diff options
| author | Ezra Peisach <epeisach@mit.edu> | 1998-01-28 13:57:52 +0000 |
|---|---|---|
| committer | Ezra Peisach <epeisach@mit.edu> | 1998-01-28 13:57:52 +0000 |
| commit | ff457a5412935d90f216f25695dcb619182f5561 (patch) | |
| tree | 70d91d3391a7c03bdf57d7f75bfd6b142a83603e /src | |
| parent | 16d6a1ed0a601af0330d50e8d1eff23db37fc146 (diff) | |
* krb5kdc.M: Document V4 mode handling [krb5-kdc/464].
Also removed references to kdb5_create and kdb5_stash
replacing with kdb5_util.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10382 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/ChangeLog | 4 | ||||
| -rw-r--r-- | src/kdc/krb5kdc.M | 35 |
2 files changed, 25 insertions, 14 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index cbe18def8..bd26229ea 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,7 @@ +Wed Jan 28 08:56:07 1998 Ezra Peisach <epeisach@mit.edu> + + * krb5kdc.M: Document V4 mode handling [krb5-kdc/464]. + Wed Jan 21 15:15:58 1998 Ezra Peisach <epeisach@mit.edu> * rtest.c (main): returns int, not void. ANSI X3.159-1989 diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M index 5d6caaa48..5402f5d29 100644 --- a/src/kdc/krb5kdc.M +++ b/src/kdc/krb5kdc.M @@ -36,13 +36,13 @@ krb5kdc \- Kerberos V5 KDC .B \-p .I portnum ] [ -.B \-s -.I portnum -] [ .B \-m ] [ .B \-r .I realm +] [ +.B \-4 +.I v4mode ] .br .SH DESCRIPTION @@ -87,20 +87,27 @@ If no value is available, then the value in /etc/services for service "kerberos" is used. .PP The -.B \-s -.I portnum -option specifies the default UDP port number which the KDC should listen on for -Kerberos version 4 requests. This value is used when no port is specified in -the kdc profile and when no port is specified in the Kerberos configuration -file. -If no value is available, then the value in /etc/services for service -"kerberos-sec" is used. -.PP -The .B \-m option specifies that the master database password should be fetched from the keyboard rather than from a file on disk. .PP +The +.B \-4 +option specifies how the KDC responds to kerberos IV requests for +tickets. The command line option overrides the value in the KDC +profile. The possible values are +.I none, +.I disable, +.I full +or +.I nopreauth. +These instruct the KDC to not respond to V4 packets, to +respond with a version skew error, to issue tickets for all database +entries, and to issue tickets for all but preauthentication required +database entries respectively. The default behaviour is as if +.I nopreauth +was specified. +.PP The KDC may service requests for multiple realms (maximum 32 realms). The realms are listed on the command line. Per-realm options that can be specified on the command line pertain for each realm that follows it and are @@ -128,7 +135,7 @@ options specified on the command line. See the .I kdc.conf(5) description for further details. .SH SEE ALSO -krb5(3), kdb5_create(8), kdb5_stash(8), kdc.conf(5) +krb5(3), kdb5_util(8), kdc.conf(5) .SH BUGS It should fork and go into the background when it finishes reading the |