update to reality
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7940 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
53
kdc/kdc.8
53
kdc/kdc.8
@@ -11,10 +11,16 @@ Kerberos 5 server
|
||||
.Nm
|
||||
.Op Fl c Ar file
|
||||
.Op Fl -config-file= Ns Ar file
|
||||
.Op Fl p
|
||||
.Op Fl -no-require-preauth
|
||||
.Op Fl p | Fl -no-require-preauth
|
||||
.Op Fl -max-request= Ns Ar size
|
||||
.Op Fl H | Fl -enable-http
|
||||
.Op Fl K | Fl -no-kaserver
|
||||
.Op Fl r Ar realm
|
||||
.Op Fl -v4-realm= Ns Ar realm
|
||||
.Oo Fl P Ar string \*(Ba Xo
|
||||
.Fl -ports= Ns Ar string Oc
|
||||
.Xc
|
||||
.Op Fl -addresses= Ns Ar list of addresses
|
||||
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
@@ -31,13 +37,30 @@ Specifies the location of the config file, the default is
|
||||
This is the only value that can't be specified in the config file.
|
||||
.It Fl p
|
||||
.It Fl -no-require-preauth
|
||||
Turn off the requirement for pre-autentication in the initial
|
||||
AS-REQ. The use of pre-authentication makes it more difficult to do
|
||||
offline password attacks. You might want to turn it off if you have
|
||||
clients that doesn't do pre-authentication. Since the version 4
|
||||
protocol doesn't support any pre-authentication, so serving version 4
|
||||
clients is just about the same as not requiring pre-athentication. The
|
||||
default is to require pre-authentication.
|
||||
Turn off the requirement for pre-autentication in the initial AS-REQ
|
||||
for all principals. The use of pre-authentication makes it more
|
||||
difficult to do offline password attacks. You might want to turn it
|
||||
off if you have clients that doesn't do pre-authentication. Since the
|
||||
version 4 protocol doesn't support any pre-authentication, so serving
|
||||
version 4 clients is just about the same as not requiring
|
||||
pre-athentication. The default is to require
|
||||
pre-authentication. Adding the require-preauth per principal is a more
|
||||
flexible way of handling this.
|
||||
.It Xo
|
||||
.Fl -max-request= Ns Ar size
|
||||
.Xc
|
||||
Gives an upper limit on the size of the requests that the kdc is
|
||||
willing to handle.
|
||||
.It Xo
|
||||
.Fl H Ns ,
|
||||
.Fl -enable-http
|
||||
.Xc
|
||||
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
|
||||
.It Xo
|
||||
.Fl K Ns ,
|
||||
.Fl -no-kaserver
|
||||
.Xc
|
||||
Disables kaserver emulation (in case it's compiled in).
|
||||
.It Fl r Ar realm
|
||||
.It Fl -v4-realm= Ns Ar realm
|
||||
What realm this server should act as when dealing with version 4
|
||||
@@ -47,6 +70,18 @@ explicitly specified. The default is whatever is returned by
|
||||
.Fn krb_get_lrealm .
|
||||
This option is only availabe if the KDC has been compiled with version
|
||||
4 support.
|
||||
.It Xo
|
||||
.Fl P Ar string Ns ,
|
||||
.Fl -ports= Ns Ar string
|
||||
.Xc
|
||||
Specifies the set of ports the KDC should listen on. It is given as a
|
||||
white-space separated list of services or port numbers.
|
||||
.It Xo
|
||||
.Fl -addresses= Ns Ar list of addresses
|
||||
.Xc
|
||||
The list of addresses to listen for requests on. By default, the kdc
|
||||
will listen on all the locally configured addresses. If only a subset
|
||||
is desired, or the automatic detection fails, this option might be used.
|
||||
.El
|
||||
.Pp
|
||||
All activities , are logged to one or more destinations, see
|
||||
|
Reference in New Issue
Block a user