+++ /dev/null
-Retrieving the list of policies
-==================================
-
-You can retrieve the list of policies with the kadmin *list_policies* command, which requires the "list" privilege. The syntax is::
-
- list_policies [expression]
-
-
-where expression is a shell-style glob expression that can contain the characters \*, ?, and []. All policy names matching the expression are displayed.
-
-The *list_policies* command has the aliases **listpols, get_policies**, and **getpols**.
-
-For example::
-
- kadmin: listpols
- test-pol
- dict-only
- once-a-min
- test-pol-nopw
-
- kadmin: listpols t*
- test-pol
- test-pol-nopw
- kadmin:
-
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___db_policies
-
-
+++ /dev/null
-eDir: Destroying a Service Object
-===================================
-
-
-The *destroy_service* command is used to destroy an existing service::
-
- destroy_service [-force] [-f stashfilename] service_dn
-
-
-Options are as follows
-
-=================== ======================
--force If specified, will not prompt for user's confirmation, instead will force destruction of service.
--f *stashfilename* Complete path of the service password file from where the entry corresponding to the service_dn needs to be removed.
-service_dn Distinguished Name (DN) of the Kerberos service to be destroyed.
-=================== ======================
-
-For example::
-
- shell% kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldaps://ldap-server1.mit.edu
- destroy_service cn=service-kdc,dc=example,dc=com
-
- Password for "cn=admin,dc=example,dc=com":
- This will delete the service object 'cn=service-kdc,dc=example,dc=com', are you sure?
- (type 'yes' to confirm)? Yes
- ** service object 'cn=service-kdc,dc=example,dc=com' deleted.
- shell%
-
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
+++ /dev/null
-eDir: Retrieving Service Object Information
-==============================================================
-
-To display the attributes of a service, use the folowing command::
-
- view_service service_dn
-
-where *service_dn* specifies the Distinguished Name (DN) of the Kerberos service to be viewed.
-
-For example::
-
- shell% kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldaps://ldap-server1.mit.edu
- view_service cn=service-kdc,dc=example,dc=com
-
-
- Password for "cn=admin,dc=example,dc=com":
- Service dn: cn=service-kdc,dc=example,dc=com
- Service type: kdc
- Service host list:
- Realm DN list: cn=ATHENA.MIT.EDU,cn=Kerberos,dc=example,dc=com
- shell%
-
-
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
+++ /dev/null
-.. _edir_mod_realm:
-
-
-eDir: Modifying a Kerberos realm
-=================================
-
-See :ref:`ldap_mod_realm`
-
-The following are the eDirectory specific options
-
-
-========================================= ================================================
--kdcdn *kdc_service_list* Specifies the list of KDC service objects serving the realm. The list contains the DNs of the KDC service objects separated by a colon (:). This list replaces the existing list.
--clearkdcdn *kdc_service_list* Specifies the list of KDC service objects that need to be removed from the existing list. The list contains the DNs of the KDC service objects separated by a colon (:).
--addkdcdn *kdc_service_list* Specifies the list of KDC service objects that need to be added to the existing list. The list contains the DNs of the KDC service objects separated by a colon (:).
--admindn *admin_service_list* Specifies the list of Administration service objects serving the realm. The list contains the DNs of the Administration service objects separated by a colon (:). This list replaces the existing list.
--clearadmindn *admin_service_list* Specifies the list of Administration service objects that need to be removed from the existing list. The list contains the DNs of the Administration service objects separated by a colon (:).
--addadmindn *admin_service_list* Specifies the list of Administration service objects that need to be added to the existing list. The list contains the DNs of the Administration service objects separated by a colon (:).
