1c19800e8SDoug Rabson.\" Copyright (c) 2002 - 2004 Kungliga Tekniska Högskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 4bbd80c28SJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32c19800e8SDoug Rabson.\" $Id$ 338373020dSJacques Vidrine.\" 34c19800e8SDoug Rabson.Dd December 8, 2004 355e9cd1aeSAssar Westerlund.Dt KADMIND 8 365e9cd1aeSAssar Westerlund.Os HEIMDAL 375e9cd1aeSAssar Westerlund.Sh NAME 385e9cd1aeSAssar Westerlund.Nm kadmind 39bbd80c28SJacques Vidrine.Nd "server for administrative access to Kerberos database" 405e9cd1aeSAssar Westerlund.Sh SYNOPSIS 415e9cd1aeSAssar Westerlund.Nm 42c19800e8SDoug Rabson.Bk -words 435e9cd1aeSAssar Westerlund.Oo Fl c Ar file \*(Ba Xo 44adb0ddaeSAssar Westerlund.Fl Fl config-file= Ns Ar file 455e9cd1aeSAssar Westerlund.Xc 46adb0ddaeSAssar Westerlund.Oc 475e9cd1aeSAssar Westerlund.Oo Fl k Ar file \*(Ba Xo 48adb0ddaeSAssar Westerlund.Fl Fl key-file= Ns Ar file 495e9cd1aeSAssar Westerlund.Xc 50adb0ddaeSAssar Westerlund.Oc 515e9cd1aeSAssar Westerlund.Op Fl Fl keytab= Ns Ar keytab 525e9cd1aeSAssar Westerlund.Oo Fl r Ar realm \*(Ba Xo 53adb0ddaeSAssar Westerlund.Fl Fl realm= Ns Ar realm 545e9cd1aeSAssar Westerlund.Xc 55adb0ddaeSAssar Westerlund.Oc 565e9cd1aeSAssar Westerlund.Op Fl d | Fl Fl debug 575e9cd1aeSAssar Westerlund.Oo Fl p Ar port \*(Ba Xo 58adb0ddaeSAssar Westerlund.Fl Fl ports= Ns Ar port 595e9cd1aeSAssar Westerlund.Xc 60adb0ddaeSAssar Westerlund.Oc 61c19800e8SDoug Rabson.Ek 625e9cd1aeSAssar Westerlund.Sh DESCRIPTION 635e9cd1aeSAssar Westerlund.Nm 645e9cd1aeSAssar Westerlundlistens for requests for changes to the Kerberos database and performs 658373020dSJacques Vidrinethese, subject to permissions. When starting, if stdin is a socket it 668373020dSJacques Vidrineassumes that it has been started by 675e9cd1aeSAssar Westerlund.Xr inetd 8 , 685e9cd1aeSAssar Westerlundotherwise it behaves as a daemon, forking processes for each new 695e9cd1aeSAssar Westerlundconnection. The 705e9cd1aeSAssar Westerlund.Fl Fl debug 715e9cd1aeSAssar Westerlundoption causes 725e9cd1aeSAssar Westerlund.Nm 735e9cd1aeSAssar Westerlundto accept exactly one connection, which is useful for debugging. 7445524cd7SAssar Westerlund.Pp 75c19800e8SDoug RabsonThe 765e9cd1aeSAssar Westerlund.Xr kpasswdd 8 775e9cd1aeSAssar Westerlunddaemon is responsible for the Kerberos 5 password changing protocol 785e9cd1aeSAssar Westerlund(used by 79adb0ddaeSAssar Westerlund.Xr kpasswd 1 ) . 80adb0ddaeSAssar Westerlund.Pp 815e9cd1aeSAssar WesterlundThis daemon should only be run on the master server, and not on any 82bbd80c28SJacques Vidrineslaves. 835e9cd1aeSAssar Westerlund.Pp 845e9cd1aeSAssar WesterlundPrincipals are always allowed to change their own password and list 855e9cd1aeSAssar Westerlundtheir own principal. Apart from that, doing any operation requires 868373020dSJacques Vidrinepermission explicitly added in the ACL file 875e9cd1aeSAssar Westerlund.Pa /var/heimdal/kadmind.acl . 