diff options
Diffstat (limited to 'doc/admin/admin_commands')
-rw-r--r-- | doc/admin/admin_commands/kadmin_local.rst | 44 | ||||
-rw-r--r-- | doc/admin/admin_commands/kdb5_ldap_util.rst | 44 | ||||
-rw-r--r-- | doc/admin/admin_commands/kpropd.rst | 4 | ||||
-rw-r--r-- | doc/admin/admin_commands/kproplog.rst | 4 | ||||
-rw-r--r-- | doc/admin/admin_commands/krb5kdc.rst | 4 | ||||
-rw-r--r-- | doc/admin/admin_commands/sserver.rst | 36 |
6 files changed, 35 insertions, 101 deletions
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst index 1a4c896eb..e7e2d5a9c 100644 --- a/doc/admin/admin_commands/kadmin_local.rst +++ b/doc/admin/admin_commands/kadmin_local.rst @@ -350,9 +350,7 @@ Options: - *dn* and *containerdn* should be within the subtrees or principal container configured in the realm. -Example: - - :: +Example:: kadmin: addprinc jennifer WARNING: no policy specified for "jennifer@ATHENA.MIT.EDU"; @@ -457,9 +455,7 @@ The following options are available: Keeps the existing keys in the database. This flag is usually not necessary except perhaps for ``krbtgt`` principals. -Example: - - :: +Example:: kadmin: cpw systest Enter password for principal systest@BLEEP.COM: @@ -501,9 +497,7 @@ running the the program to be the same as the one being listed. Alias: **getprinc** -Examples: - - :: +Examples:: kadmin: getprinc tlyu/admin Principal: tlyu/admin@BLEEP.COM @@ -549,9 +543,7 @@ This command requires the **list** privilege. Alias: **listprincs**, **get_principals**, **get_princs** -Example: - - :: +Example:: kadmin: listprincs test* test3@SECURE-TEST.OV.COM @@ -604,9 +596,7 @@ This command requires the **modify** privilege. Alias: **setstr** -Example: - - :: +Example:: set_string host/foo.mit.edu session_enctypes aes128-cts set_string user@FOO.COM otp [{"type":"hotp","username":"custom"}] @@ -697,9 +687,7 @@ The following options are available: with commas (',') only. To clear the allowed key/salt policy use a value of '-'. -Example: - - :: +Example:: kadmin: add_policy -maxlife "2 days" -minlength 5 guests kadmin: @@ -737,9 +725,7 @@ This command requires the **delete** privilege. Alias: **delpol** -Example: - - :: +Example:: kadmin: del_policy guests Are you sure you want to delete the policy "guests"? @@ -763,9 +749,7 @@ This command requires the **inquire** privilege. Alias: getpol -Examples: - - :: +Examples:: kadmin: get_policy admin Policy: admin @@ -803,9 +787,7 @@ This command requires the **list** privilege. Aliases: **listpols**, **get_policies**, **getpols**. -Examples: - - :: +Examples:: kadmin: listpols test-pol @@ -859,9 +841,7 @@ An entry for each of the principal's unique encryption types is added, ignoring multiple keys with the same encryption type but different salt types. -Example: - - :: +Example:: kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, @@ -896,9 +876,7 @@ The options are: **-q** Display less verbose information. -Example: - - :: +Example:: kadmin: ktremove kadmin/admin all Entry for principal kadmin/admin with kvno 3 removed from keytab diff --git a/doc/admin/admin_commands/kdb5_ldap_util.rst b/doc/admin/admin_commands/kdb5_ldap_util.rst index e5c037db4..4516e048e 100644 --- a/doc/admin/admin_commands/kdb5_ldap_util.rst +++ b/doc/admin/admin_commands/kdb5_ldap_util.rst @@ -122,9 +122,7 @@ Creates realm in directory. Options: documented in the description of the **add_principal** command in :ref:`kadmin(1)`. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create -subtrees o=org -sscope SUB -r ATHENA.MIT.EDU @@ -183,9 +181,7 @@ Modifies the attributes of a realm. Options: documented in the description of the **add_principal** command in :ref:`kadmin(1)`. -Example: - - :: +Example:: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify +requires_preauth -r @@ -207,9 +203,7 @@ Displays the attributes of a realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view -r ATHENA.MIT.EDU @@ -239,9 +233,7 @@ Destroys an existing realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -Example: - - :: +Example:: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy -r ATHENA.MIT.EDU @@ -262,9 +254,7 @@ list Lists the name of realms. -Example: - - :: +Example:: shell% kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list @@ -297,9 +287,7 @@ to the LDAP server. Options: Specifies Distinguished Name (DN) of the service object whose password is to be stored in file. -Example: - - :: +Example:: kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org @@ -342,9 +330,7 @@ Creates a ticket policy in the directory. Options: *policy_name* Specifies the name of the ticket policy. