From ad891c396d30628b7eb893f24ba4984c0363d685 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Tue, 29 May 1990 16:47:11 +0000 Subject: [PATCH] *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@958 dc483132-0cff-0310-8789-dd5450dbe970 --- src/admin/aname/kdb5_anadd.M | 55 ++++++++++++++++++++ src/admin/create/kdb5_create.M | 75 +++++++++++++++++++++++++++ src/admin/destroy/kdb5_destroy.M | 31 +++++++++++ src/admin/edit/kdb5_edit.M | 84 ++++++++++++++++++++++++++++++ src/admin/stash/kdb5_stash.M | 86 +++++++++++++++++++++++++++++++ src/appl/sample/sclient/sclient.M | 22 ++++++++ src/appl/sample/sserver/sserver.M | 29 +++++++++++ src/kdc/krb5kdc.M | 81 +++++++++++++++++++++++++++++ 8 files changed, 463 insertions(+) create mode 100644 src/admin/aname/kdb5_anadd.M create mode 100644 src/admin/create/kdb5_create.M create mode 100644 src/admin/destroy/kdb5_destroy.M create mode 100644 src/admin/edit/kdb5_edit.M create mode 100644 src/admin/stash/kdb5_stash.M create mode 100644 src/appl/sample/sclient/sclient.M create mode 100644 src/appl/sample/sserver/sserver.M create mode 100644 src/kdc/krb5kdc.M diff --git a/src/admin/aname/kdb5_anadd.M b/src/admin/aname/kdb5_anadd.M new file mode 100644 index 000000000..fe9ceb080 --- /dev/null +++ b/src/admin/aname/kdb5_anadd.M @@ -0,0 +1,55 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KDB5_ANADD 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_anadd \- manipulate aname/lname translation database +.SH SYNOPSIS +.B kdb5_anadd +[ +.B \-a +] [ +.B \-n +.I dbname +] pname lname +.br +.B kdb5_anadd \-d +[ +.B \-n +.I dbname +] pname +.br +.SH DESCRIPTION +.I kdb5_anadd +is a primitive tool for manipulating the authentication name (aname) to +local name (lname) translation database. +.PP +The first use described above is for entering new translations or +changing existing translations from anames to lnames. +After execution, the function +.IR krb5_aname_to_localname (3) +with its first argument passed as a principal with text representation of +.I pname +will fill in +.I lname +as the translation. +.PP +The second use described above is for deleting translations from the +database; after execution the principal named by +.I pname +will not translate to any local name. +.PP +For both uses, the +.B \-n +.I dbname +option specifies the name of the database which holds the translation; +the default database is DEFAULT_LNAME_FILENAME (usually /krb5/aname). +.SH SEE ALSO +krb5(3) +.SH BUGS +The mapping is many-to-one, not many-to-many. diff --git a/src/admin/create/kdb5_create.M b/src/admin/create/kdb5_create.M new file mode 100644 index 000000000..2e6c069da --- /dev/null +++ b/src/admin/create/kdb5_create.M @@ -0,0 +1,75 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KDB5_CREATE 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_create \- create a new Kerberos V5 principal database +.SH SYNOPSIS +.B kdb5_create +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] +.br +.SH DESCRIPTION +.I kdb5_create +is used to create a Kerberos version 5 principal database. +The user is prompted for the master password, which will be used to +generate an encryption key under which all entries are stored (in order +to provide some security against database theft). +.PP +The +.B \-r +.I realm +option specifies the realm for which the database should be created; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is to be +created; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) to be used when placing entries in +the database; the default is the default encryption type for the master +keytype. +.SH SEE ALSO +krb5(3), krb5kdc(8) +.SH BUGS +Doesn't have flexibility about expiration times. diff --git a/src/admin/destroy/kdb5_destroy.M b/src/admin/destroy/kdb5_destroy.M new file mode 100644 index 000000000..20f557a8a --- /dev/null +++ b/src/admin/destroy/kdb5_destroy.M @@ -0,0 +1,31 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KDB5_DESTROY 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_destroy \- destroy a Kerberos principal database +.SH SYNOPSIS +.B kdb5_destroy +[ +.B \-d +.I dbname +] +.br +.SH DESCRIPTION +.I kdb5_destroy +destroys a Kerberos principal database. +The user is prompted to confirm deletion of the database. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is +stored; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.SH SEE ALSO +kdb5_create(8) diff --git a/src/admin/edit/kdb5_edit.M b/src/admin/edit/kdb5_edit.M new file mode 100644 index 000000000..c3d0fbfd4 --- /dev/null +++ b/src/admin/edit/kdb5_edit.M @@ -0,0 +1,84 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KDB5_EDIT 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_edit \- edit a Kerberos V5 principal database +.SH SYNOPSIS +.B kdb5_edit +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] [ +.B \-m +] +.br +.SH DESCRIPTION +.I kdb5_edit +allows an administrator to add, delete, and edit entries in a Kerberos +version 5 principal database. +After the master key is verified, the administrator is placed into a +shell-like command loop, from which he