diff options
Diffstat (limited to 'crypto/heimdal/kdc/kdc.8')
-rw-r--r-- | crypto/heimdal/kdc/kdc.8 | 63 |
1 files changed, 45 insertions, 18 deletions
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 index 89251118c3cf..181a3cea15a7 100644 --- a/crypto/heimdal/kdc/kdc.8 +++ b/crypto/heimdal/kdc/kdc.8 @@ -1,4 +1,4 @@ -.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $ +.\" $Id: kdc.8,v 1.5 2000/02/13 21:04:32 assar Exp $ .\" .Dd July 27, 1997 .Dt KDC 8 @@ -11,12 +11,16 @@ Kerberos 5 server .Nm .Op Fl c Ar file .Op Fl -config-file= Ns Ar file -.Op Fl k Ar file -.Op Fl -key-file= Ns Ar file -.Op Fl p -.Op Fl -no-require-preauth +.Op Fl p | Fl -no-require-preauth +.Op Fl -max-request= Ns Ar size +.Op Fl H | Fl -enable-http +.Op Fl K | Fl -no-kaserver .Op Fl r Ar realm .Op Fl -v4-realm= Ns Ar realm +.Oo Fl P Ar string \*(Ba Xo +.Fl -ports= Ns Ar string Oc +.Xc +.Op Fl -addresses= Ns Ar list of addresses .Sh DESCRIPTION .Nm @@ -31,21 +35,32 @@ Options supported: Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. -.It Fl k Ar file -.It Fl -key-file= Ns Ar file -The location of the master-key file. All keys in the database is -encrypted with this master key. The use of a master key is currently -optional, so there is no default. -.Em "Don't specify a master key file if your database is not encrypted." .It Fl p .It Fl -no-require-preauth -Turn off the requirement for pre-autentication in the initial -AS-REQ. The use of pre-authentication makes it more difficult to do -offline password attacks. You might want to turn it off if you have -clients that doesn't do pre-authentication. Since the version 4 -protocol doesn't support any pre-authentication, so serving version 4 -clients is just about the same as not requiring pre-athentication. The -default is to require pre-authentication. +Turn off the requirement for pre-autentication in the initial AS-REQ +for all principals. The use of pre-authentication makes it more +difficult to do offline password attacks. You might want to turn it +off if you have clients that doesn't do pre-authentication. Since the +version 4 protocol doesn't support any pre-authentication, so serving +version 4 clients is just about the same as not requiring +pre-athentication. The default is to require +pre-authentication. Adding the require-preauth per principal is a more +flexible way of handling this. +.It Xo +.Fl -max-request= Ns Ar size +.Xc +Gives an upper limit on the size of the requests that the kdc is +willing to handle. +.It Xo +.Fl H Ns , +.Fl -enable-http +.Xc +Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. +.It Xo +.Fl K Ns , +.Fl -no-kaserver +.Xc +Disables kaserver emulation (in case it's compiled in). .It Fl r Ar realm .It Fl -v4-realm= Ns Ar realm What realm this server should act as when dealing with version 4 @@ -55,6 +70,18 @@ explicitly specified. The default is whatever is returned by .Fn krb_get_lrealm . This option is only availabe if the KDC has been compiled with version 4 support. +.It Xo +.Fl P Ar string Ns , +.Fl -ports= Ns Ar string +.Xc +Specifies the set of ports the KDC should listen on. It is given as a +white-space separated list of services or port numbers. +.It Xo +.Fl -addresses= Ns Ar list of addresses +.Xc +The list of addresses to listen for requests on. By default, the kdc +will listen on all the locally configured addresses. If only a subset +is desired, or the automatic detection fails, this option might be used. .El .Pp All activities , are logged to one or more destinations, see |