add blurb about adding and removing addresses; update kdc.conf section

to match reality


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11196 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2002-08-22 09:55:00 +00:00
parent 98590bf680
commit f781cef162

View File

@@ -1,6 +1,6 @@
.\" $Id$
.\"
.Dd July 27, 1997
.Dd August 22, 2002
.Dt KDC 8
.Os HEIMDAL
.Sh NAME
@@ -96,14 +96,14 @@ and
The entity used for logging is
.Nm kdc .
.Sh CONFIGURATION FILE
The configuration file has the same syntax as the
.Pa krb5.conf
file (you can actually put the configuration in
The configuration file has the same syntax as
.Xr krb5.conf 5 ,
but will be read before
.Pa /etc/krb5.conf ,
and then start the KDC with
.Fl -config-file= Ns Ar /etc/krb5.conf ) .
All options should be in a section called
.Dq kdc .
so it may override settings found there. Options specific to the KDC
only are found in the
.Dq [kdc]
section.
All the command-line options can preferably be added in the
configuration file. The only difference is the pre-authentication flag,
that has to be specified as:
@@ -139,5 +139,22 @@ An example of a config file:
v4-realm = FOO.SE
key-file = /key-file
.Ed
.Sh BUGS
If the machine running the KDC has new addresses added to it, the KDC
will have to be restarted to listen to them. The reason it doesn't
just listen to wildcarded (like INADDR_ANY) addresses, is that the
replies has to come from the same address they were sent to, and most
OS:es doesn't pass this information to the application. If your normal
mode of operation require that you add and remove addresses, the best
option is probably to listen to a wildcarded TCP socket, and make sure
your clients use TCP to connect. For instance, this will listen to
IPv4 TCP port 88 only:
.Bd -literal -offset indent
kdc --addresses=0.0.0.0 --ports="88/tcp"
.Ed
.Pp
There should be a way to specify protocol, port, and address triplets,
not just addresses and protocol, port tuples.
.Sh SEE ALSO
.Xr kinit 1
.Xr kinit 1 ,
.Xr krb5.conf 5