-========================================= ================================================
-
-
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
+++ /dev/null
-eDir: Modifying a Service Object
-=================================
-
-To modify the attributes of a service and assign appropriate rights, if realm associations are changed, use the following command::
-
- modify_service [-servicehost service_host_list |[-clearservicehost service_host_list] [-addservicehost service_host_list]] [-realm realm_list | [-clearrealm realm_list] [-addrealm realm_list]] service_dn
-
-
-
-Options are as follows
-
-
-========================================= ==================================================
--servicehost *service_host_list* List of entries separated by a colon (:) where each entry consists of host name or IP address of the server hosting the service, transport protocol, and port number of the service separated by a pound sign (#). This list replaces the existing list. For example, *server1#tcp#88:server2#udp#89*
--clearservicehost *service_host_list* Specifies the list of servicehost entries to be removed from the existing list. This is a colon separated list.
--addservicehost *service_host_list* Specifies the list of servicehost entries to be added to the existing list. This is a colon separated list.
--realm *realm_list* Specifies the list of realms that are to be associated with this service. The list contains the name of the realms separated by a colon (:). This list replaces the existing list.
--clearrealm *realm_list* Specifies the list of realms to be removed from the existing list. The list contains the name of the realms separated by a colon (:).
--addrealm *realm_list* Specifies the list of realms to be added to the existing list. The list contains the name of the realms separated by a colon (:).
-service_dn Specifies the Distinguished Name (DN) of the Kerberos service to be modified.
-========================================= ==================================================
-
-For example::
-
- shell% kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldaps://ldap-server1.mit.edu
- modify_service -realm ATHENA.MIT.EDU cn=service-kdc,dc=example,dc=com
-
-
- Password for "cn=admin,dc=example,dc=com":
- Changing rights for the service object. Please wait ... done
- shell%
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
+++ /dev/null
-eDir: Listing Available Service Objects
-===========================================
-
-The *list_service* command lists the name of services under a given base in directory::
-
- list_service [-basedn base_dn]
-
-where *-basedn base_dn* option specifies the base DN for searching the policies, limiting the search to a particular subtree. If this option is not provided, LDAP Server specific search base will be used. For e.g., in the case of OpenLDAP, value of *defaultsearchbase* from *slapd.conf* file will be used, where as in the case of eDirectory, the default value for the base DN is *root*.
-
-For example::
-
- shell% kdb5_ldap_util -D cn=admin,dc=example,dc=com -H ldaps://ldap-server1.mit.edu list_service
-
-
- Password for "cn=admin,dc=example,dc=com":
- cn=service-kdc,dc=example,dc=com
- cn=service-adm,dc=example,dc=com
- cn=service-pwd,dc=example,dc=com
- shell%
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
+++ /dev/null
-eDir: Passwords for Service Objects
-============================================
-
-The command *setsrvpw* allows an administrator to set password for service objects such as KDC and Administration server in eDirectory and store them in a file. The syntax is::
-
- setsrvpw [-randpw|-fileonly][-f filename] service_dn
-
-Options are as follows:
-
-================= =================================================================
--randpw Generates and sets a random password on the directory object and stores it in the file. The -fileonly option can not be used if -randpw option is already specified.
--fileonly Stores the password only in a file and not in eDirectory. The -randpw option can not be used when -fileonly option is specified.
--f *filename* Specifies the complete path of the file where the service object password is stashed. If this option is not specified, the default file will be /usr/local/var/service_passwd.
-service_dn Specifies the Distinguished Name (DN) of the service object whose password is to be set.
-================= =================================================================
-
-For example::
-
- shell% kdb5_ldap_util setsrvpw -D cn=admin,dc=example,dc=com -H ldaps://ldap-server1.mit.edu
- setsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,dc=example,dc=com
-
-
- Password for "cn=admin,dc=example,dc=com":
- Password for "cn=service-kdc,dc=example,dc=com":
- Re-enter password for "cn=service-kdc,dc=example,dc=com":
- shell%
-
-
-------------
-
-Feedback:
-
-Please, provide your feedback at krb5-bugs@mit.edu?subject=Documentation___edir
-
-
projects / krb5.git / commitdiff