From: Zhanna Tsitkov Date: Fri, 29 Jul 2011 22:21:55 +0000 (+0000) Subject: Added kpasswd, klist and kdestroy to Sphinx docs. Updated Sphinx configuration to... X-Git-Tag: krb5-1.10-alpha1~312 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=085f5af6e3f5e4ebc566e380293ea8838c5176f3;p=krb5.git Added kpasswd, klist and kdestroy to Sphinx docs. Updated Sphinx configuration to build man pages for them git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25063 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/rst_source/conf.py b/doc/rst_source/conf.py index f958907bb..a3d4e6753 100644 --- a/doc/rst_source/conf.py +++ b/doc/rst_source/conf.py @@ -215,5 +215,8 @@ latex_documents = [ # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). man_pages = [ - ('krb_users/user_commands/kinit', 'kinit', u'obtain and cache Kerberos ticket-granting ticket', [u'MIT'], 1) + ('krb_users/user_commands/kinit', 'kinit', u'obtain and cache Kerberos ticket-granting ticket', [u'MIT'], 1), + ('krb_users/user_commands/klist', 'klist', u'list cached Kerberos tickets', [u'MIT'], 1), + ('krb_users/user_commands/kdestroy', 'kdestroy', u'destroy Kerberos tickets', [u'MIT'], 1), + ('krb_users/user_commands/kpasswd', 'kpasswd', u'change a user\'s Kerberos password', [u'MIT'], 1), ] diff --git a/doc/rst_source/krb_users/user_commands/kdestroy.rst b/doc/rst_source/krb_users/user_commands/kdestroy.rst new file mode 100644 index 000000000..78a3014a9 --- /dev/null +++ b/doc/rst_source/krb_users/user_commands/kdestroy.rst @@ -0,0 +1,69 @@ +kdestroy - destroy Kerberos tickets +======================================= + +SYNOPSIS +~~~~~~~~~~~~~ + +*kdestroy* + [**-q**] + [**-c** *cache_name*] + + +DESCRIPTION +~~~~~~~~~~~~~ + +The *kdestroy* utility destroys the user's active Kerberos +authorization tickets by writing zeros to the specified +credentials cache that contains them. If the credentials +cache is not specified, the default credentials cache is destroyed. + + +OPTIONS +~~~~~~~~~~~~~ + + **-q** + Run quietly. Normally *kdestroy* beeps if it fails to destroy the user's tickets. The *-q* flag suppresses this behavior. + + **-c** *cache_name* + Use *cache_name* as the credentials (ticket) cache name and location; + if this option is not used, the default cache name and location are used. + + The default credentials cache may vary between systems. + If the **KRB5CCNAME** environment variable is set, its + value is used to name the default ticket cache. + + +NOTE +~~~~~ + +Most installations recommend that you place the *kdestroy* command in your *.logout* file, +so that your tickets are destroyed automatically when you log out. + + +ENVIRONMENT +~~~~~~~~~~~~~ + +*kdestroy* uses the following environment variables: + + **KRB5CCNAME** - Location of the Kerberos 5 credentials (ticket) cache. + + +FILES +~~~~~~~~~~~~~ + +/tmp/krb5cc_[uid] - Default location of Kerberos 5 credentials cache ([*uid*] is the decimal UID of the user). + + +SEE ALSO +~~~~~~~~~ + +kinit(1), klist(1), krb5(3) + + +BUGS +~~~~~ + +Only the tickets in the specified credentials cache are destroyed. +Separate ticket caches are used to hold root instance and password changing tickets. +These should probably be destroyed too, or all of a user's tickets kept in a single credentials cache. + diff --git a/doc/rst_source/krb_users/user_commands/klist.rst b/doc/rst_source/krb_users/user_commands/klist.rst new file mode 100644 index 000000000..4986a6252 --- /dev/null +++ b/doc/rst_source/krb_users/user_commands/klist.rst @@ -0,0 +1,94 @@ +klist - list cached Kerberos tickets +====================================== + + +SYNOPSIS +~~~~~~~~ + +*klist* + [**-e**] + [[**-c**] [**-f**] [**-s**] [**-a** [**-n**]]] + [**-k** [**-t**] [**-K**]] + [*cache_name* | *keytab_name*] + + +DESCRIPTION +~~~~~~~~~~~~ + +*klist* lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a *keytab* file. + + +OPTIONS +~~~~~~~~ + + **-e** + Displays the encryption types of the session key and the ticket for each credential in the credential cache, + or each key in the keytab file. + + **-c** + List tickets held in a credentials cache. This is the default if neither *-c* nor *-k* is specified. + + **-f** + Shows the flags present in the credentials, using the following abbreviations:: + + F Forwardable + f forwarded + P Proxiable + p proxy + D postDateable + d postdated + R Renewable + I Initial + i invalid + H Hardware authenticated + A preAuthenticated + T Transit policy checked + O Okay as delegate + a anonymous + + **-s** + Causes *klist* to run silently (produce no output), but to still set the exit status according to whether it + finds the credentials cache. The exit status is '0' if *klist* finds a credentials cache, and '1' if it does not + or if the tickets are expired. + + **-a** + Display list of addresses in credentials. + + **-n** + Show numeric addresses instead of reverse-resolving addresses. + + **-k** + List keys held in a keytab file. + + **-t** + Display the time entry timestamps for each keytab entry in the keytab file. + + **-K** + Display the value of the encryption key in each *keytab* entry in the *keytab* file. + + If **cache_name** or **keytab_name** is not specified, *klist* will display the credentials in the default credentials cache or + *keytab* file as appropriate. If the *KRB5CCNAME* environment variable is set, its value is used to name the default ticket cache. + + +ENVIRONMENT +~~~~~~~~~~~~~ + +*klist* uses the following environment variables: + + **KRB5CCNAME** - Location of the Kerberos 5 credentials (ticket) cache. + + +FILES +~~~~~~~~~ + +/tmp/krb5cc_[uid] - Default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). + +/etc/krb5.keytab - Default location for the local host's keytab file. + + +SEE ALSO +~~~~~~~~~ + +kinit(1), kdestroy(1), krb5(3) + + diff --git a/doc/rst_source/krb_users/user_commands/kpasswd.rst b/doc/rst_source/krb_users/user_commands/kpasswd.rst new file mode 100644 index 000000000..0db43ffe2 --- /dev/null +++ b/doc/rst_source/krb_users/user_commands/kpasswd.rst @@ -0,0 +1,55 @@ +kpasswd - change a user's Kerberos password +=============================================== + + +SYNOPSIS +~~~~~~~~~~~~~ + +*kpasswd* [ *principal* ] + + +DESCRIPTION +~~~~~~~~~~~~~ + +The *kpasswd* command is used to change a Kerberos principal's password. +*kpasswd* prompts for the current Kerberos password, which is used to obtain a +*changepw* ticket from the KDC for the user's Kerberos realm. +If *kpasswd* successfully obtains the *changepw* ticket, the user is prompted twice for +the new password, and the password is changed. + +If the principal is governed by a policy that specifies the length and/or number of +character classes required in the new password, the new password must conform to the policy. +(The five character classes are lower case, upper case, numbers, punctuation, and all other characters.) + + +OPTIONS +~~~~~~~~~~~~~ + +*principal* + Change the password for the Kerberos principal principal. + Otherwise, *kpasswd* uses the principal name from an existing ccache if there is one; + if not, the principal is derived from the identity of the user invoking the *kpasswd* command. + + +PORTS +~~~~~~~~~~~~~ + +*kpasswd* looks first for:: + + kpasswd_server = host:port + +in the [*realms*] section of the *krb5.conf* file under the current realm. +If that is missing, *kpasswd* looks for the *admin_server* entry, but substitutes 464 for the port. + + +SEE ALSO +~~~~~~~~~~~~~ + +kadmin(8), kadmind(8) + + +BUGS +~~~~~ + +*kpasswd* may not work with multi-homed hosts running on the Solaris platform. +