may issue commands to modify the +database. '?' lists the commands available; 'exit' or 'quit' exits the +program. +.PP +The +.B \-r +.I realm +option specifies the realm for which the database should be created; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is to be +created; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) to be used when placing entries in +the database; the default is the default encryption type for the master +keytype. +.PP +The +.B \-m +option specifies that the master database password should be fetched +from the keyboard rather than from a file on disk. +.SH SEE ALSO +krb5(3), krb5kdc(8), ss(3) +.SH BUGS +This man page needs to document the ss commands. diff --git a/src/admin/stash/kdb5_stash.M b/src/admin/stash/kdb5_stash.M new file mode 100644 index 000000000..2add2e204 --- /dev/null +++ b/src/admin/stash/kdb5_stash.M @@ -0,0 +1,86 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KDB5_STASH 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_stash \- store a principal database master key on disk +.SH SYNOPSIS +.B kdb5_stash +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] [ +.B \-f +.I keyfile +] +.br +.SH DESCRIPTION +.I kdb5_stash +stores a Kerberos principal database master key in a file; +this key may subsequently be used for unattended re-start of a Kerberos +V5 KDC. +create a Kerberos version 5 principal database. +The user is prompted for the master password, which will be verified +against the database, and then stored in a file. +.PP +The +.B \-r +.I realm +option specifies the realm for which the database key should be stored; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is +stored; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) used for entries in the database; the default is the default +encryption type for the master keytype. +.PP +The +.B \-f +option specifies the file in which the master key should be stored; the +default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name). +.SH SEE ALSO +krb5(3), krb5kdc(8), kdb5_create(8) +.SH BUGS +Allows an intruder to gain access to the entire database if the security +of the KDC system is breached. + diff --git a/src/appl/sample/sclient/sclient.M b/src/appl/sample/sclient/sclient.M new file mode 100644 index 000000000..262093f6d --- /dev/null +++ b/src/appl/sample/sclient/sclient.M @@ -0,0 +1,22 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH SCLIENT 1 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +sclient \- sample Kerberos version 5 client +.SH SYNOPSIS +.B sclient +.I remotehost +.br +.SH DESCRIPTION +.I sclient +will contact a sample server (\fIsserver\fR(8)) and authenticate to it +using Kerberos version 5 tickets, then display the server's response. +.SH SEE ALSO +kinit(1), sserver(8) +.SH BUGS diff --git a/src/appl/sample/sserver/sserver.M b/src/appl/sample/sserver/sserver.M new file mode 100644 index 000000000..0cce626dc --- /dev/null +++ b/src/appl/sample/sserver/sserver.M @@ -0,0 +1,29 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH SSERVER 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +sserver \- sample Kerberos version 5 server +.SH SYNOPSIS +.B sserver +.I serverprincipal +.br +.SH DESCRIPTION +.I sserver +is usually executed from the internet daemon (\fIinetd\fR(8)) which +listens on the \fBsample\fR TCP port when a connection from a sample +client is established. There is a compile-time option to allow it to +run without intervention of the internet daemon. +.PP +.I serverprincipal +names the principal for which the tickets presented by +.I sclient +are expected to be valid; this name is used to fetch the appropriate +service key from the server key store. +.SH SEE ALSO +sclient(1), services(5), inetd(8) diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M new file mode 100644 index 000000000..c542e14c8 --- /dev/null +++ b/src/kdc/krb5kdc.M @@ -0,0 +1,81 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" . +.\" +.TH KRB5KDC 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +krb5kdc \- Kerberos V5 KDC +.SH SYNOPSIS +.B krb5kdc +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-R +.I replycache +] [ +.B \-m +] +.br +.SH DESCRIPTION +.I krb5kdc +is the Kerberos version 5 Authentication Service and Key Distribution +Center (AS/KDC). +.PP +The +.B \-r +.I realm +option specifies the realm for which the server should provide service; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database can be found; by +default the database is in DEFAULT_DBM_FILE (normally /krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-R +option specifies the replay cache to be used; the default is KDCRCACHE +(usually "dfl:krb5kdc_rcache"). +.PP +The +.B \-m +option specifies that the master database password should be fetched +from the keyboard rather than from a file on disk. +.SH SEE ALSO +krb5(3), kdb5_create(8), kdb5_stash(8) +.SH BUGS +Doesn't yet do v4 compatibility. + +Doesn't yet do inter-realm stuff properly. + +It should fork and go into the background when it finishes reading the +master password from the terminal. -- 2.26.2