oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

update to reality

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@7940 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2000-02-13 21:04:32 +00:00
parent 69bc1d519b
commit 8bd2d69b2f
1 changed files with 44 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
kdc/kdc.8
View File

@@ -11,10 +11,16 @@ Kerberos 5 server
.Nm .Nm
.Op Fl c Ar file .Op Fl c Ar file
.Op Fl -config-file= Ns Ar file .Op Fl -config-file= Ns Ar file
.Op Fl p .Op Fl p | Fl -no-require-preauth
.Op Fl -no-require-preauth .Op Fl -max-request= Ns Ar size
.Op Fl H | Fl -enable-http
.Op Fl K | Fl -no-kaserver
.Op Fl r Ar realm .Op Fl r Ar realm
.Op Fl -v4-realm= Ns Ar realm .Op Fl -v4-realm= Ns Ar realm
.Oo Fl P Ar string \*(Ba Xo
.Fl -ports= Ns Ar string Oc
.Xc
.Op Fl -addresses= Ns Ar list of addresses
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
@@ -31,13 +37,30 @@ Specifies the location of the config file, the default is
This is the only value that can't be specified in the config file. This is the only value that can't be specified in the config file.
.It Fl p .It Fl p
.It Fl -no-require-preauth .It Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial Turn off the requirement for pre-autentication in the initial AS-REQ
AS-REQ. The use of pre-authentication makes it more difficult to do for all principals. The use of pre-authentication makes it more
offline password attacks. You might want to turn it off if you have difficult to do offline password attacks. You might want to turn it
clients that doesn't do pre-authentication. Since the version 4 off if you have clients that doesn't do pre-authentication. Since the
protocol doesn't support any pre-authentication, so serving version 4 version 4 protocol doesn't support any pre-authentication, so serving
clients is just about the same as not requiring pre-athentication. The version 4 clients is just about the same as not requiring
default is to require pre-authentication. pre-athentication. The default is to require
pre-authentication. Adding the require-preauth per principal is a more
flexible way of handling this.
.It Xo
.Fl -max-request= Ns Ar size
.Xc
Gives an upper limit on the size of the requests that the kdc is
willing to handle.
.It Xo
.Fl H Ns ,
.Fl -enable-http
.Xc
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
.It Xo
.Fl K Ns ,
.Fl -no-kaserver
.Xc
Disables kaserver emulation (in case it's compiled in).
.It Fl r Ar realm .It Fl r Ar realm
.It Fl -v4-realm= Ns Ar realm .It Fl -v4-realm= Ns Ar realm
What realm this server should act as when dealing with version 4 What realm this server should act as when dealing with version 4
@@ -47,6 +70,18 @@ explicitly specified. The default is whatever is returned by
.Fn krb_get_lrealm . .Fn krb_get_lrealm .
This option is only availabe if the KDC has been compiled with version This option is only availabe if the KDC has been compiled with version
4 support. 4 support.
.It Xo
.Fl P Ar string Ns ,
.Fl -ports= Ns Ar string
.Xc
Specifies the set of ports the KDC should listen on. It is given as a
white-space separated list of services or port numbers.
.It Xo
.Fl -addresses= Ns Ar list of addresses
.Xc
The list of addresses to listen for requests on. By default, the kdc
will listen on all the locally configured addresses. If only a subset
is desired, or the automatic detection fails, this option might be used.
.El .El
.Pp .Pp
All activities , are logged to one or more destinations, see All activities , are logged to one or more destinations, see