summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV/man/kerberos.8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/man/kerberos.8')
-rw-r--r--crypto/kerberosIV/man/kerberos.8189
1 files changed, 0 insertions, 189 deletions
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8
deleted file mode 100644
index 0ad1a4a..0000000
--- a/crypto/kerberosIV/man/kerberos.8
+++ /dev/null
@@ -1,189 +0,0 @@
-.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $
-.\"
-.Dd September 26, 1997
-.Dt KERBEROS 8
-.Os KTH-KRB
-.Sh NAME
-.Nm kerberos
-.Nd the kerberos daemon
-.Sh SYNPOSIS
-.Nm
-.Op Fl mns
-.Op Fl a Ar max age
-.Op Fl i Ar address
-.Op Fl l Ar log
-.Op Fl p Ar pause
-.Op Fl P Ar portspec
-.Op Fl r Ar realm
-.Op Ar database
-.Sh DESCRIPTION
-This is the
-.Nm
-daemon.
-.Pp
-Options:
-.Bl -tag -width -ident
-.It Fl a
-Set the
-.Ar max age
-before the database is considered stale.
-.It Fl i
-Only listen on
-.Ar address .
-Normally, the kerberos server listens on all addresses of all
-interfaces.
-.It Fl l
-Write the log to
-.Ar log
-.It Fl m
-Run manually and prompt for master key.
-.It Fl n
-Do not check max age.
-.It Fl p
-Pause for
-.Ar pause
-before dying.
-.It Fl P
-Listen to the ports specified by
-.Ar portspec .
-This should be a white-space separated list of port specificatios. A
-port specification follows the format:
-.Ar port Ns Op / Ns Ar protocol .
-The
-.Ar port
-can be either a symbolic port name (from
-.Pa /etc/services ) ,
-or a number;
-.Ar protocol can be either
-.Li udp ,
-or
-.Li tcp .
-If left out, the KDC will listen to both UDP and TCP sockets on the
-specified port.
-.br
-The special string
-.Li +
-mean that the default set of ports (TCP and UDP on ports 88 and 750)
-should be included.
-.It Fl r
-Run as a server for realm
-.Ar realm
-.It Fl s
-Set slave parameters. This will enable check to see if data is
-getting too stale relative to the master.
-.El
-.Pp
-If no
-.Ar database
-is given a default datbase will be used, normally
-.Pa /var/kerberos/principal .
-.Sh DIAGNOSTICS
-The server logs several messages in a log file
-.Pf ( Pa /var/run/kerberos.log
-by default). The logging mechanism opens and closes the log file for
-each message, so you can safely rename the log file when the server is
-running.
-.Ss Operational messages
-These are normal messages that you will see in the log. They might be
-followed by some error message.
-.Bl -tag -width xxxxx
-.It Li Getting key for Ar REALM
-The server fetched the key for
-.Sq krbtgt.REALM
-for the specific
-realm. You will see this at startup, and for every attempt to use
-cross realm authentication.
-.It Xo Li Starting Kerberos for
-.Ar REALM
-.Li (kvno Ar kvno )
-.Xc
-You will see this also if you start with
-.Fl m .
-.It Xo Li AS REQ
-.Ar name.instance@REALM
-.Li for
-.Ar sname.sinstance
-.Li from
-.Ar ip-number
-.Xc
-An initial (password authenticated) request was received.
-.It Xo Li APPL REQ
-.Ar name.instance@REALM
-.Li for
-.Ar sname.sinstance
-.Li from Ar ip-number
-.Xc
-A tgt-based request for a ticket was made.
-.El
-.Ss Error messages
-These messages reflects misconfigured clients, invalid requests, or
-possibly attepted attacks.
-.Bl -tag -width xxxxx
-.It Li UNKNOWN Ar name.instance
-The server received a request with an unknown principal. This is most
-likely because someone typed the wrong name at a login prompt. It
-could also be someone trying to get a list of possible users.
-.It Xo Li Unknown realm Ar REALM
-.Li from Ar ip-number
-.Xc
-There isn't a principal for
-.Sq krbtgt.REALM
-in the database.
-.It Xo Li Can't hop realms: Ar REALM1
-.Li -> Ar REALM2
-.Xc
-There was a request for a ticket for another realm. This might be
-because of a misconfigured client.
-.It Li Principal not unique Ar name.instance
-There is more than one entry for this principal in the database. This
-is not very good.
-.It Li Null key Ar name.instance
-Someone tried to use a principal that for some reason doesn't have a
-key.
-.It Xo Li Incorrect master key version for
-.Ar name.instance
-.Li : Ar number
-.Li (should be Ar number )
-.Xc
-The principal has it's key encrypted with the wrong master key.
-.It Xo Li Principal Ar name.instance
-.Li expired at Ar date
-.Xc
-The principal's key has expired.
-.It Li krb_rd_req from Ar ip-number : error-message
-The message couldn't be decoded properly. The error message will give
-you further hints. You will see this if someone is trying to use
-expired tickets.
-.It Xo Li Unknown message type: Ar number
-.Li from Ar ip-number
-.Xc
-The message received was not one that is understood by this server.
-.It Li Can't authorize password changed based on TGT
-Someone tried to get a
-.Sq changepw.kerberos
-via a tgt exchange. This is
-because of a broken client, or possibly an attack.
-.It Li KRB protocol version mismatch ( Ar number )
-The server received a request with an unknown version number.
-.El
-.Ss Fatal error messages
-The following messages indicate problems when starting the server.
-.Bl -tag -width xxxxx
-.It Li Database unavailable!
-There was some problem reading the database.
-.It Li Database currently being updated!
-Someone is currently updating the database (possibly via krop).
-.It Li Database out of date!
-The database is older than the maximum age specified.
-.It Li Couldn't get master key.
-The master key file wasn't found or the file is damaged.
-.It Li Can't verify master key.
-The key in the keyfile doesn't match the current databse.
-.It Li Ticket granting ticket service unknown
-The database doesn't contain a
-.Sq krbtgt.REALM
-for the local realm.
-.El
-.Sh SEE ALSO
-.Xr kprop 8 ,
-.Xr kpropd 8
OpenPOWER on IntegriCloud