From 6bafe1024be31198441a6b0673502a225ef7e6ac Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sat, 22 Jul 2000 15:56:20 +0000 Subject: [PATCH] document some more git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8779 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/kadmind.8 | 56 ++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8 index 33be82906..67d5c9b5b 100644 --- a/kadmin/kadmind.8 +++ b/kadmin/kadmind.8 @@ -1,8 +1,3 @@ -.\" Things to fix: -.\" * correct section, and operating system -.\" * remove Op from mandatory flags -.\" * use better macros for arguments (like .Pa for files) -.\" .Dd June 7, 2000 .Dt KADMIND 8 .Os HEIMDAL @@ -24,26 +19,31 @@ server for administrative access to kerberos database .Xc .Op Fl d | Fl -debug .Oo Fl p Ar port \*(Ba Xo -.Fl -debug-port= Ns Ar port Oc +.Fl -ports= Ns Ar port Oc .Xc .Sh DESCRIPTION .Nm listens for requests for changes to the Kerberos database and performs -these, subject to permissions. By default, it assumes it has been -started by -.Nm inetd , -except when started with -.Fl -debug . -If built with krb4 support, it implements both the heimdal v5 -administrative protocol and the v4 protocol. Password changes via the -v4 protocol are also performed by the -.Nm , -but the changes performed with v5 -.Nm kpasswd -requests are processed by -.Nm kpasswdd . +these, subject to permissions. When starting, if stdin is a socket it assumes that it has been started by +.Xr inetd 8 , +otherwise it behaves as a daemon, forking processes for each new +connection. The +.Fl -debug +option causes +.Nm +to accept exactly one connection, which is useful for debugging. + +If built with krb4 support, it implements both the Heimdal Kerberos 5 +administrative protocol and the Kerberos 4 protocol. Password changes +via the Kerberos 4 protocol are also performed by +.Nm kadmind , +but the +.Xr kpasswdd 8 +daemon is responsible for the Kerberos 5 password changing protocol +(used by +.Xr kpasswd 1 ). .Pp -This daemon should of course also be run on the master and not on any +This daemon should only be run on ther master server, and not on any slaves. .Pp Principals are always allowed to change their own password and list @@ -107,14 +107,24 @@ realm to use enable debugging .It Xo .Fl p Ar port Ns , -.Fl -debug-port= Ns Ar port +.Fl -ports= Ns Ar port .Xc -port to use with debug +ports to listen to. By default, if run as a daemon, it listen to ports +749, and 751 (if built with Kerberos 4 support), but you can add any +number of ports with this option. The port string is a whitespace +separated list of port specifications, with the special string +.Dq + +representing the default set of ports. .El .\".Sh ENVIRONMENT .Sh FILES .Pa /var/heimdal/kadmind.acl -.\".Sh EXAMPLES +.Sh EXAMPLES +This will cause kadmind to listen to port 4711 in addition to any +compiled in defaults: +.Bd -literal -offset indent +# kadmind --ports="+ 4711" & +.Ed .\".Sh DIAGNOSTICS .Sh SEE ALSO .Xr kdc 8 ,