diff options
author | John Kohl <jtkohl@mit.edu> | 1990-05-29 16:47:11 +0000 |
---|---|---|
committer | John Kohl <jtkohl@mit.edu> | 1990-05-29 16:47:11 +0000 |
commit | ad891c396d30628b7eb893f24ba4984c0363d685 (patch) | |
tree | 57e011f7a2ac069fc048ccc40f6002f57e9f8ff3 /src/admin | |
parent | 85904bdecd2cef74ead65157dbfc0e3a94d6d7fc (diff) | |
download | krb5-ad891c396d30628b7eb893f24ba4984c0363d685.tar.gz krb5-ad891c396d30628b7eb893f24ba4984c0363d685.tar.xz krb5-ad891c396d30628b7eb893f24ba4984c0363d685.zip |
*** empty log message ***
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@958 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/admin')
-rw-r--r-- | src/admin/aname/kdb5_anadd.M | 55 | ||||
-rw-r--r-- | src/admin/create/kdb5_create.M | 75 | ||||
-rw-r--r-- | src/admin/destroy/kdb5_destroy.M | 31 | ||||
-rw-r--r-- | src/admin/edit/kdb5_edit.M | 84 | ||||
-rw-r--r-- | src/admin/stash/kdb5_stash.M | 86 |
5 files changed, 331 insertions, 0 deletions
diff --git a/src/admin/aname/kdb5_anadd.M b/src/admin/aname/kdb5_anadd.M new file mode 100644 index 000000000..fe9ceb080 --- /dev/null +++ b/src/admin/aname/kdb5_anadd.M @@ -0,0 +1,55 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" <krb5/copyright.h>. +.\" +.TH KDB5_ANADD 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_anadd \- manipulate aname/lname translation database +.SH SYNOPSIS +.B kdb5_anadd +[ +.B \-a +] [ +.B \-n +.I dbname +] pname lname +.br +.B kdb5_anadd \-d +[ +.B \-n +.I dbname +] pname +.br +.SH DESCRIPTION +.I kdb5_anadd +is a primitive tool for manipulating the authentication name (aname) to +local name (lname) translation database. +.PP +The first use described above is for entering new translations or +changing existing translations from anames to lnames. +After execution, the function +.IR krb5_aname_to_localname (3) +with its first argument passed as a principal with text representation of +.I pname +will fill in +.I lname +as the translation. +.PP +The second use described above is for deleting translations from the +database; after execution the principal named by +.I pname +will not translate to any local name. +.PP +For both uses, the +.B \-n +.I dbname +option specifies the name of the database which holds the translation; +the default database is DEFAULT_LNAME_FILENAME (usually /krb5/aname). +.SH SEE ALSO +krb5(3) +.SH BUGS +The mapping is many-to-one, not many-to-many. diff --git a/src/admin/create/kdb5_create.M b/src/admin/create/kdb5_create.M new file mode 100644 index 000000000..2e6c069da --- /dev/null +++ b/src/admin/create/kdb5_create.M @@ -0,0 +1,75 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" <krb5/copyright.h>. +.\" +.TH KDB5_CREATE 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_create \- create a new Kerberos V5 principal database +.SH SYNOPSIS +.B kdb5_create +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] +.br +.SH DESCRIPTION +.I kdb5_create +is used to create a Kerberos version 5 principal database. +The user is prompted for the master password, which will be used to +generate an encryption key under which all entries are stored (in order +to provide some security against database theft). +.PP +The +.B \-r +.I realm +option specifies the realm for which the database should be created; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is to be +created; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) to be used when placing entries in +the database; the default is the default encryption type for the master +keytype. +.SH SEE ALSO +krb5(3), krb5kdc(8) +.SH BUGS +Doesn't have flexibility about expiration times. diff --git a/src/admin/destroy/kdb5_destroy.M b/src/admin/destroy/kdb5_destroy.M new file mode 100644 index 000000000..20f557a8a --- /dev/null +++ b/src/admin/destroy/kdb5_destroy.M @@ -0,0 +1,31 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" <krb5/copyright.h>. +.