oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Manual page.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2644 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-07-27 05:38:53 +00:00
parent abcf0fabb7
commit 5390bd18b6
2 changed files with 224 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
kdc/kdc.8 Normal file
View File

@@ -0,0 +1,96 @@
.\" $Id$
.\"
.Dd July 27, 1997
.Dt KDC 8
.Os HEIMDAL
.Sh NAME
.Nm kdc
.Nd
Kerberos 5 server
.Sh SYNOPSIS
.Nm
.Op Fl c Ar file
.Op Fl k Ar file
.Op Fl l Ar file
.Op Fl p
.Op Fl r Ar realm
.Op Fl -config-file= Ns Ar file
.Op Fl -key-file= Ns Ar file
.Op Fl -log-file= Ns Ar file
.Op Fl -log-level= Ns Ar number
.Op Fl -no-require-preauth
.Op Fl -v4-realm= Ns Ar realm
.Sh DESCRIPTION
.Nm
serves requests for tickets. When it starts, it first checks the flags
passed, any options that are not specified with a command line flag is
taken from a config file, or from a default compiled-in value.
.Pp
Options supported:
.Bl -tag -width Ds
.It Fl c Ar file
.It Fl -config-file= Ns Ar file
Specifies the location of the config file, the default is
.Pa /var/heimdal/kdc.conf .
This is the only value that can't be specified in the config file.
.It Fl k Ar file
.It Fl -key-file= Ns Ar file
The location of the master-key file. All keys in the database is
encrypted with this master key. The use of a master key is currently
optional, so there is no default.
.Em "Don't specify a master key file if your database is not encrypted."
.It Fl l Ar file
.It Fl -log-file= Ns Ar file
The file where the KDC logs its activities.
.It Fl -log-level= Ns Ar number
What level of information you want logged. The default is 0, and logs
only requests and any errors when parsing them. You can turn off
logging by specifying -1.
.It Fl p
.It Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial
AS-REQ. The use of pre-authentication makes it more difficult to do
offline password attacks. You might want to turn it off if you have
clients that doesn't do pre-authentication. Since the version 4
protocol doesn't support any pre-authentication, so serving version 4
clients is just about the same as not requiring pre-athentication. The
default is to require pre-authentication.
.It Fl r Ar realm
.It Fl -v4-realm= Ns Ar realm
What realm this server should act as when dealing with version 4
requests. The database can contain any number of realms, but since the
version 4 protocol doesn't contain a realm for the server, it must be
explicitly specified. The default is whatever is returned by
.Fn krb_get_lrealm .
This option is only availabe if the program has been compiled with
version 4 support.
.El
.Sh CONFIGURATION FILE
The configuration file has the same syntax as the
.Pa krb5.conf
file (you can actually put the configuration in
.Pa /etc/krb5.conf ,
and then start the KDC with
.Fl -config-file= Ns Ar /etc/krb5.conf ) .
All options should be in a section called
.Dq kdc .
Options are called the same as the long option name, and takes the
same arguments. The only difference is the pre-authentication flag,
that has to be specified as:
.Pp
.Dl require-preauth = no
.Pp
(in fact you can specify the option as
.Fl -require-preauth= Ns Ar no
as well).
.Pp
An example of a config file:
.Bd -literal -offset indent
[kdc]
require-preauth = no
v4-realm = FOO.SE
log-file = /var/log/kdc.log
.Ed
.Sh SEE ALSO
.Xr kinit 1

128
lib/krb5/krb5.conf.5 Normal file
View File

@@ -0,0 +1,128 @@
.\" $Id$
.\"
.Dd July 27, 1997
.Dt KRB5.CONF 5
.Os HEIMDAL
.Sh NAME
.Nm /etc/krb5.conf
.Nd
Configuration file for Kerberos 5
.Sh DESCRIPTION
The
.Nm
file specifies several configuration parameters for the Kerberos 5
library, as well as some programs.
.Pp
The file consists of one or more sections, containing a number of
bindings. The value of each binding can be either a string or a list
of other bindings. The grammar looks like:
.Bd -literal -offset indent
file:
/* empty */
sections
sections:
section sections
section
section:
'[' section_name ']' bindings
section_name:
STRING
bindings:
binding bindings
binding
binding:
name '=' STRING
name '=' '{' bindings '}'
name:
STRING
.Ed
.Li STRINGs
consists of one or more non-white space characters.
Currently recognised sections and bindings are:
.Bl -tag -width "xxxxxx" -offset indent
.It Li libdefaults
.Bl -tag -width "xxxxxx" -offset indent
.It Li default_realm = Va REALM
Default realm to use, this is also known as your
.Dq local realm .
The default is the result of
.Fn krb5_get_host_realm "local host name" .
.It Li clockskew = time
Maximum time differential (in seconds) allowed when comparing
times. Default is 300 seconds (five minutes).
.It Li kdc_timeout = time
Maximum time to wait for a reply from the kdc, default is 3 seconds.
.El
.It Li domain_realm
This is a list of mappings from DNS domain to Kerberos realm. Each
binding in this section looks like:
.Pp
.Dl domain = realm
.Pp
The domain can be either a full name of a host or a trailing
component, in the latter case the domain-string should start with a
perid.
.It Li realms
.Bl -tag -offset indent
.It Va REALM Li = {
.Bl -tag -offset indent
.It Li kdc = Va host[:port]
Specifies a kdc for this realm. If the optional port is absent, the
default value for the
.Dq kerberos/udp
service will be used.
.It Li v4_instance_convert = {
This specifies a list of version 4 instance to version 5 component
conversions that should be made when converting a version 4 principal
to a version 5 ditto. Since version 4 host instances only contains the
first part of the domain name, this section is sometimes
necessary. See also
.Li default_domain .
.It }
.It Li v4_name_convert = {
Similar to
.Li v4_instance_convert ,
but converts the version 4 name, rather than the instance. This is not
used by the MIT libkrb5, but before someone thinks up something better
you will have to have a binding looking like:
.Pp
.Dl rcmd = host
.Pp
here.
.It }
.It Li default_domain = Va domain
The default domain to use when converting version 4 instances to
version 5 principals.
.El
.It Li }
.El
.El
.Sh EXAMPLE
.Bd -literal -offset indent
[lib_defaults]
default_domain = FOO.SE
[domain_realm]
.foo.se = FOO.SE
.bar.se = FOO.SE
[realms]
FOO.SE = {
kdc = kerberos.foo.se
v4_name_convert = {
rcmd = host
}
v4_instance_convert = {
xyz = xyz.bar.se
}
default_domain = foo.se
}
.Ed
.Sh SEE ALSO
.Xr Source tm