summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc/kdc.cat8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc/kdc.cat8')
-rw-r--r--crypto/heimdal/kdc/kdc.cat8126
1 files changed, 0 insertions, 126 deletions
diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8
deleted file mode 100644
index 4d83d59..0000000
--- a/crypto/heimdal/kdc/kdc.cat8
+++ /dev/null
@@ -1,126 +0,0 @@
-KDC(8) NetBSD System Manager's Manual KDC(8)
-
-NNAAMMEE
- kkddcc - Kerberos 5 server
-
-SSYYNNOOPPSSIISS
- kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
- [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
- [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
- ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
-
-DDEESSCCRRIIPPTTIIOONN
- kkddcc serves requests for tickets. When it starts, it first checks the
- flags passed, any options that are not specified with a command line flag
- is taken from a config file, or from a default compiled-in value.
-
- Options supported:
-
- --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
- Specifies the location of the config file, the default is
- _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be
- specified in the config file.
-
- --pp, ----nnoo--rreeqquuiirree--pprreeaauutthh
- Turn off the requirement for pre-autentication in the initial AS-
- REQ for all principals. The use of pre-authentication makes it
- more difficult to do offline password attacks. You might want to
- turn it off if you have clients that doesn't do pre-authentica-
- tion. Since the version 4 protocol doesn't support any pre-au-
- thentication, so serving version 4 clients is just about the same
- as not requiring pre-athentication. The default is to require
- pre-authentication. Adding the require-preauth per principal is a
- more flexible way of handling this.
-
- ----mmaaxx--rreeqquueesstt==_s_i_z_e
- Gives an upper limit on the size of the requests that the kdc is
- willing to handle.
-
- --HH, ----eennaabbllee--hhttttpp
- Makes the kdc listen on port 80 and handle requests encapsulated
- in HTTP.
-
- --KK, ----nnoo--kkaasseerrvveerr
- Disables kaserver emulation (in case it's compiled in).
-
- --rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m
- What realm this server should act as when dealing with version 4
- requests. The database can contain any number of realms, but
- since the version 4 protocol doesn't contain a realm for the
- server, it must be explicitly specified. The default is whatever
- is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if
- the KDC has been compiled with version 4 support.
-
- --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
- Specifies the set of ports the KDC should listen on. It is given
- as a white-space separated list of services or port numbers.
-
- ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
- The list of addresses to listen for requests on. By default, the
- kdc will listen on all the locally configured addresses. If only
- a subset is desired, or the automatic detection fails, this op-
- tion might be used.
-
- All activities , are logged to one or more destinations, see
- krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc.
-
-CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
- The configuration file has the same syntax as krb5.conf(5), but will be
- read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op-
- tions specific to the KDC only are found in the ``[kdc]'' section. All
- the command-line options can preferably be added in the configuration
- file. The only difference is the pre-authentication flag, that has to be
- specified as:
-
- require-preauth = no
-
- (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
-
- And there are some configuration options which do not have command-line
- equivalents:
-
- check-ticket-addresses = _b_o_o_l_e_a_n
- Check the addresses in the ticket when processing TGS re-
- quests. The default is FALSE.
-
- allow-null-ticket-addresses = _b_o_o_l_e_a_n
- Permit tickets with no addresses. This option is only rele-
- vant when check-ticket-addresses is TRUE.
-
- allow-anonymous = _b_o_o_l_e_a_n
- Permit anonymous tickets with no addresses.
-
- encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
- Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
- code. The Heimdal clients allow both.
-
- kdc_warn_pwexpire = _t_i_m_e
- How long before password/principal expiration the KDC should
- start sending out warning messages.
-
- An example of a config file:
-
- [kdc]
- require-preauth = no
- v4-realm = FOO.SE
- key-file = /key-file
-
-BBUUGGSS
- If the machine running the KDC has new addresses added to it, the KDC
- will have to be restarted to listen to them. The reason it doesn't just
- listen to wildcarded (like INADDR_ANY) addresses, is that the replies has
- to come from the same address they were sent to, and most OS:es doesn't
- pass this information to the application. If your normal mode of opera-
- tion require that you add and remove addresses, the best option is proba-
- bly to listen to a wildcarded TCP socket, and make sure your clients use
- TCP to connect. For instance, this will listen to IPv4 TCP port 88 only:
-
- kdc --addresses=0.0.0.0 --ports="88/tcp"
-
- There should be a way to specify protocol, port, and address triplets,
- not just addresses and protocol, port tuples.
-
-SSEEEE AALLSSOO
- kinit(1), krb5.conf(5)
-
- HEIMDAL August 22, 2002 2
OpenPOWER on IntegriCloud