summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc/kdc.8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc/kdc.8')
-rw-r--r--crypto/heimdal/kdc/kdc.892
1 files changed, 92 insertions, 0 deletions
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
new file mode 100644
index 0000000..8925111
--- /dev/null
+++ b/crypto/heimdal/kdc/kdc.8
@@ -0,0 +1,92 @@
+.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $
+.\"
+.Dd July 27, 1997
+.Dt KDC 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kdc
+.Nd
+Kerberos 5 server
+.Sh SYNOPSIS
+.Nm
+.Op Fl c Ar file
+.Op Fl -config-file= Ns Ar file
+.Op Fl k Ar file
+.Op Fl -key-file= Ns Ar file
+.Op Fl p
+.Op Fl -no-require-preauth
+.Op Fl r Ar realm
+.Op Fl -v4-realm= Ns Ar realm
+
+.Sh DESCRIPTION
+.Nm
+serves requests for tickets. When it starts, it first checks the flags
+passed, any options that are not specified with a command line flag is
+taken from a config file, or from a default compiled-in value.
+.Pp
+Options supported:
+.Bl -tag -width Ds
+.It Fl c Ar file
+.It Fl -config-file= Ns Ar file
+Specifies the location of the config file, the default is
+.Pa /var/heimdal/kdc.conf .
+This is the only value that can't be specified in the config file.
+.It Fl k Ar file
+.It Fl -key-file= Ns Ar file
+The location of the master-key file. All keys in the database is
+encrypted with this master key. The use of a master key is currently
+optional, so there is no default.
+.Em "Don't specify a master key file if your database is not encrypted."
+.It Fl p
+.It Fl -no-require-preauth
+Turn off the requirement for pre-autentication in the initial
+AS-REQ. The use of pre-authentication makes it more difficult to do
+offline password attacks. You might want to turn it off if you have
+clients that doesn't do pre-authentication. Since the version 4
+protocol doesn't support any pre-authentication, so serving version 4
+clients is just about the same as not requiring pre-athentication. The
+default is to require pre-authentication.
+.It Fl r Ar realm
+.It Fl -v4-realm= Ns Ar realm
+What realm this server should act as when dealing with version 4
+requests. The database can contain any number of realms, but since the
+version 4 protocol doesn't contain a realm for the server, it must be
+explicitly specified. The default is whatever is returned by
+.Fn krb_get_lrealm .
+This option is only availabe if the KDC has been compiled with version
+4 support.
+.El
+.Pp
+All activities , are logged to one or more destinations, see
+.Xr krb5.conf 5 ,
+and
+.Xr krb5_openlog 3 .
+The entity used for logging is
+.Nm kdc .
+.Sh CONFIGURATION FILE
+The configuration file has the same syntax as the
+.Pa krb5.conf
+file (you can actually put the configuration in
+.Pa /etc/krb5.conf ,
+and then start the KDC with
+.Fl -config-file= Ns Ar /etc/krb5.conf ) .
+All options should be in a section called
+.Dq kdc .
+Options are called the same as the long option name, and takes the
+same arguments. The only difference is the pre-authentication flag,
+that has to be specified as:
+.Pp
+.Dl require-preauth = no
+.Pp
+(in fact you can specify the option as
+.Fl -require-preauth=no ) .
+.Pp
+An example of a config file:
+.Bd -literal -offset indent
+[kdc]
+ require-preauth = no
+ v4-realm = FOO.SE
+ key-file = /key-file
+.Ed
+.Sh SEE ALSO
+.Xr kinit 1
OpenPOWER on IntegriCloud