mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 08:52:42 +01:00
118 lines
2.7 KiB
Groff
118 lines
2.7 KiB
Groff
|
.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $
|
||
|
.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $
|
||
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||
|
.\"
|
||
|
.\" For copying and distribution information,
|
||
|
.\" please see the file <Copyright.MIT>.
|
||
|
.\"
|
||
|
.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||
|
.SH NAME
|
||
|
kadmind \- network daemon for Kerberos database administration
|
||
|
.SH SYNOPSIS
|
||
|
.B kadmind
|
||
|
[
|
||
|
.B \-n
|
||
|
] [
|
||
|
.B \-h
|
||
|
] [
|
||
|
.B \-r realm
|
||
|
] [
|
||
|
.B \-f filename
|
||
|
] [
|
||
|
.B \-d dbname
|
||
|
] [
|
||
|
.B \-a acldir
|
||
|
]
|
||
|
.SH DESCRIPTION
|
||
|
.I kadmind
|
||
|
is the network database server for the Kerberos password-changing and
|
||
|
administration tools.
|
||
|
.PP
|
||
|
Upon execution, it prompts the user to enter the master key string for
|
||
|
the database.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-n
|
||
|
option is specified, the master key is instead fetched from the master
|
||
|
key cache file.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-r
|
||
|
.I realm
|
||
|
option is specified, the admin server will pretend that its
|
||
|
local realm is
|
||
|
.I realm
|
||
|
instead of the actual local realm of the host it is running on.
|
||
|
This makes it possible to run a server for a foreign kerberos
|
||
|
realm.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-f
|
||
|
.I filename
|
||
|
option is specified, then that file is used to hold the log information
|
||
|
instead of the default.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-d
|
||
|
.I dbname
|
||
|
option is specified, then that file is used as the database name instead
|
||
|
of the default.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-a
|
||
|
.I acldir
|
||
|
option is specified, then
|
||
|
.I acldir
|
||
|
is used as the directory in which to search for access control lists
|
||
|
instead of the default.
|
||
|
.PP
|
||
|
If the
|
||
|
.B \-h
|
||
|
option is specified,
|
||
|
.I kadmind
|
||
|
prints out a short summary of the permissible control arguments, and
|
||
|
then exits.
|
||
|
.PP
|
||
|
When performing requests on behalf of clients,
|
||
|
.I kadmind
|
||
|
checks access control lists (ACLs) to determine the authorization of the client
|
||
|
to perform the requested action.
|
||
|
Currently three distinct access types are supported:
|
||
|
.TP 1i
|
||
|
Addition
|
||
|
(.add ACL file). If a principal is on this list, it may add new
|
||
|
principals to the database.
|
||
|
.TP
|
||
|
Retrieval
|
||
|
(.get ACL file). If a principal is on this list, it may retrieve
|
||
|
database entries. NOTE: A principal's private key is never returned by
|
||
|
the get functions.
|
||
|
.TP
|
||
|
Modification
|
||
|
(.mod ACL file). If a principal is on this list, it may modify entries
|
||
|
in the database.
|
||
|
.PP
|
||
|
A principal is always granted authorization to change its own password.
|
||
|
.SH FILES
|
||
|
.TP 20n
|
||
|
/kerberos/admin_server.syslog
|
||
|
Default log file.
|
||
|
.TP
|
||
|
/kerberos
|
||
|
Default access control list directory.
|
||
|
.TP
|
||
|
admin_acl.{add,get,mod}
|
||
|
Access control list files (within the directory)
|
||
|
.TP
|
||
|
/kerberos/principal.pag, /kerberos/principal.dir
|
||
|
Default DBM files containing database
|
||
|
.TP
|
||
|
/.k
|
||
|
Master key cache file.
|
||
|
.SH "SEE ALSO"
|
||
|
kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
|
||
|
.SH AUTHORS
|
||
|
Douglas A. Church, MIT Project Athena
|
||
|
.br
|
||
|
John T. Kohl, Project Athena/Digital Equipment Corporation
|