diff options
Diffstat (limited to 'crypto/heimdal/kdc')
-rw-r--r-- | crypto/heimdal/kdc/hprop.cat8 | 98 | ||||
-rw-r--r-- | crypto/heimdal/kdc/hpropd.cat8 | 42 | ||||
-rw-r--r-- | crypto/heimdal/kdc/kdc.cat8 | 126 | ||||
-rw-r--r-- | crypto/heimdal/kdc/kstash.cat8 | 33 | ||||
-rw-r--r-- | crypto/heimdal/kdc/string2key.cat8 | 41 |
5 files changed, 0 insertions, 340 deletions
diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8 deleted file mode 100644 index 0ac37e2..0000000 --- a/crypto/heimdal/kdc/hprop.cat8 +++ /dev/null @@ -1,98 +0,0 @@ -HPROP(8) NetBSD System Manager's Manual HPROP(8) - -NNAAMMEE - hhpprroopp - propagate the KDC database - -SSYYNNOOPPSSIISS - hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] - [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r] [--rr _s_t_r_i_n_g | - ----vv44--rreeaallmm==_s_t_r_i_n_g] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--kk _k_e_y_t_a_b - | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g | ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE | - ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp] - [_h_o_s_t[:_p_o_r_t]] _._._. - -DDEESSCCRRIIPPTTIIOONN - hhpprroopp takes a principal database in a specified format and converts it - into a stream of Heimdal database records. This stream can either be - written to standard out, or (more commonly) be propagated to a hpropd(8) - server running on a different machine. - - If propagating, it connects to all _h_o_s_t_s specified on the command by - opening a TCP connection to port 754 (service hprop) and sends the - database in encrypted form. - - Supported options: - - --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e - Where to find the master key to encrypt or decrypt keys with. - - --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e - The database to be propagated. - - ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r - Specifies the type of the source database. Alternatives include: - - heimdal a Heimdal database - mit-dump a MIT Kerberos 5 dump file - krb4-db a Kerberos 4 database - krb4-dump a Kerberos 4 dump file - kaserver an AFS kaserver database - - --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b - The keytab to use for fetching the key to be used for authenti- - cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used - from this keytab. The default is to fetch the key from the KDC - database. - - --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g - Local realm override. - - --DD, ----ddeeccrryypptt - The encryption keys in the database can either be in clear, or - encrypted with a master key. This option transmits the database - with unencrypted keys. - - --EE, ----eennccrryypptt - This option transmits the database with encrypted keys. - - --nn, ----ssttddoouutt - Dump the database on stdout, in a format that can be fed to - hpropd. - - The following options are only valid if hhpprroopp is compiled with support - for Kerberos 4 (kaserver). - - --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g - v4 realm to use - - --cc _c_e_l_l, ----cceellll==_c_e_l_l - The AFS cell name, used if reading a kaserver database. - - --SS, ----kkaassppeecciiaallss - Also dump the principals marked as special in the kaserver - database. - - --44, ----vv44--ddbb - Deprecated, identical to `--source=krb4-db'. - - --KK, ----kkaa--ddbb - Deprecated, identical to `--source=kaserver'. - -EEXXAAMMPPLLEESS - The following will propagate a database to another machine (which should - run hpropd(8):) - - $ hprop slave-1 slave-2 - - Copy a Kerberos 4 database to a Kerberos 5 slave: - - $ hprop --source=krb4-db -E krb5-slave - - Convert a Kerberos 4 dump-file for use with a Heimdal KDC: - - $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n - -SSEEEE AALLSSOO - hpropd(8) - - HEIMDAL June 19, 2000 2 diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8 deleted file mode 100644 index e72b4da..0000000 --- a/crypto/heimdal/kdc/hpropd.cat8 +++ /dev/null @@ -1,42 +0,0 @@ -HPROPD(8) NetBSD System Manager's Manual HPROPD(8) - -NNAAMMEE - hhpprrooppdd - receive a propagated database - -SSYYNNOOPPSSIISS - hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii | - ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp] - -DDEESSCCRRIIPPTTIIOONN - hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local - database. - - By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket - and expects to receive the dumped database over stdin otherwise. If the - database is sent over the network, it is authenticated and encrypted. - Only connections from kkaaddmmiinn/hhpprroopp are accepted. - - Options supported: - - --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e - database - - --nn, ----ssttddiinn - read from stdin - - ----pprriinntt - print dump to stdout - - --ii, ----nnoo--iinneettdd - Not started from inetd - - --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b - keytab to use for authentication - - --44, ----vv44dduummpp - create v4 type DB - -SSEEEE AALLSSOO - hprop(8) - - HEIMDAL August 27, 1997 1 diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8 deleted file mode 100644 index 4d83d59..0000000 --- a/crypto/heimdal/kdc/kdc.cat8 +++ /dev/null @@ -1,126 +0,0 @@ -KDC(8) NetBSD System Manager's Manual KDC(8) - -NNAAMMEE - kkddcc - Kerberos 5 server - -SSYYNNOOPPSSIISS - kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh] - [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g] - [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g | - ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s] - -DDEESSCCRRIIPPTTIIOONN - kkddcc serves requests for tickets. When it starts, it first checks the - flags passed, any options that are not specified with a command line flag - is taken from a config file, or from a default compiled-in value. - - Options supported: - - --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e - Specifies the location of the config file, the default is - _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be - specified in the config file. - - --pp, ----nnoo--rreeqquuiirree--pprreeaauutthh - Turn off the requirement for pre-autentication in the initial AS- - REQ for all principals. The use of pre-authentication makes it - more difficult to do offline password attacks. You might want to - turn it off if you have clients that doesn't do pre-authentica- - tion. Since the version 4 protocol doesn't support any pre-au- - thentication, so serving version 4 clients is just about the same - as not requiring pre-athentication. The default is to require - pre-authentication. Adding the require-preauth per principal is a - more flexible way of handling this. - - ----mmaaxx--rreeqquueesstt==_s_i_z_e - Gives an upper limit on the size of the requests that the kdc is - willing to handle. - - --HH, ----eennaabbllee--hhttttpp - Makes the kdc listen on port 80 and handle requests encapsulated - in HTTP. - - --KK, ----nnoo--kkaasseerrvveerr - Disables kaserver emulation (in case it's compiled in). - - --rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m - What realm this server should act as when dealing with version 4 - requests. The database can contain any number of realms, but - since the version 4 protocol doesn't contain a realm for the - server, it must be explicitly specified. The default is whatever - is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if - the KDC has been compiled with version 4 support. - - --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g - Specifies the set of ports the KDC should listen on. It is given - as a white-space separated list of services or port numbers. - - ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s - The list of addresses to listen for requests on. By default, the - kdc will listen on all the locally configured addresses. If only - a subset is desired, or the automatic detection fails, this op- - tion might be used. - - All activities , are logged to one or more destinations, see - krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc. - -CCOONNFFIIGGUURRAATTIIOONN FFIILLEE - The configuration file has the same syntax as krb5.conf(5), but will be - read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op- - tions specific to the KDC only are found in the ``[kdc]'' section. All - the command-line options can preferably be added in the configuration - file. The only difference is the pre-authentication flag, that has to be - specified as: - - require-preauth = no - - (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo). - - And there are some configuration options which do not have command-line - equivalents: - - check-ticket-addresses = _b_o_o_l_e_a_n - Check the addresses in the ticket when processing TGS re- - quests. The default is FALSE. - - allow-null-ticket-addresses = _b_o_o_l_e_a_n - Permit tickets with no addresses. This option is only rele- - vant when check-ticket-addresses is TRUE. - - allow-anonymous = _b_o_o_l_e_a_n - Permit anonymous tickets with no addresses. - - encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n - Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE - code. The Heimdal clients allow both. - - kdc_warn_pwexpire = _t_i_m_e - How long before password/principal expiration the KDC should - start sending out warning messages. - - An example of a config file: - - [kdc] - require-preauth = no - v4-realm = FOO.SE - key-file = /key-file - -BBUUGGSS - If the machine running the KDC has new addresses added to it, the KDC - will have to be restarted to listen to them. The reason it doesn't just - listen to wildcarded (like INADDR_ANY) addresses, is that the replies has - to come from the same address they were sent to, and most OS:es doesn't - pass this information to the application. If your normal mode of opera- - tion require that you add and remove addresses, the best option is proba- - bly to listen to a wildcarded TCP socket, and make sure your clients use - TCP to connect. For instance, this will listen to IPv4 TCP port 88 only: - - kdc --addresses=0.0.0.0 --ports="88/tcp" - - There should be a way to specify protocol, port, and address triplets, - not just addresses and protocol, port tuples. - -SSEEEE AALLSSOO - kinit(1), krb5.conf(5) - - HEIMDAL August 22, 2002 2 diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8 deleted file mode 100644 index 266648e..0000000 --- a/crypto/heimdal/kdc/kstash.cat8 +++ /dev/null @@ -1,33 +0,0 @@ -KSTASH(8) NetBSD System Manager's Manual KSTASH(8) - -NNAAMMEE - kkssttaasshh - store the KDC master password in a file - -SSYYNNOOPPSSIISS - kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] - [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn] - -DDEESSCCRRIIPPTTIIOONN - kkssttaasshh reads the Kerberos master key and stores it in a file that will be - used by the KDC. - - Supported options: - - --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g - the encryption type to use, defaults to DES3-CBC-SHA1 - - --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e - the name of the master key file - - ----ccoonnvveerrtt--ffiillee - don't ask for a new master key, just read an old master key file, - and write it back in the new keyfile format - - ----mmaasstteerr--kkeeyy--ffdd==_f_d - filedescriptor to read passphrase from, if not specified the - passphrase will be read from the terminal - -SSEEEE AALLSSOO - kdc(8) - - HEIMDAL September 1, 2000 1 diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8 deleted file mode 100644 index 60a819e..0000000 --- a/crypto/heimdal/kdc/string2key.cat8 +++ /dev/null @@ -1,41 +0,0 @@ -STRING2KEY(8) NetBSD System Manager's Manual STRING2KEY(8) - -NNAAMMEE - ssttrriinngg22kkeeyy - map a password into a key - -SSYYNNOOPPSSIISS - ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l | - ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l | - ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d - -DDEESSCCRRIIPPTTIIOONN - ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you - want to handle the raw key instead of the password. Supported options: - - --55, ----vveerrssiioonn55 - Output Kerberos v5 string-to-key - - --44, ----vveerrssiioonn44 - Output Kerberos v4 string-to-key - - --aa, ----aaffss - Output AFS string-to-key - - --cc _c_e_l_l, ----cceellll==_c_e_l_l - AFS cell to use - - --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d - Password to use - - --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l - Kerberos v5 principal to use - - --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g - Keytype - - ----vveerrssiioonn - print version - - ----hheellpp - - HEIMDAL March 4, 2000 1 |