mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-01 00:18:15 +01:00
118 lines
2.7 KiB
Groff
118 lines
2.7 KiB
Groff
.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $
|
|
.\" $Id$
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kadmind \- network daemon for Kerberos database administration
|
|
.SH SYNOPSIS
|
|
.B kadmind
|
|
[
|
|
.B \-n
|
|
] [
|
|
.B \-h
|
|
] [
|
|
.B \-r realm
|
|
] [
|
|
.B \-f filename
|
|
] [
|
|
.B \-d dbname
|
|
] [
|
|
.B \-a acldir
|
|
]
|
|
.SH DESCRIPTION
|
|
.I kadmind
|
|
is the network database server for the Kerberos password-changing and
|
|
administration tools.
|
|
.PP
|
|
Upon execution, it prompts the user to enter the master key string for
|
|
the database.
|
|
.PP
|
|
If the
|
|
.B \-n
|
|
option is specified, the master key is instead fetched from the master
|
|
key cache file.
|
|
.PP
|
|
If the
|
|
.B \-r
|
|
.I realm
|
|
option is specified, the admin server will pretend that its
|
|
local realm is
|
|
.I realm
|
|
instead of the actual local realm of the host it is running on.
|
|
This makes it possible to run a server for a foreign kerberos
|
|
realm.
|
|
.PP
|
|
If the
|
|
.B \-f
|
|
.I filename
|
|
option is specified, then that file is used to hold the log information
|
|
instead of the default.
|
|
.PP
|
|
If the
|
|
.B \-d
|
|
.I dbname
|
|
option is specified, then that file is used as the database name instead
|
|
of the default.
|
|
.PP
|
|
If the
|
|
.B \-a
|
|
.I acldir
|
|
option is specified, then
|
|
.I acldir
|
|
is used as the directory in which to search for access control lists
|
|
instead of the default.
|
|
.PP
|
|
If the
|
|
.B \-h
|
|
option is specified,
|
|
.I kadmind
|
|
prints out a short summary of the permissible control arguments, and
|
|
then exits.
|
|
.PP
|
|
When performing requests on behalf of clients,
|
|
.I kadmind
|
|
checks access control lists (ACLs) to determine the authorization of the client
|
|
to perform the requested action.
|
|
Currently three distinct access types are supported:
|
|
.TP 1i
|
|
Addition
|
|
(.add ACL file). If a principal is on this list, it may add new
|
|
principals to the database.
|
|
.TP
|
|
Retrieval
|
|
(.get ACL file). If a principal is on this list, it may retrieve
|
|
database entries. NOTE: A principal's private key is never returned by
|
|
the get functions.
|
|
.TP
|
|
Modification
|
|
(.mod ACL file). If a principal is on this list, it may modify entries
|
|
in the database.
|
|
.PP
|
|
A principal is always granted authorization to change its own password.
|
|
.SH FILES
|
|
.TP 20n
|
|
/var/log/kadmind.syslog
|
|
Default log file.
|
|
.TP
|
|
/etc/kerberosIV/admin_acl.{add,get,mod}
|
|
Access control list files
|
|
.TP
|
|
/etc/kerberosIV/principal.db
|
|
DBM file containing database
|
|
.TP
|
|
/etc/kerberosIV/principal.ok
|
|
Semaphore indicating that the DBM database is not being modified.
|
|
.TP
|
|
/etc/kerberosIV/master_key
|
|
Master key cache file.
|
|
.SH "SEE ALSO"
|
|
kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
|
|
.SH AUTHORS
|
|
Douglas A. Church, MIT Project Athena
|
|
.br
|
|
John T. Kohl, Project Athena/Digital Equipment Corporation
|