885e9cd1aeSAssar WesterlundThe format of this file is: 895e9cd1aeSAssar Westerlund.Bd -ragged 905e9cd1aeSAssar Westerlund.Va principal 915e9cd1aeSAssar Westerlund.Va rights 925e9cd1aeSAssar Westerlund.Op Va principal-pattern 935e9cd1aeSAssar Westerlund.Ed 945e9cd1aeSAssar Westerlund.Pp 955e9cd1aeSAssar WesterlundWhere rights is any (comma separated) combination of: 968373020dSJacques Vidrine.Bl -bullet -compact 978373020dSJacques Vidrine.It 985e9cd1aeSAssar Westerlundchange-password or cpw 998373020dSJacques Vidrine.It 1005e9cd1aeSAssar Westerlundlist 1015e9cd1aeSAssar Westerlund.It 1025e9cd1aeSAssar Westerlunddelete 1035e9cd1aeSAssar Westerlund.It 1045e9cd1aeSAssar Westerlundmodify 1055e9cd1aeSAssar Westerlund.It 1065e9cd1aeSAssar Westerlundadd 1075e9cd1aeSAssar Westerlund.It 1085e9cd1aeSAssar Westerlundget 1095e9cd1aeSAssar Westerlund.It 1105e9cd1aeSAssar Westerlundall 1115e9cd1aeSAssar Westerlund.El 1125e9cd1aeSAssar Westerlund.Pp 1135e9cd1aeSAssar WesterlundAnd the optional 1145e9cd1aeSAssar Westerlund.Ar principal-pattern 1155e9cd1aeSAssar Westerlundrestricts the rights to operations on principals that match the 1168373020dSJacques Vidrineglob-style pattern. 1178373020dSJacques Vidrine.Pp 1185e9cd1aeSAssar WesterlundSupported options: 1195e9cd1aeSAssar Westerlund.Bl -tag -width Ds 1205e9cd1aeSAssar Westerlund.It Fl c Ar file , Fl Fl config-file= Ns Ar file 1215e9cd1aeSAssar Westerlundlocation of config file 1228373020dSJacques Vidrine.It Fl k Ar file , Fl Fl key-file= Ns Ar file 1235e9cd1aeSAssar Westerlundlocation of master key file 1245e9cd1aeSAssar Westerlund.It Fl Fl keytab= Ns Ar keytab 1255e9cd1aeSAssar Westerlundwhat keytab to use 1265e9cd1aeSAssar Westerlund.It Fl r Ar realm , Fl Fl realm= Ns Ar realm 1278373020dSJacques Vidrinerealm to use 1285e9cd1aeSAssar Westerlund.It Fl d , Fl Fl debug 1295e9cd1aeSAssar Westerlundenable debugging 1305e9cd1aeSAssar Westerlund.It Fl p Ar port , Fl Fl ports= Ns Ar port 1315e9cd1aeSAssar Westerlundports to listen to. By default, if run as a daemon, it listens to port 1325e9cd1aeSAssar Westerlund749, but you can add any number of ports with this option. The port 1335e9cd1aeSAssar Westerlundstring is a whitespace separated list of port specifications, with the 1345e9cd1aeSAssar Westerlundspecial string 1355e9cd1aeSAssar Westerlund.Dq + 1368373020dSJacques Vidrinerepresenting the default port. 1375e9cd1aeSAssar Westerlund.El 1385e9cd1aeSAssar Westerlund.\".Sh ENVIRONMENT 1395e9cd1aeSAssar Westerlund.Sh FILES 1405e9cd1aeSAssar Westerlund.Pa /var/heimdal/kadmind.acl 1418373020dSJacques Vidrine.Sh EXAMPLES 1425e9cd1aeSAssar WesterlundThis will cause 1435e9cd1aeSAssar Westerlund.Nm 1445e9cd1aeSAssar Westerlundto listen to port 4711 in addition to any 1455e9cd1aeSAssar Westerlundcompiled in defaults: 1468373020dSJacques Vidrine.Pp 1475e9cd1aeSAssar Westerlund.D1 Nm Fl Fl ports Ns Li "=\*[q]+ 4711\*[q] &" 1485e9cd1aeSAssar Westerlund.Pp 149c19800e8SDoug RabsonThis acl file will grant Joe all rights, and allow Mallory to view and 150c19800e8SDoug Rabsonadd host principals. 151c19800e8SDoug Rabson.Bd -literal -offset indent 152c19800e8SDoug Rabsonjoe/admin@EXAMPLE.COM all 1535e9cd1aeSAssar Westerlundmallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM 154c19800e8SDoug Rabson.Ed 1555e9cd1aeSAssar Westerlund.\".Sh DIAGNOSTICS 1565e9cd1aeSAssar Westerlund.Sh SEE ALSO 1575e9cd1aeSAssar Westerlund.Xr kpasswd 1 , 1585e9cd1aeSAssar Westerlund.Xr kadmin 8 , 1595e9cd1aeSAssar Westerlund.Xr kdc 8 , 1604137ff4cSJacques Vidrine.Xr kpasswdd 8 1614137ff4cSJacques Vidrine