*** empty log message ***

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@958 dc483132-0cff-0310-8789-dd5450dbe970

5 files changed, 331 insertions, 0 deletions

diff --git a/src/admin/aname/kdb5_anadd.M b/src/admin/aname/kdb5_anadd.M
new file mode 100644
index 000000000..fe9ceb080
--- /dev/null
+++ b/src/admin/aname/kdb5_anadd.M
@@ -0,0 +1,55 @@
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_ANADD 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_anadd \- manipulate aname/lname translation database
+.SH SYNOPSIS
+.B kdb5_anadd
+[
+.B \-a
+] [
+.B \-n
+.I dbname
+] pname lname
+.br
+.B kdb5_anadd \-d
+[
+.B \-n
+.I dbname
+] pname
+.br
+.SH DESCRIPTION
+.I kdb5_anadd
+is a primitive tool for manipulating the authentication name (aname) to
+local name (lname) translation database.
+.PP
+The first use described above is for entering new translations or
+changing existing translations from anames to lnames.
+After execution, the function
+.IR krb5_aname_to_localname (3)
+with its first argument passed as a principal with text representation of
+.I pname
+will fill in
+.I lname
+as the translation.
+.PP
+The second use described above is for deleting translations from the
+database; after execution the principal named by 
+.I pname
+will not translate to any local name.
+.PP
+For both uses, the
+.B \-n
+.I dbname
+option specifies the name of the database which holds the translation;
+the default database is DEFAULT_LNAME_FILENAME (usually /krb5/aname).
+.SH SEE ALSO
+krb5(3)
+.SH BUGS
+The mapping is many-to-one, not many-to-many.
diff --git a/src/admin/create/kdb5_create.M b/src/admin/create/kdb5_create.M
new file mode 100644
index 000000000..2e6c069da
--- /dev/null
+++ b/src/admin/create/kdb5_create.M
@@ -0,0 +1,75 @@
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_CREATE 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_create \- create a new Kerberos V5 principal database
+.SH SYNOPSIS
+.B kdb5_create
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+]
+.br
+.SH DESCRIPTION
+.I kdb5_create
+is used to create a Kerberos version 5 principal database.
+The user is prompted for the master password, which will be used to
+generate an encryption key under which all entries are stored (in order
+to provide some security against database theft).
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database should be created;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is to be
+created; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) to be used when placing entries in
+the database; the default is the default encryption type for the master
+keytype.
+.SH SEE ALSO
+krb5(3), krb5kdc(8)
+.SH BUGS
+Doesn't have flexibility about expiration times.
diff --git a/src/admin/destroy/kdb5_destroy.M b/src/admin/destroy/kdb5_destroy.M
new file mode 100644
index 000000000..20f557a8a
--- /dev/null
+++ b/src/admin/destroy/kdb5_destroy.M
@@ -0,0 +1,31 @@
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_DESTROY 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_destroy \- destroy a Kerberos principal database
+.SH SYNOPSIS
+.B kdb5_destroy
+[
+.B \-d
+.I dbname
+]
+.br
+.SH DESCRIPTION
+.I kdb5_destroy
+destroys a Kerberos principal database.
+The user is prompted to confirm deletion of the database.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is
+stored; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.SH SEE ALSO
+kdb5_create(8)
diff --git a/src/admin/edit/kdb5_edit.M b/src/admin/edit/kdb5_edit.M
new file mode 100644
index 000000000..c3d0fbfd4
--- /dev/null
+++ b/src/admin/edit/kdb5_edit.M
@@ -0,0 +1,84 @@
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_EDIT 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_edit \- edit a Kerberos V5 principal database
+.SH SYNOPSIS
+.B kdb5_edit
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+] [
+.B \-m
+]
+.br
+.SH DESCRIPTION
+.I kdb5_edit
+allows an administrator to add, delete, and edit entries in a Kerberos
+version 5 principal database.
+After the master key is verified, the administrator is placed into a
+shell-like command loop, from which he may issue commands to modify the
+database.  '?' lists the commands available; 'exit' or 'quit' exits the
+program.
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database should be created;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is to be
+created; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) to be used when placing entries in
+the database; the default is the default encryption type for the master
+keytype.
+.PP
+The
+.B \-m
+option specifies that the master database password should be fetched
+from the keyboard rather than from a file on disk.
+.SH SEE ALSO
+krb5(3), krb5kdc(8), ss(3)
+.SH BUGS
+This man page needs to document the ss commands.
diff --git a/src/admin/stash/kdb5_stash.M b/src/admin/stash/kdb5_stash.M
new file mode 100644
index 000000000..2add2e204
--- /dev/null
+++ b/src/admin/stash/kdb5_stash.M
@@ -0,0 +1,86 @@
+.\" $Source$
+.\" $Author$
+.\" $Id$
+.\" Copyright 1990 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information, please see the file
+.\" <krb5/copyright.h>.
+.\"
+.TH KDB5_STASH 8 "Kerberos Version 5.0" "MIT Project Athena"
+.SH NAME
+kdb5_stash \- store a principal database master key on disk
+.SH SYNOPSIS
+.B kdb5_stash
+[
+.B \-r
+.I realm
+] [
+.B \-d
+.I dbname
+] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+] [
+.B \-f
+.I keyfile
+]
+.br
+.SH DESCRIPTION
+.I kdb5_stash
+stores a Kerberos principal database master key in a file;
+this key may subsequently be used for unattended re-start of a Kerberos
+V5 KDC.
+create a Kerberos version 5 principal database.
+The user is prompted for the master password, which will be verified
+against the database, and then stored in a file.
+.PP
+The
+.B \-r
+.I realm
+option specifies the realm for which the database key should be stored;
+by default the realm returned by
+.IR krb5_default_local_realm (3)
+is used.
+.PP
+The
+.B \-d
+.I dbname
+option specifies the name under which the principal database is
+stored; by default the database is in DEFAULT_DBM_FILE (normally
+/krb5/principal).
+.PP
+The
+.B \-k
+.I keytype
+option specifies the key type (as an ascii representation of a decimal
+number) of the master key in the database; the default is KEYTYPE_DES.
+.PP
+The
+.B \-M
+.I mkeyname
+option specifies the principal name for the master key in the database;
+the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+.PP
+The
+.B \-e
+.I enctype
+option specifies the encryption type (as an ascii representation of a decimal
+number) used for entries in the database; the default is the default
+encryption type for the master keytype.
+.PP
+The
+.B \-f
+option specifies the file in which the master key should be stored; the
+default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name).
+.SH SEE ALSO
+krb5(3), krb5kdc(8), kdb5_create(8)
+.SH BUGS
+Allows an intruder to gain access to the entire database if the security
+of the KDC system is breached.
+