diff options
Diffstat (limited to 'crypto/heimdal/kdc/kdc.8')
-rw-r--r-- | crypto/heimdal/kdc/kdc.8 | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 new file mode 100644 index 0000000..8925111 --- /dev/null +++ b/crypto/heimdal/kdc/kdc.8 @@ -0,0 +1,92 @@ +.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $ +.\" +.Dd July 27, 1997 +.Dt KDC 8 +.Os HEIMDAL +.Sh NAME +.Nm kdc +.Nd +Kerberos 5 server +.Sh SYNOPSIS +.Nm +.Op Fl c Ar file +.Op Fl -config-file= Ns Ar file +.Op Fl k Ar file +.Op Fl -key-file= Ns Ar file +.Op Fl p +.Op Fl -no-require-preauth +.Op Fl r Ar realm +.Op Fl -v4-realm= Ns Ar realm + +.Sh DESCRIPTION +.Nm +serves requests for tickets. When it starts, it first checks the flags +passed, any options that are not specified with a command line flag is +taken from a config file, or from a default compiled-in value. +.Pp +Options supported: +.Bl -tag -width Ds +.It Fl c Ar file +.It Fl -config-file= Ns Ar file +Specifies the location of the config file, the default is +.Pa /var/heimdal/kdc.conf . +This is the only value that can't be specified in the config file. +.It Fl k Ar file +.It Fl -key-file= Ns Ar file +The location of the master-key file. All keys in the database is +encrypted with this master key. The use of a master key is currently +optional, so there is no default. +.Em "Don't specify a master key file if your database is not encrypted." +.It Fl p +.It Fl -no-require-preauth +Turn off the requirement for pre-autentication in the initial +AS-REQ. The use of pre-authentication makes it more difficult to do +offline password attacks. You might want to turn it off if you have +clients that doesn't do pre-authentication. Since the version 4 +protocol doesn't support any pre-authentication, so serving version 4 +clients is just about the same as not requiring pre-athentication. The +default is to require pre-authentication. +.It Fl r Ar realm +.It Fl -v4-realm= Ns Ar realm +What realm this server should act as when dealing with version 4 +requests. The database can contain any number of realms, but since the +version 4 protocol doesn't contain a realm for the server, it must be +explicitly specified. The default is whatever is returned by +.Fn krb_get_lrealm . +This option is only availabe if the KDC has been compiled with version +4 support. +.El +.Pp +All activities , are logged to one or more destinations, see +.Xr krb5.conf 5 , +and +.Xr krb5_openlog 3 . +The entity used for logging is +.Nm kdc . +.Sh CONFIGURATION FILE +The configuration file has the same syntax as the +.Pa krb5.conf +file (you can actually put the configuration in +.Pa /etc/krb5.conf , +and then start the KDC with +.Fl -config-file= Ns Ar /etc/krb5.conf ) . +All options should be in a section called +.Dq kdc . +Options are called the same as the long option name, and takes the +same arguments. The only difference is the pre-authentication flag, +that has to be specified as: +.Pp +.Dl require-preauth = no +.Pp +(in fact you can specify the option as +.Fl -require-preauth=no ) . +.Pp +An example of a config file: +.Bd -literal -offset indent +[kdc] + require-preauth = no + v4-realm = FOO.SE + key-file = /key-file +.Ed +.Sh SEE ALSO +.Xr kinit 1 |