From fdf99bd6c1a15e60316216a288b74ef1bb31650e Mon Sep 17 00:00:00 2001 From: Jeff Bigler Date: Fri, 6 Sep 1996 23:21:10 +0000 Subject: [PATCH] New generic man pages git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9051 dc483132-0cff-0310-8789-dd5450dbe970 --- src/gen-manpages/ChangeLog | 10 +++ src/gen-manpages/Makefile.in | 6 ++ src/gen-manpages/configure.in | 4 + src/gen-manpages/header.doc | 2 + src/gen-manpages/k5login.M | 56 +++++++++++++ src/gen-manpages/kerberos.M | 145 ++++++++++++++++++++++++++++++++++ 6 files changed, 223 insertions(+) create mode 100644 src/gen-manpages/ChangeLog create mode 100644 src/gen-manpages/Makefile.in create mode 100644 src/gen-manpages/configure.in create mode 100644 src/gen-manpages/header.doc create mode 100644 src/gen-manpages/k5login.M create mode 100644 src/gen-manpages/kerberos.M diff --git a/src/gen-manpages/ChangeLog b/src/gen-manpages/ChangeLog new file mode 100644 index 000000000..d908848b5 --- /dev/null +++ b/src/gen-manpages/ChangeLog @@ -0,0 +1,10 @@ +Tue Aug 27 16:38:29 1996 Jeff Bigler + + * Makefile.in (install): Added line to install .k5login man page. + + * k5login.M: new file + +Sat Aug 3 15:35:19 1996 Michael Graff + + * configure.in: add CONFIG_RULES and AC_PROG_INSTALL checks + diff --git a/src/gen-manpages/Makefile.in b/src/gen-manpages/Makefile.in new file mode 100644 index 000000000..653c74b49 --- /dev/null +++ b/src/gen-manpages/Makefile.in @@ -0,0 +1,6 @@ +all:: + +install:: + $(INSTALL_DATA) $(srcdir)/kerberos.M ${DESTDIR}$(CLIENT_MANDIR)/kerberos.1 + $(INSTALL_DATA) $(srcdir)/header.doc ${DESTDIR}$(CLIENT_MANDIR)/header.doc + $(INSTALL_DATA) $(srcdir)/k5login.M ${DESTDIR}$(FILE_MANDIR)/.k5login.5 diff --git a/src/gen-manpages/configure.in b/src/gen-manpages/configure.in new file mode 100644 index 000000000..f9dafe7fd --- /dev/null +++ b/src/gen-manpages/configure.in @@ -0,0 +1,4 @@ +AC_INIT(configure.in) +CONFIG_RULES +AC_PROG_INSTALL +V5_AC_OUTPUT_MAKEFILE diff --git a/src/gen-manpages/header.doc b/src/gen-manpages/header.doc new file mode 100644 index 000000000..4f4a9e5a8 --- /dev/null +++ b/src/gen-manpages/header.doc @@ -0,0 +1,2 @@ +.\" .ds h ""Kerberos V5" "MIT Project Athena" +.ds h ""Kerb*Net -- Kerberos V5" "Cygnus Support" diff --git a/src/gen-manpages/k5login.M b/src/gen-manpages/k5login.M new file mode 100644 index 000000000..4f1cbb14f --- /dev/null +++ b/src/gen-manpages/k5login.M @@ -0,0 +1,56 @@ +.so man1/header.doc +.TH .K5LOGIN 5 \*h +.SH NAME +.k5login \- Kerberos V5 acl file for host access. +.SH DESCRIPTION +The +.B .k5login +file, which resides in a user's home directory, contains a list of the +Kerberos principals. Anyone with valid tickets for a principal in the +file is allowed host access with the UID of the user in whose home +directory the file resides. One common use is to place a +.B .k5login +file in root's home directory, thereby granting system administrators +remote root access to the host via Kerberos. +.SH EXAMPLES +Suppose the user "janedoe" had a +.B .k5login +file in her home directory containing the following line: +.sp +.nf +.in +1i +johndoe@FUBAR.ORG +.in -1i +.fi +.sp +This would allow her husband "johndoe" to use any of the Kerberos +network applications, such as +.IR telnet (1), +.IR rlogin (1), +.IR rsh (1), +and +.IR rcp (1), +to access her account, using his own Kerberos tickets. +.PP +Let us further suppose that "janedoe" is a system administrator. She +and the other system administrators would have their principals in +root's +.B .k5login +file on each host: +.sp +.nf +.in +1i +janedoe@BLEEP.COM +joeadmin/root@BLEEP.COM +.in -1i +.fi +.sp +This would allow either system administrator to log in to these hosts +using their Kerberos tickets instead of having to type the root +password. Note that because "janedoe"'s husband retains the Kerberos +tickets for his own principal, "johndoe@FUBAR.ORG", he would not have +any of the privileges that require his wife's tickets, such as root +access to any of her site's hosts, or the ability to change her +password. +.SH SEE ALSO +telnet(1), rlogin(1), rsh(1), rcp(1), ksu(1), telnetd(8), klogind(8) diff --git a/src/gen-manpages/kerberos.M b/src/gen-manpages/kerberos.M new file mode 100644 index 000000000..212bec29e --- /dev/null +++ b/src/gen-manpages/kerberos.M @@ -0,0 +1,145 @@ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" " +.so man1/header.doc +.TH KERBEROS 1 \*h +.SH NAME +kerberos \- introduction to the Kerberos system +.SH DESCRIPTION +The Kerberos system authenticates individual users in a network +environment. After authenticating yourself to Kerberos, you can use +network utilities such as +.IR rlogin , +.IR rcp , +and +.IR rsh +without having to present passwords to remote hosts and without having +to bother with +.I \.rhosts +files. Note that these utilities will work without passwords only if +the remote machines you deal with support the Kerberos system. +.PP +If you enter your username and +.I kinit +responds with this message: +.nf + +Principal unknown (kerberos) + +.fi +you haven't been registered as a Kerberos user. See your system +administrator. +.PP +A Kerberos name usually contains three parts. The first is the +.IR primary , +which is usually a user's or service's name. The second is the +.IR instance , +which in the case of a user is usually null. Some users may have +privileged instances, however, such as ``root'' or ``admin''. In the +case of a service, the instance is the fully qualified name of the +machine on which it runs; i.e. there can be an +.I rlogin +service running on the machine ABC, which is different from the rlogin +service running on the machine XYZ. The third part of a Kerberos name +is the +.IR realm . +The realm corresponds to the Kerberos service providing authentication +for the principal. +.PP +When writing a Kerberos name, the principal name is separated from the +instance (if not null) by a slash, and the realm (if not the local +realm) follows, preceded by an ``@'' sign. The following are examples +of valid Kerberos names: +.sp +.nf +.in +8 +david +jennifer/admin +joeuser@BLEEP.COM +cbrown/root@FUBAR.ORG +.in -8 +.fi +.PP +When you authenticate yourself with Kerberos you get an initial Kerberos +.IR ticket . +(A Kerberos ticket is an encrypted protocol message that provides +authentication.) Kerberos uses this ticket for network utilities such +as +.I rlogin +and +.IR rcp . +The ticket transactions are done transparently, so you don't have to +worry about their management. +.PP +Note, however, that tickets expire. Privileged tickets, such as those +with the instance ``root'', expire in a few minutes, while tickets that +carry more ordinary privileges may be good for several hours or a day, +depending on the installation's policy. If your login session extends +beyond the time limit, you will have to re-authenticate yourself to +Kerberos to get new tickets. Use the +.IR kinit +command to re-authenticate yourself. +.PP +If you use the +.I kinit +command to get your tickets, make sure you use the +.I kdestroy +command to destroy your tickets before you end your login session. You +should put the +.I kdestroy +command in your +.I \.logout +file so that your tickets will be destroyed automatically when you +logout. For more information about the +.I kinit +and +.I kdestroy +commands, see the +.IR kinit (1) +and +.IR kdestroy (1) +manual pages. +.PP +Kerberos tickets can be forwarded. In order to forward tickets, you +must request +.I forwardable +tickets when you +.IR kinit . +Once you have forwardable tickets, most Kerberos programs have a command +line option to forward them to the remote host. +.PP +Currently, Kerberos support is available for the following network +services: +.IR rlogin , +.IR rsh , +.IR rcp , +.IR telnet , +.IR ftp , +.I krdist +(a Kerberized version of +.IR rdist ), +.I ksu +(a Kerberized version of +.IR su ), +.IR login , +and +.IR Xdm . +.SH "SEE ALSO" +kdestroy(1), kinit(1), klist(1), kpasswd(1), rsh (1), rcp(1), rlogin(1), +telnet(1), ftp(1), krdist(1), ksu(1), sclient(1), xdm(1), des_crypt(3), +hash(3), krb5strings(3), krb5.conf(5), kdc.conf(5), kadmin(8), +kadmind(8), kdb5_util(8), telnetd(8), ftpd(8), rdistd(8), sserver(8), +klogind(8c), kshd(8c), login(8c) +.SH BUGS +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena +.SH HISTORY +Kerberos was developed at MIT. OpenVision rewrote and donated the +administration server, which is used in the current version of Kerberos +5. +.SH RESTRICTIONS +Copyright 1985,1986,1989-1996 Massachusetts Institute of Technology -- 2.26.2