--- /dev/null
+.\" kdc/fakeka.M
+.\"
+.\" Copyright 2005 by the Massachusetts Institute of Technology.
+.\"
+.\" Export of this software from the United States of America may
+.\" require a specific license from the United States Government.
+.\" It is the responsibility of any person or organization contemplating
+.\" export to obtain such a license before exporting.
+.\"
+.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+.\" distribute this software and its documentation for any purpose and
+.\" without fee is hereby granted, provided that the above copyright
+.\" notice appear in all copies and that both that copyright notice and
+.\" this permission notice appear in supporting documentation, and that
+.\" the name of M.I.T. not be used in advertising or publicity pertaining
+.\" to distribution of the software without specific, written prior
+.\" permission. Furthermore if you modify this software you must label
+.\" your software as modified software and not distribute it in such a
+.\" fashion that it might be confused with the original M.I.T. software.
+.\" M.I.T. makes no representations about the suitability of
+.\" this software for any purpose. It is provided "as is" without express
+.\" or implied warranty.
+.\" "
+.TH FAKEKA 8
+.SH NAME
+fakeka \- Fake kaserver for AFS clients
+.SH SYNOPSIS
+\fBfakeka\fP [\fB\-dm\fP] [\fB\-c\fP \fIcell\fP] [\fB\-f\fP \fIforwarder\fP]
+[\fB\-l\fP \fBfacility\fP] [\fB\-p\fP \fBport\fP] [\fB\-r\fP \fIrealm\fP]
+.br
+.SH DESCRIPTION
+.I fakeka
+is a fake kaserver that speaks just enough of the AFS RX protocol to make
+klog work. It is used in conjunction with a Kerberos V5 KDC to support
+existing AFS clients, and is usually used with ka-forwarder.
+.I fakeka
+must run on the same host as your Kerberos V5 KDC, since it needs access
+to the KDC database. ka-forwarder should run on each of your AFS database
+servers, pointing to your Kerberos V5 KDCs.
+.I fakeka
+should then be running on each of the KDCs, with the AFS database servers
+listed as arguments to the
+.B -f
+option.
+.PP
+Note that principals you wish to use
+.I fakeka
+with must have either a V4-style key (des:v4) or an AFS-style key
+(des:afs3). V5 enctypes won't work.
+.SH OPTIONS
+.TP
+\fB\-c\fP \fIcell\fP
+The AFS cell for which
+.I fakeka
+will be handling requests. If not given, this defaults to the same as the
+Kerberos V5 realm (see
+.B \-r
+below).
+.TP
+.B \-d
+Enables debugging. When this flag is given,
+.I fakeka
+will run in the foreground and print debugging information to standard
+error. Overrides
+.BR \-m .
+.TP
+\fB\-f\fP \fIforwarder\fP
+Allows forwarded requests from
+.IR forwarder ,
+which is generally an AFS database server running ka-forwarder. This
+option can be given multiple times (up to 10). Each system running
+ka-forwarder should be specified with the
+.B \-f
+flag or forwarded requests from that host will not be answered. (The
+forwarders append their own address to the packet.
+.TP
+\fB\-l\fP \fIfacility\fP
+Log actions via syslog with the given
+.I facility
+rather than the default of LOG_DAEMON.
+.I facility
+must be one of KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON,
+LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, or LOCAL7. This
+option is case-sensitive. Not all of these facilities may be available,
+depending on what pre-defined syslog facilities your system provides.
+.TP
+.B \-m
+Fork and background when starting. You will usually always want to give
+this flag.
+.TP
+\fB\-p\fP \fIport\fP
+Listen on the specified port rather than the default of 7004 (which is
+what klog expects).
+.I port
+may be a number or a service name from
+.IR /etc/services .
+.TP
+\fB\-r\fP \fIrealm\fP
+The Kerberos V5 realm to which the requests are being translated. The
+default is the local default realm.
+.SH EXAMPLES
+Handle requests for a local cell whose name matches the local realm,
+accepting forwarded queries from afs1.example.com and afs2.example.com:
+.IP "" 4
+fakeka -m -f afs1.example.com -f afs2.example.com
+.PP
+If the cell name doesn't match the realm name,
+.B \-c
+would need to be added, specifying the cell name.
+.SH SEE ALSO
+ka-forwarder(8)
--- /dev/null
+.\" krb524/k524init.M
+.\"
+.\" Copyright 2005 by the Massachusetts Institute of Technology.
+.\"
+.\" Export of this software from the United States of America may
+.\" require a specific license from the United States Government.
+.\" It is the responsibility of any person or organization contemplating
+.\" export to obtain such a license before exporting.
+.\"
+.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+.\" distribute this software and its documentation for any purpose and
+.\" without fee is hereby granted, provided that the above copyright
+.\" notice appear in all copies and that both that copyright notice and
+.\" this permission notice appear in supporting documentation, and that
+.\" the name of M.I.T. not be used in advertising or publicity pertaining
+.\" to distribution of the software without specific, written prior
+.\" permission. Furthermore if you modify this software you must label
+.\" your software as modified software and not distribute it in such a
+.\" fashion that it might be confused with the original M.I.T. software.
+.\" M.I.T. makes no representations about the suitability of
+.\" this software for any purpose. It is provided "as is" without express
+.\" or implied warranty.
+.\" "
+.TH KRB524INIT 1
+.SH NAME
+krb524init \- Obtain Kerberos V4 tickets from Kerberos V5 tickets
+.SH SYNOPSIS
+\fBkrb524init\fP [\fB\-n\fP] [\fB\-p\fP \fIprincipal\fP]
+.SH DESCRIPTION
+.I krb524init
+converts a V5 credential to a V4 credential by querying a remote krb524d
+server and stores it in a V4 ticket cache. The credential is
+.I principal
+or "krbtgt" at the V5 ticket cache's default principal's realm if not
+specified.
+.SH OPTIONS
+.TP
+.B \-n
+By default, the V4 ticket cache is initialized. If this option is given,
+the converted credential is instead added to the existing ticket cache.
+.TP
+\fB\-p\fP \fIprincipal\fP
+Convert
+.I principal
+rather than krbtgt.
+.SH SEE ALSO
+kinit(1), krb524d(8)