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" @@ -369,9 +355,7 @@ modify_policy Modifies the attributes of a ticket policy. Options are same as for **create_policy**. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU @@ -395,9 +379,7 @@ Displays the attributes of a ticket policy. Options: *policy_name* Specifies the name of the ticket policy. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy @@ -431,9 +413,7 @@ Destroys an existing ticket policy. Options: *policy_name* Specifies the name of the ticket policy. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy @@ -458,9 +438,7 @@ realm. Options: **-r** *realm* Specifies the Kerberos realm of the database. -Example: - - :: +Example:: kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU diff --git a/doc/admin/admin_commands/kpropd.rst b/doc/admin/admin_commands/kpropd.rst index 43b6db762..465d4f52e 100644 --- a/doc/admin/admin_commands/kpropd.rst +++ b/doc/admin/admin_commands/kpropd.rst @@ -34,9 +34,7 @@ file, the slave Kerberos server will have an up-to-date KDC database. Where incremental propagation is not used, kpropd is commonly invoked out of inetd(8) as a nowait service. This is done by adding a line to -the ``/etc/inetd.conf`` file which looks like this: - - :: +the ``/etc/inetd.conf`` file which looks like this:: kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd diff --git a/doc/admin/admin_commands/kproplog.rst b/doc/admin/admin_commands/kproplog.rst index c7a0ea417..ed906398d 100644 --- a/doc/admin/admin_commands/kproplog.rst +++ b/doc/admin/admin_commands/kproplog.rst @@ -53,9 +53,7 @@ OPTIONS **-v** Display individual attributes per update. An example of the - output generated for one entry: - - :: + output generated for one entry:: Update Entry Update serial # : 4 diff --git a/doc/admin/admin_commands/krb5kdc.rst b/doc/admin/admin_commands/krb5kdc.rst index 89919f568..711159b68 100644 --- a/doc/admin/admin_commands/krb5kdc.rst +++ b/doc/admin/admin_commands/krb5kdc.rst @@ -94,9 +94,7 @@ The realms are listed on the command line. Per-realm options that can be specified on the command line pertain for each realm that follows it and are superseded by subsequent definitions of the same option. -For example: - - :: +For example:: krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 diff --git a/doc/admin/admin_commands/sserver.rst b/doc/admin/admin_commands/sserver.rst index 61826dfaf..b4e464466 100644 --- a/doc/admin/admin_commands/sserver.rst +++ b/doc/admin/admin_commands/sserver.rst @@ -30,17 +30,13 @@ installed as |keytab|. The **-S** option allows for a different keytab than the default. sserver is normally invoked out of inetd(8), using a line in -``/etc/inetd.conf`` that looks like this: - - :: +``/etc/inetd.conf`` that looks like this:: sample stream tcp nowait root /usr/local/sbin/sserver sserver Since ``sample`` is normally not a port defined in ``/etc/services``, you will usually have to add a line to ``/etc/services`` which looks -like this: - - :: +like this:: sample 13135/tcp @@ -52,9 +48,7 @@ connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files. -When you run sclient you should see something like this: - - :: +When you run sclient you should see something like this:: sendauth succeeded, reply is: reply len 32, contents: @@ -64,49 +58,39 @@ When you run sclient you should see something like this: COMMON ERROR MESSAGES --------------------- -1) kinit returns the error: - - :: +1) kinit returns the error:: kinit: Client not found in Kerberos database while getting - initial credentials + initial credentials This means that you didn't create an entry for your username in the Kerberos database. -2) sclient returns the error: - - :: +2) sclient returns the error:: unknown service sample/tcp; check /etc/services This means that you don't have an entry in /etc/services for the sample tcp port. -3) sclient returns the error: - - :: +3) sclient returns the error:: connect: Connection refused This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf. -4) sclient returns the error: - - :: +4) sclient returns the error:: sclient: Server not found in Kerberos database while using - sendauth + sendauth This means that the ``sample/hostname@LOCAL.REALM`` service was not defined in the Kerberos database; it should be created using :ref:`kadmin(1)`, and a keytab file needs to be generated to make the key for that service principal available for sclient. -5) sclient returns the error: - - :: +5) sclient returns the error:: sendauth rejected, error reply is: "No such file or directory" |