\" +.TH KDB5_DESTROY 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_destroy \- destroy a Kerberos principal database +.SH SYNOPSIS +.B kdb5_destroy +[ +.B \-d +.I dbname +] +.br +.SH DESCRIPTION +.I kdb5_destroy +destroys a Kerberos principal database. +The user is prompted to confirm deletion of the database. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is +stored; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.SH SEE ALSO +kdb5_create(8) diff --git a/src/admin/edit/kdb5_edit.M b/src/admin/edit/kdb5_edit.M new file mode 100644 index 000000000..c3d0fbfd4 --- /dev/null +++ b/src/admin/edit/kdb5_edit.M @@ -0,0 +1,84 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" <krb5/copyright.h>. +.\" +.TH KDB5_EDIT 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_edit \- edit a Kerberos V5 principal database +.SH SYNOPSIS +.B kdb5_edit +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] [ +.B \-m +] +.br +.SH DESCRIPTION +.I kdb5_edit +allows an administrator to add, delete, and edit entries in a Kerberos +version 5 principal database. +After the master key is verified, the administrator is placed into a +shell-like command loop, from which he may issue commands to modify the +database. '?' lists the commands available; 'exit' or 'quit' exits the +program. +.PP +The +.B \-r +.I realm +option specifies the realm for which the database should be created; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is to be +created; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) to be used when placing entries in +the database; the default is the default encryption type for the master +keytype. +.PP +The +.B \-m +option specifies that the master database password should be fetched +from the keyboard rather than from a file on disk. +.SH SEE ALSO +krb5(3), krb5kdc(8), ss(3) +.SH BUGS +This man page needs to document the ss commands. diff --git a/src/admin/stash/kdb5_stash.M b/src/admin/stash/kdb5_stash.M new file mode 100644 index 000000000..2add2e204 --- /dev/null +++ b/src/admin/stash/kdb5_stash.M @@ -0,0 +1,86 @@ +.\" $Source$ +.\" $Author$ +.\" $Id$ +.\" Copyright 1990 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, please see the file +.\" <krb5/copyright.h>. +.\" +.TH KDB5_STASH 8 "Kerberos Version 5.0" "MIT Project Athena" +.SH NAME +kdb5_stash \- store a principal database master key on disk +.SH SYNOPSIS +.B kdb5_stash +[ +.B \-r +.I realm +] [ +.B \-d +.I dbname +] [ +.B \-k +.I keytype +] [ +.B \-M +.I mkeyname +] [ +.B \-e +.I enctype +] [ +.B \-f +.I keyfile +] +.br +.SH DESCRIPTION +.I kdb5_stash +stores a Kerberos principal database master key in a file; +this key may subsequently be used for unattended re-start of a Kerberos +V5 KDC. +create a Kerberos version 5 principal database. +The user is prompted for the master password, which will be verified +against the database, and then stored in a file. +.PP +The +.B \-r +.I realm +option specifies the realm for which the database key should be stored; +by default the realm returned by +.IR krb5_default_local_realm (3) +is used. +.PP +The +.B \-d +.I dbname +option specifies the name under which the principal database is +stored; by default the database is in DEFAULT_DBM_FILE (normally +/krb5/principal). +.PP +The +.B \-k +.I keytype +option specifies the key type (as an ascii representation of a decimal +number) of the master key in the database; the default is KEYTYPE_DES. +.PP +The +.B \-M +.I mkeyname +option specifies the principal name for the master key in the database; +the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). +.PP +The +.B \-e +.I enctype +option specifies the encryption type (as an ascii representation of a decimal +number) used for entries in the database; the default is the default +encryption type for the master keytype. +.PP +The +.B \-f +option specifies the file in which the master key should be stored; the +default is DEFAULT_KEYFILE_STUB ("/.k5." concatenated with the realm name). +.SH SEE ALSO +krb5(3), krb5kdc(8), kdb5_create(8) +.SH BUGS +Allows an intruder to gain access to the entire database if the security +of the KDC system is breached. + |