diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2006-07-18 00:40:19 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2006-07-18 00:40:19 +0000 |
| commit | 42d9d6ab320ee3a661fe21472be542acd542d5be (patch) | |
| tree | ab3049772f6c2cceaf8956cf0a1172e0f6ddc12a /src/kadmin/server | |
| parent | 6eb696bf5669ec60b55927d974b48bbadc62bc66 (diff) | |
| download | krb5-42d9d6ab320ee3a661fe21472be542acd542d5be.tar.gz krb5-42d9d6ab320ee3a661fe21472be542acd542d5be.tar.xz krb5-42d9d6ab320ee3a661fe21472be542acd542d5be.zip | |
Merge remaining changes from LDAP integration branch
svn+ssh://svn.mit.edu/krb5/branches/ldap-integ@18333.
* plugins/kdb/ldap: New directory.
* aclocal.m4 (WITH_LDAP): New macro.
(CONFIG_RULES): Invoke it.
* configure.in: Test ldap option, maybe configure and generate makefiles for
new directories, and set and substitute ldap_plugin_dir.
* Makefile.in (SUBDIRS): Add @ldap_plugin_dir@.
* kdc/krb5kdc.M, kadmin/server/kadmind.M, kadmin/cli/kadmin.M,
config-files/krb5.conf.M: Document LDAP changes (new options, config file
entries, etc).
* lib/kdb/kdb5.c (kdb_load_library): Put more info in error message.
* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED,
KADM5_CONFIG_PASSWD_SERVER): New macros, disabled for now.
(struct _kadm5_config_params): New field kpasswd_server, commented out for now.
* lib/krb5/error_tables/kdb5_err.et: Add error codes KRB5_KDB_ACCESS_ERROR,
KRB5_KDB_INTERNAL_ERROR, KRB5_KDB_CONSTRAINT_VIOLATION.
ticket: 2935
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18334 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/server')
| -rw-r--r-- | src/kadmin/server/kadmind.M | 44 | ||||
| -rw-r--r-- | src/kadmin/server/ovsec_kadmd.c | 5 |
2 files changed, 42 insertions, 7 deletions
diff --git a/src/kadmin/server/kadmind.M b/src/kadmin/server/kadmind.M index 3d359be3c..6e4cb5252 100644 --- a/src/kadmin/server/kadmind.M +++ b/src/kadmin/server/kadmind.M @@ -3,12 +3,13 @@ kadmind \- KADM5 administration server .SH SYNOPSIS .B kadmind -[\fB-r\fP \fIrealm\fP] [\fB\-m\fP] [\fB\-nofork\fP] [\fB\-port\fP +[\fB\-x\fP \fIdb_args\fP] [\fB-r\fP \fIrealm\fP] [\fB\-m\fP] [\fB\-nofork\fP] [\fB\-port\fP \fIport-number\fP] .SH DESCRIPTION -This command starts the KADM5 administration server. The administration -server runs on the master Kerberos server, which stores the KDC -principal database and the KADM5 policy database. +This command starts the KADM5 administration server. If the database is db2, +the administration server runs on the master Kerberos server, which stores the KDC +prinicpal database and the KADM5 policy database. If the database is LDAP, +the administration server and the KDC server need not run on the same machine. .B Kadmind accepts remote requests to administer the information in these databases. Remote requests are sent, for example, by @@ -54,6 +55,34 @@ section below. After the server begins running, it puts itself in the background and disassociates itself from its controlling terminal. .SH OPTIONS +.TP +\fB\-x\fP \fIdb_args\fP +specifies the database specific arguments. + +Options supported for LDAP database are: +.sp +.nf +.RS 12 +\-x nconns=<number_of_connections> +specifies the number of connections to be maintained per LDAP server. + +\-x port=<port_number> +specifies the secure port number where the LDAP server is listening. + +\-x host=<hostname> +specifies the host on which the LDAP server is running. +The <hostname> should be the same as the host name set in the LDAP server certificate. + +\-x binddn=<binddn> +specifies the DN of the object used by the administration server to bind to the LDAP server. +This object should have the read rights on the realm container and write rights on the subtree +that is referenced by the realm. + +\-x bindpwd=<bind_password> +specifies the password for the above mentioned binddn. It is recommended not to use this option. +Instead, the password can be stashed using the stashsrvpw command of kdb5_ldap_util. +.RE +.fi .TP \fB\-r\fP \fIrealm\fP specifies the default realm that kadmind will serve; if it is not @@ -226,6 +255,9 @@ will exit with an error if this file does .I not exist. .TP +.B Note: +The above three files are specific to db2 database. +.TP kadm5.acl file containing list of principals and their .B kadmin @@ -240,4 +272,6 @@ kadm5.dict file containing dictionary of strings explicitly disallowed as passwords. .SH SEE ALSO -kpasswd(1), kadmin(8), kdb5_util(8), kadm5_export(8), kadm5_import(8) +kpasswd(1), kadmin(8), kdb5_util(8), kadm5_export(8), kadm5_import(8), +kdb5_ldap_util(8) + diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 6ebe3ee76..1efdf078b 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -318,7 +318,7 @@ int main(int argc, char *argv[]) &global_server_handle)) != KADM5_OK) { const char *e_txt = krb5_get_error_message (context, ret); krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", - e_txt); + e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", whoami, e_txt); krb5_klog_close(context); @@ -847,6 +847,7 @@ void reset_db(void) { #ifdef notdef kadm5_ret_t ret; + char *errmsg; if (ret = kadm5_flush(global_server_handle)) { krb5_klog_syslog(LOG_ERR, "FATAL ERROR! %s while flushing databases. " @@ -1164,7 +1165,7 @@ void do_schpw(int s1, kadm5_config_params *params) interoperate if the client is single-homed. */ if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - char *errmsg = krb5_get_error_message (context, errno); + const char *errmsg = krb5_get_error_message (context, errno); krb5_klog_syslog(LOG_ERR, "cannot create connecting socket: %s", errmsg); fprintf(stderr, "Cannot create connecting socket: %s", |