--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_ANADD 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_anadd \- manipulate aname/lname translation database
+.SH SYNOPSIS
+.B kdb5_anadd
+[
+.B \-a
+] [
+.B \-n
+.I dbname
+] pname lname
+.br
+.B kdb5_anadd \-d
+[
+.B \-n
+.I dbname
+] pname
+.br
+.SH DESCRIPTION
+.I kdb5_anadd
+is a primitive tool for manipulating the authentication name (aname) to
+local name (lname) translation database.
+.PP
+The first use described above is for entering new translations or
+changing existing translations from anames to lnames.
+After execution, the function
+.IR krb5_aname_to_localname (3)
+with its first argument passed as a principal with text representation of
+.I pname
+will fill in
+.I lname
+as the translation.
+.PP
+The second use described above is for deleting translations from the
+database; after execution the principal named by
+.I pname
+will not translate to any local name.
+.PP
+For both uses, the
+.B \-n
+.I dbname
+option specifies the name of the database which holds the translation;
+the default database is DEFAULT_LNAME_FILENAME (usually /krb5/aname).
+.SH SEE ALSO
+krb5(3)
+.SH BUGS
+The mapping is many-to-one, not many-to-many.
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_CREATE 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_create \- create a new Kerberos V5 principal database
+.SH SYNOPSIS
+.B kdb5_create
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+]
+.br
+.SH DESCRIPTION
+.I kdb5_create
+is used to create a Kerberos version 5 principal database.
+The user is prompted for the master password, which will be used to
+generate an encryption key under which all entries are stored (in order
+to provide some security against database theft).
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database should be created;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is to be
+created; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) to be used when placing entries in
+the database; the default is the default encryption type for the master
+keytype.
+.SH SEE ALSO
+krb5(3), krb5kdc(8)
+.SH BUGS
+Doesn't have flexibility about expiration times.
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_DESTROY 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_destroy \- destroy a Kerberos principal database
+.SH SYNOPSIS
+.B kdb5_destroy
+[
+.B \-d
+.I dbname
+]
+.br
+.SH DESCRIPTION
+.I kdb5_destroy
+destroys a Kerberos principal database.
+The user is prompted to confirm deletion of the database.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is
+stored; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.SH SEE ALSO
+kdb5_create(8)
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_EDIT 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_edit \- edit a Kerberos V5 principal database
+.SH SYNOPSIS
+.B kdb5_edit
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+] [
+.B \-m
+]
+.br
+.SH DESCRIPTION
+.I kdb5_edit
+allows an administrator to add, delete, and edit entries in a Kerberos
+version 5 principal database.
+After the master key is verified, the administrator is placed into a
+shell-like command loop, from which he may issue commands to modify the
+database. '?' lists the commands available; 'exit' or 'quit' exits the
+program.
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database should be created;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is to be
+created; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) to be used when placing entries in
+the database; the default is the default encryption type for the master
+keytype.
+.PP
+The
+.B \-m
+option specifies that the master database password should be fetched
+from the keyboard rather than from a file on disk.
+.SH SEE ALSO
+krb5(3), krb5kdc(8), ss(3)
+.SH BUGS
+This man page needs to document the ss commands.
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_STASH 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_stash \- store a principal database master key on disk
+.SH SYNOPSIS
+.B kdb5_stash
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+] [
+.B \-f
+.I keyfile
+]
+.br
+.SH DESCRIPTION
+.I kdb5_stash
+stores a Kerberos principal database master key in a file;
+this key may subsequently be used for unattended re-start of a Kerberos
+V5 KDC.
+create a Kerberos version 5 principal database.
+The user is prompted for the master password, which will be verified
+against the database, and then stored in a file.
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database key should be stored;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is
+stored; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) used for entries in the database; the default is the default
+encryption type for the master keytype.
+.PP
+The
+.B \-f
+option specifies the file in which the master key should be stored; the
+default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name).
+.SH SEE ALSO
+krb5(3), krb5kdc(8), kdb5_create(8)
+.SH BUGS
+Allows an intruder to gain access to the entire database if the security
+of the KDC system is breached.
+
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH SCLIENT 1 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+sclient \- sample Kerberos version 5 client
+.SH SYNOPSIS
+.B sclient
+.I remotehost
+.br
+.SH DESCRIPTION
+.I sclient
+will contact a sample server (\fIsserver\fR(8)) and authenticate to it
+using Kerberos version 5 tickets, then display the server's response.
+.SH SEE ALSO
+kinit(1), sserver(8)
+.SH BUGS
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH SSERVER 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+sserver \- sample Kerberos version 5 server
+.SH SYNOPSIS
+.B sserver
+.I serverprincipal
+.br
+.SH DESCRIPTION
+.I sserver
+is usually executed from the internet daemon (\fIinetd\fR(8)) which
+listens on the \fBsample\fR TCP port when a connection from a sample
+client is established. There is a compile-time option to allow it to
+run without intervention of the internet daemon.
+.PP
+.I serverprincipal
+names the principal for which the tickets presented by
+.I sclient
+are expected to be valid; this name is used to fetch the appropriate
+service key from the server key store.
+.SH SEE ALSO
+sclient(1), services(5), inetd(8)
--- /dev/null
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KRB5KDC 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+krb5kdc \- Kerberos V5 KDC
+.SH SYNOPSIS
+.B krb5kdc
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-R
+.I replycache
+] [
+.B \-m
+]
+.br
+.SH DESCRIPTION
+.I krb5kdc
+is the Kerberos version 5 Authentication Service and Key Distribution
+Center (AS/KDC).
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the server should provide service;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database can be found; by
+default the database is in DEFAULT_DBM_FILE (normally /krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-R
+option specifies the replay cache to be used; the default is KDCRCACHE
+(usually "dfl:krb5kdc_rcache").
+.PP
+The
+.B \-m
+option specifies that the master database password should be fetched
+from the keyboard rather than from a file on disk.
+.SH SEE ALSO
+krb5(3), kdb5_create(8), kdb5_stash(8)
+.SH BUGS
+Doesn't yet do v4 compatibility.
+
+Doesn't yet do inter-realm stuff properly.
+
+It should fork and go into the background when it finishes reading the
+master password from the terminal.