriCloud