From 21cd15eee1cef41f5b1cdbb2bb61a3bc7622de98 Mon Sep 17 00:00:00 2001 From: Jeff Bigler Date: Fri, 30 Aug 1996 18:46:35 +0000 Subject: [PATCH] Removed Cygnus-specific info git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9015 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/rcp.M | 46 ++------- src/appl/bsd/rlogin.M | 84 ++-------------- src/appl/bsd/rsh.M | 105 +++----------------- src/appl/telnet/telnet/telnet.1 | 84 ++-------------- src/clients/kinit/kinit.M | 171 ++++++++++++++++++-------------- 5 files changed, 140 insertions(+), 350 deletions(-) diff --git a/src/appl/bsd/rcp.M b/src/appl/bsd/rcp.M index ea6812070..9e5040b4b 100644 --- a/src/appl/bsd/rcp.M +++ b/src/appl/bsd/rcp.M @@ -23,13 +23,13 @@ rcp \- remote file copy .SH SYNOPSIS .B rcp -[\fB\-p\fP] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-k\fP \fIrealm\fP ] -[\fB\-D\fP \fIport\fP] [\fB\-N\fP] +[\fB\-p\fP] [\fB\-x\fP] [\fB\-k\fP \fIrealm\fP ] [\fB\-D\fP \fIport\fP] +[\fB\-N\fP] .I file1 file2 .sp .B rcp -[\fB\-p\fB] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fP\-k\fP \fIrealm\fP] -[\fB\-r\fP] [\fB\-D\fP \fIport\fP] [\fB\-N\fP] +[\fB\-p\fB] [\fB\-x\fP] [\fP\-k\fP \fIrealm\fP] [\fB\-r\fP] [\fB\-D\fP +\fIport\fP] [\fB\-N\fP] .I file ... directory .SH DESCRIPTION .B Rcp @@ -81,7 +81,7 @@ attempt to preserve (duplicate) the modification times and modes of the source files in the copies, ignoring the .IR umask . .TP -\fB\-x\fP | \fB\-\-encrypt\fP +\fB\-x\fP encrypt all information transferring between hosts. .TP \fB\-k\fP \fIrealm\fP @@ -109,44 +109,14 @@ the current machine. Hostnames may also take the form ``rname@rhost'' to use .I rname rather than the current user name on the remote host. -.SH CONFIGURATION -The following defaults may be specified in the [appdefaults] or [realms] -section of the -.IR krb5.conf (5) -file: -.TP "\w'.B encrypt\ \ 'u" -.B encrypt -Whether or not to encrypt the data stream. Takes a boolean argument. -.PP -For example: -.sp -.nf -.in +1i -[appdefaults] - rcp = { - encrypt = true - } -[realms] - FUBAR.ORG = { - rcp = { - encrypt = false - } - } -.in -1i -.fi -.sp .SH FILES -.TP "\w'/etc/krb5.conf\ \ 'u" -/etc/krb5.conf -file containing local host's Kerberos V5 configuration information -.sp -1v -.TP +.TP "\w'~/.k5login\ \ 'u" ~/.k5login (on remote host) - file containing Kerberos principals that are allowed access. .SH SEE ALSO -cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3), -krb5.conf(5), rcp(1) [UCB version] +cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3), rcp(1) +[UCB version] .SH BUGS .B Rcp doesn't detect all cases where the target of a copy might be a file in diff --git a/src/appl/bsd/rlogin.M b/src/appl/bsd/rlogin.M index 7267a159c..0d47803af 100644 --- a/src/appl/bsd/rlogin.M +++ b/src/appl/bsd/rlogin.M @@ -24,12 +24,10 @@ rlogin \- remote login .SH SYNOPSIS .B rlogin .I rhost -[\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP | -\fB\-\-forward\fP] [\fB\-\-noforward\fP] [\fB\-F\fP | -\fB\-\-forwardable\fP] [\fB\-\-noforwardable\fP] [\fB\-t\fP -\fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP] [\fB\-d\fP] [\fB\-k\fP -\fIrealm\fP] [\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP] -[\fB\-\-noflow\fP] [\fB\-L\fP] [\fB\-l\fP \fIusername\fP] +[\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP] +[\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP] +[\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP +\fIusername\fP] .PP .SH DESCRIPTION .I Rlogin @@ -103,26 +101,14 @@ force the remote machine to ask for a password by sending a null local username. This option has no effect unless the standard UCB rlogin is executed in place of the Kerberos rlogin (see above). .TP -\fB\-f\fP | \fB\-\-forward\fP +\fB\-f\fP forward a copy of the local credentials to the remote system. .TP -.B \-\-noforward -disables ticket forwarding. This is useful for overriding the -application defaults in the host's -.IR krb5.conf (5) -file. -.TP -\fB\-F\fP | \fB\-\-forwardable\fP +\fB\-F\fP forward a .I forwardable copy of the local credentials to the remote system. .TP -.B \-\-noforwardable -makes any forwarded tickets non-forwardable. This is useful for -overriding the application defaults in the host's -.IR krb5.conf (5) -file. -.TP \fB\-t\fP \fItermtype\fP replace the terminal type passed to the remote host with .IR termtype . @@ -138,71 +124,21 @@ turn on socket debugging (via .IR setsockopt (2)) on the TCP sockets used for communication with the remote host. .TP -.B \-\-noflow -force transmission of flow control characters (^S/^Q) to the remote -system. -.TP .B \-k request rlogin to obtain tickets for the remote host in realm .I realm instead of the remote host's realm as determined by .IR krb_realmofhost (3). .TP -\fB\-x\fP | \fB\-\-encrypt\fP +\fB\-x\fP turn on DES encryption for all data passed via the rlogin session. This significantly reduces response time and significantly increases CPU utilization. -.TP -.B \-\-noencrypt -disables encryption. This is useful for overriding the application -defaults in the host's -.IR krb5.conf (5) -file. -.SH CONFIGURATION -The following defaults may be specified in the [appdefaults] or [realms] -section of the -.IR krb5.conf (5) -file: -.TP "\w'.B forwardable\ \ 'u" -.B forwardable -Whether or not any forwarded tickets should be forwardable. Takes a -boolean argument. -.TP -.B forward -Whether or not to forward tickets to the remote host. Takes a boolean -argument. -.TP -.B encrypt -Whether or not to encrypt the data stream. Takes a boolean argument. -.PP -For example: -.sp -.nf -.in +1i -[appdefaults] - rlogin = { - forwardable = true - forward = true - encrypt = true - } -[realms] - FUBAR.ORG = { - rlogin = { - forward = false - } - } -.in -1i -.fi -.sp .SH SEE ALSO -rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), -krb5.conf(5), rlogin(1) [UCB version] +rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB +version] .SH FILES -.TP "\w'/etc/krb5.conf\ \ 'u" -/etc/krb5.conf -file containing local host's Kerberos V5 configuration information -.sp -1v -.TP +.TP "\w'~/\&.k5login\ \ 'u" ~/\&.k5login (on remote host) - file containing Kerberos principals that are allowed access. diff --git a/src/appl/bsd/rsh.M b/src/appl/bsd/rsh.M index 3767d2b9a..ee262d2ca 100644 --- a/src/appl/bsd/rsh.M +++ b/src/appl/bsd/rsh.M @@ -25,9 +25,7 @@ rsh \- remote shell .B rsh .I host [\fB\-l\fP \fIusername\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP -\fIrealm\fP] [\fB\-f\fP | \fB\-\-forward\fP | \fB\-F\fP | -\fB\-\-forwardable\fP] [\fB\-\-noforward\fP] [\fB\-\-noforwardable\fP] -[\fB\-x\fP | \fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP] [\fB\-\-noflow\fP] +\fIrealm\fP] [\fB\-f\fP | \fB\-F\fP] [\fB\-x\fP] .I command .SH DESCRIPTION .B Rsh @@ -62,37 +60,21 @@ sets the remote username to .IR username . Otherwise, the remote username will be the same as the local username. .TP -\fB\-x\fP | \fB\-\-encrypt\fP +\fB\-x\fP causes the network session traffic to be encrypted. .TP -.B \-\-noencrypt -disables encryption. This is useful for overriding the application -defaults in the host's -.IR krb5.conf (5) -file. -.TP -\fB\-f\fP | \fB\-\-forward\fP -The -.B \-f -and -.B \-\-forward -options cause Kerberos credentials to be forwarded to the remote machine -for use by the specified +\fB\-f\fP +cause nonforwardable Kerberos credentials to be forwarded to the remote +machine for use by the specified .IR command . They will be removed when .I command finishes. This option is mutually exclusive with the .B \-F -or -.B \-\-forwardable -options. +option. .TP -\fB\-F\fP | \fB\-\-forwardable\fP -The -.B \-F -and -.B \-\-forwardable -options cause +\fB\-F\fP +cause .I forwardable Kerberos credentials to be forwarded to the remote machine for use by the specified @@ -101,23 +83,9 @@ They will be removed when .I command finishes. This option is mutually exclusive with the .B \-f -or -.B \-\-forward -options. -.TP -.B \-\-noforward -disables ticket forwarding. This is useful for overriding the -application defaults in the host's -.IR krb5.conf (5) -file. -.TP -.B \-\-noforwardable -makes any forwarded tickets non-forwardable. This is useful for -overriding the application defaults in the host's -.IR krb5.conf (5) -file. +option. .TP -\fB\-k\fP\fIrealm\fP +\fB\-k\fP \fIrealm\fP causes .I rsh to obtain tickets for the remote host in @@ -134,14 +102,6 @@ on the TCP sockets used for communication with the remote host. redirects input from the special device .I /dev/null (see the BUGS section below). -.TP -.B \-\-noflow -If -.B rsh -causes you to be logged into the remote host using -.IR rlogin (1), -this option passes the \-\-noflow option to -.IR rlogin . .PP If you omit .IR command , @@ -167,57 +127,16 @@ appends .I remotefile to .IR otherremotefile . -.SH CONFIGURATION -The following defaults may be specified in the [appdefaults] or [realms] -section of the -.IR krb5.conf (5) -file: -.TP "\w'.B forwardable\ \ 'u" -.B forwardable -Whether or not any forwarded tickets should be forwardable. Takes a -boolean argument. -.TP -.B forward -Whether or not to forward tickets to the remote host. Takes a boolean -argument. -.TP -.B encrypt -Whether or not to encrypt the data stream. Takes a boolean argument. -.PP -For example: -.sp -.nf -.in +1i -[appdefaults] - rsh = { - forwardable = true - forward = true - encrypt = true - } -[realms] - FUBAR.ORG = { - rsh = { - forward = false - } - } -.in -1i -.fi -.sp .SH FILES -.TP "\w'/etc/krb5.conf\ \ 'u" +.TP "\w'~/.k5login\ \ 'u" /etc/hosts .sp -1v .TP -/etc/krb5.conf -file containing local host's Kerberos V5 configuration information -.sp -1v -.TP ~/\&.k5login (on remote host) - file containing Kerberos principals that are allowed access. .SH SEE ALSO -rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), -krb5.conf(5) +rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3) .SH BUGS If you are using .IR csh (1) diff --git a/src/appl/telnet/telnet/telnet.1 b/src/appl/telnet/telnet/telnet.1 index 4e6fdf446..6f022d3cc 100644 --- a/src/appl/telnet/telnet/telnet.1 +++ b/src/appl/telnet/telnet/telnet.1 @@ -37,12 +37,11 @@ telnet \- user interface to the TELNET protocol .SH SYNOPSIS .B telnet -[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP | \fB\-\-noautologin\fP] -[\fB\-L\fP] [\fB\-S\fP \fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP -| \fB\-\-autologin\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB\-e\fP -\fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-l\fP -\fIuser\fP] [\fB\-n\fP \fItracefile\fP] [\fB\-r\fP] [\fB\-x\fP | -\fB\-\-encrypt\fP] [\fB\-\-noencrypt\fP] [\fIhost\fP [\fIport\fP]] +[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP +\fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP] +[\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP +\fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP] +[\fB\-r\fP] [\fB\-x\fP] [\fIhost\fP [\fIport\fP]] .SH DESCRIPTION The .B telnet @@ -68,18 +67,12 @@ option on both input and output. .B \-E Stop any character from being recognized as an escape character. .TP -\fB\-F\fP | \fB\-\-forwardable\fP +\fB\-F\fP forward a .I forwardable copy of the local credentials to the remote system. .TP -.B \-\-noforwardable -make any forwarded tickets non-forwardable. This is useful for -overriding the application defaults in the host's -.IR krb5.conf (5) -file. -.TP -\fB\-K\fP | \fB\-\-noautologin\fP +\fB\-K\fP Specify no automatic login to the remote system. .TP .B \-L @@ -98,7 +91,7 @@ Disable the .I atype type of authentication. .TP -\fB\-a\fP | \fB\-\-autologin\fP +\fB\-a\fP Attempt automatic login. This sends the user name via the .SM USER variable of the @@ -130,15 +123,9 @@ If .I escape char is omitted, then there will be no escape character. .TP -\fB\-f\fP | \fB\-\-forward\fP +\fB\-f\fP forward a copy of the local credentials to the remote system. .TP -.B \-\-noforward -disable ticket forwarding. This is useful for overriding the -application defaults in the host's -.IR krb5.conf (5) -file. -.TP \fB\-k\fP \fIrealm\fP If Kerberos authentication is being used, request that telnet obtain tickets for the remote host in realm @@ -174,15 +161,9 @@ unless modified by the .B \-e option. .TP -\fB\-x\fP | \fB\-\-encrypt\fP +\fB\-x\fP Turn on encryption of the data stream. .TP -.B \-\-noencrypt -disable encryption. This is useful for overriding the application -defaults in the host's -.IR krb5.conf (5) -file. -.TP .I host Indicates the name, alias, or Internet address of the remote host. .TP @@ -1328,51 +1309,8 @@ environment variables. Other environment variables may be propagated to the other side via the .SM TELNET ENVIRON option. -.SH CONFIGURATION -The following defaults may be specified in the [appdefaults] or [realms] -section of the -.IR krb5.conf (5) -file: -.TP "\w'.B forwardable\ \ 'u" -.B forward -Whether or not to forward tickets to the remote host. Takes a boolean -argument. -.TP -.B forwardable -Whether or not any forwarded tickets should be forwardable. Takes a -boolean argument. -.TP -.B encrypt -Whether or not to encrypt the data stream. Takes a boolean argument. -.TP -.B autologin -Whether or not to attempt automatic login. Takes a boolean argument. -.PP -For example: -.sp -.nf -.in +1i -[appdefaults] - telnet = { - forwardable = true - forward = true - encrypt = true - autologin = true - } -[realms] - FUBAR.ORG = { - telnet = { - forward = false - } - } -.in -1i -.fi -.sp .SH FILES -.TP "\w'/etc/krb5.conf\ \ 'u" -/etc/krb5.conf -file containing local host's Kerberos V5 configuration information -.sp -1v +.TP "\w'~/.telnetrc\ \ 'u" .TP ~/.telnetrc user-customized telnet startup values diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 3108a0aad..b35dd67da 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -17,96 +17,123 @@ .\" permission. M.I.T. makes no representations about the suitability of .\" this software for any purpose. It is provided "as is" without express .\" or implied warranty. -.\" -.\" -.TH KINIT 1 "Kerberos Version 5.0" "MIT Project Athena" +.\" " +.so man1/header.doc +.TH KINIT 1 \*h .SH NAME kinit \- obtain and cache Kerberos ticket-granting ticket .SH SYNOPSIS +.TP .B kinit -[ -.B \-l -.I lifetime -] [ -.B \-s -.I starttime -] [ -.B \-v -] [ -.B \-p -] [ -.B \-f -] [ -.B \-r -.I rlife -] [ -.B \-R -] [ -.B \-c -.I cachename -] -.I principal +.ad l +[\fB\-l\fP \fIlifetime\fP] [\fB\-s\fP \fIstart_time\fP] [\fB\-v\fP] +[\fB\-p\fP] [\fB\-f\fP] [\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]] +[\fB\-r\fP \fIrenewable_life\fP] [\fB\-R\fP] [\fB\-c\fP +\fIcache_name\fP] [\fB\-S\fP \fIservice_name\fP] [\fIprincipal\fP] +.ad b .br .SH DESCRIPTION .I kinit obtains and caches an initial ticket-granting ticket for .IR principal . -The +.SH OPTIONS +.TP +\fB\-l\fP \fIlifetime\fP +requests a ticket with the lifetime +.IR lifetime . +The value for +.I lifetime +must be followed immediately by one of the following delimiters: +.sp +.nf +.in +.3i +\fBs\fP seconds +\fBm\fP minutes +\fBh\fP hours +\fBd\fP days +.in -.3i +.fi +.sp +as in "kinit -l 90m". You cannot mix units; a value of `3h30m' will +result in an error. +.sp +If the .B \-l -option specifies the lifetime to be requested for the ticket; -if this option is not specified, the default ticket lifetime (configured -by each site) is used instead. -.PP -The -.B \-s -option specifies the start time, and causes you to get a postdated ticket. -Postdated tickets are issued with the +option is not specified, the default ticket lifetime (configured by each +site) is used. Specifying a ticket lifetime longer than the maximum +ticket lifetime (configured by each site) results in a ticket with the +maximum lifetime. +.TP +\fB\-s\fP \fIstart_time\fP +requests a postdated ticket, valid starting at +.IR start_time . +Postdated tickets are issued with the .I invalid -flag set, and needs to be fed back to the kdc before use. This may be -accomplished by using the +flag set, and need to be fed back to the kdc before use. +.TP .B \-v -option. -.PP -The -.B \-p -option specifies that the PROXIABLE option should be requested for the +requests that the ticket granting ticket in the cache (with the +.I invalid +flag set) be passed to the kdc for validation. If the ticket is within +its requested time range, the cache is replaced with the validated ticket. -.PP -The +.TP +.B \-p +request proxiable tickets. +.TP .B \-f -option specifies that the FORWARDABLE option should be requested for the -ticket. -.PP -The -.B \-r -.I rlife -option specifies that the RENEWABLE option should be requested for the -ticket, and specifies the desired total lifetime of the ticket. To renew -the ticket, the +request forwardable tickets. +.TP +\fB\-r\fP \fIrenewable_life\fP +requests renewable tickets, with a total lifetime of +.IR renewable_life . +The duration is in the same format as the +.B \-l +option, with the same delimiters. +.TP .B \-R -option is used. Note that you must renew the ticket before it has -expired. -.PP -The -.B \-c -option can be used to specify an alternate credentials cache; if this -option is not used, the default cache is used. Any contents of the -cache are destroyed by -.IR kinit . -.PP -The -.B \-s -option can be used to specify an alternate service name to use when -getting initial tickets. -.PP -The default credentials cache may vary between systems; however, if the +requests renewal of the ticket-granting ticket. Note that an expired +ticket cannot be renewed, even if the ticket is still within its +renewable life. +.TP +\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP] +requests a host ticket, obtained from a key in the local host's +.I keytab +file. The name and location of the keytab file may be specified with +the +.B \-t +.I keytab_file +option; otherwise the default name and location will be used. +.TP +\fB\-c\fP \fIcache_name\fP +use +.I cache_name +as the credentials (ticket) cache name and location; if this option is +not used, the default cache name and location are used. +.sp +The default credentials cache may vary between systems. If the .B KRB5CCNAME environment variable is set, its value is used to name the default -ticket cache. +ticket cache. Any existing contents of the cache are destroyed by +.IR kinit . +.TP +\fB\-S\fP \fIservice_name\fP +specify an alternate service name to use when +getting initial tickets. +.SH ENVIRONMENT +.B Kinit +uses the following environment variable: +.TP "\w'.SM KRB5CCNAME\ \ 'u" +.SM KRB5CCNAME +Location of the credentials (ticket) cache. .SH FILES -.TP 2i +.TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] -as the normal default credentials cache ([uid] is the decimal UID of the user). +default credentials cache ([uid] is the decimal UID of the user). +.TP +/etc/v5srvtab +default location for the local host's +.B keytab +file. .SH SEE ALSO klist(1), kdestroy(1), krb5(3) -.SH BUGS -- 2.26.2