diff options
Diffstat (limited to 'crypto/kerberosIV/man/kerberos.8')
-rw-r--r-- | crypto/kerberosIV/man/kerberos.8 | 189 |
1 files changed, 0 insertions, 189 deletions
diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 deleted file mode 100644 index 0ad1a4a..0000000 --- a/crypto/kerberosIV/man/kerberos.8 +++ /dev/null @@ -1,189 +0,0 @@ -.\" $Id: kerberos.8,v 1.4 1997/09/26 17:55:23 joda Exp $ -.\" -.Dd September 26, 1997 -.Dt KERBEROS 8 -.Os KTH-KRB -.Sh NAME -.Nm kerberos -.Nd the kerberos daemon -.Sh SYNPOSIS -.Nm -.Op Fl mns -.Op Fl a Ar max age -.Op Fl i Ar address -.Op Fl l Ar log -.Op Fl p Ar pause -.Op Fl P Ar portspec -.Op Fl r Ar realm -.Op Ar database -.Sh DESCRIPTION -This is the -.Nm -daemon. -.Pp -Options: -.Bl -tag -width -ident -.It Fl a -Set the -.Ar max age -before the database is considered stale. -.It Fl i -Only listen on -.Ar address . -Normally, the kerberos server listens on all addresses of all -interfaces. -.It Fl l -Write the log to -.Ar log -.It Fl m -Run manually and prompt for master key. -.It Fl n -Do not check max age. -.It Fl p -Pause for -.Ar pause -before dying. -.It Fl P -Listen to the ports specified by -.Ar portspec . -This should be a white-space separated list of port specificatios. A -port specification follows the format: -.Ar port Ns Op / Ns Ar protocol . -The -.Ar port -can be either a symbolic port name (from -.Pa /etc/services ) , -or a number; -.Ar protocol can be either -.Li udp , -or -.Li tcp . -If left out, the KDC will listen to both UDP and TCP sockets on the -specified port. -.br -The special string -.Li + -mean that the default set of ports (TCP and UDP on ports 88 and 750) -should be included. -.It Fl r -Run as a server for realm -.Ar realm -.It Fl s -Set slave parameters. This will enable check to see if data is -getting too stale relative to the master. -.El -.Pp -If no -.Ar database -is given a default datbase will be used, normally -.Pa /var/kerberos/principal . -.Sh DIAGNOSTICS -The server logs several messages in a log file -.Pf ( Pa /var/run/kerberos.log -by default). The logging mechanism opens and closes the log file for -each message, so you can safely rename the log file when the server is -running. -.Ss Operational messages -These are normal messages that you will see in the log. They might be -followed by some error message. -.Bl -tag -width xxxxx -.It Li Getting key for Ar REALM -The server fetched the key for -.Sq krbtgt.REALM -for the specific -realm. You will see this at startup, and for every attempt to use -cross realm authentication. -.It Xo Li Starting Kerberos for -.Ar REALM -.Li (kvno Ar kvno ) -.Xc -You will see this also if you start with -.Fl m . -.It Xo Li AS REQ -.Ar name.instance@REALM -.Li for -.Ar sname.sinstance -.Li from -.Ar ip-number -.Xc -An initial (password authenticated) request was received. -.It Xo Li APPL REQ -.Ar name.instance@REALM -.Li for -.Ar sname.sinstance -.Li from Ar ip-number -.Xc -A tgt-based request for a ticket was made. -.El -.Ss Error messages -These messages reflects misconfigured clients, invalid requests, or -possibly attepted attacks. -.Bl -tag -width xxxxx -.It Li UNKNOWN Ar name.instance -The server received a request with an unknown principal. This is most -likely because someone typed the wrong name at a login prompt. It -could also be someone trying to get a list of possible users. -.It Xo Li Unknown realm Ar REALM -.Li from Ar ip-number -.Xc -There isn't a principal for -.Sq krbtgt.REALM -in the database. -.It Xo Li Can't hop realms: Ar REALM1 -.Li -> Ar REALM2 -.Xc -There was a request for a ticket for another realm. This might be -because of a misconfigured client. -.It Li Principal not unique Ar name.instance -There is more than one entry for this principal in the database. This -is not very good. -.It Li Null key Ar name.instance -Someone tried to use a principal that for some reason doesn't have a -key. -.It Xo Li Incorrect master key version for -.Ar name.instance -.Li : Ar number -.Li (should be Ar number ) -.Xc -The principal has it's key encrypted with the wrong master key. -.It Xo Li Principal Ar name.instance -.Li expired at Ar date -.Xc -The principal's key has expired. -.It Li krb_rd_req from Ar ip-number : error-message -The message couldn't be decoded properly. The error message will give -you further hints. You will see this if someone is trying to use -expired tickets. -.It Xo Li Unknown message type: Ar number -.Li from Ar ip-number -.Xc -The message received was not one that is understood by this server. -.It Li Can't authorize password changed based on TGT -Someone tried to get a -.Sq changepw.kerberos -via a tgt exchange. This is -because of a broken client, or possibly an attack. -.It Li KRB protocol version mismatch ( Ar number ) -The server received a request with an unknown version number. -.El -.Ss Fatal error messages -The following messages indicate problems when starting the server. -.Bl -tag -width xxxxx -.It Li Database unavailable! -There was some problem reading the database. -.It Li Database currently being updated! -Someone is currently updating the database (possibly via krop). -.It Li Database out of date! -The database is older than the maximum age specified. -.It Li Couldn't get master key. -The master key file wasn't found or the file is damaged. -.It Li Can't verify master key. -The key in the keyfile doesn't match the current databse. -.It Li Ticket granting ticket service unknown -The database doesn't contain a -.Sq krbtgt.REALM -for the local realm. -.El -.Sh SEE ALSO -.Xr kprop 8 , -.Xr kpropd 8 |