1.\" $NetBSD: kpasswdd.8,v 1.3 2014/04/24 13:45:34 pettai Exp $ 2.\" 3.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan 4.\" (Royal Institute of Technology, Stockholm, Sweden). 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" 3. Neither the name of the Institute nor the names of its contributors 19.\" may be used to endorse or promote products derived from this software 20.\" without specific prior written permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.Dd April 19, 1999 35.Dt KPASSWDD 8 36.Os 37.Sh NAME 38.Nm kpasswdd 39.Nd Kerberos 5 password changing server 40.Sh SYNOPSIS 41.Nm 42.Bk -words 43.Op Fl Fl addresses= Ns Ar address 44.Op Fl Fl check-library= Ns Ar library 45.Op Fl Fl check-function= Ns Ar function 46.Oo Fl k Ar kspec \*(Ba Xo 47.Fl Fl keytab= Ns Ar kspec 48.Xc 49.Oc 50.Oo Fl r Ar realm \*(Ba Xo 51.Fl Fl realm= Ns Ar realm 52.Xc 53.Oc 54.Oo Fl p Ar string \*(Ba Xo 55.Fl Fl port= Ns Ar string 56.Xc 57.Oc 58.Op Fl Fl version 59.Op Fl Fl help 60.Ek 61.Sh DESCRIPTION 62.Nm 63serves request for password changes. It listens on UDP port 464 64(service kpasswd) and processes requests when they arrive. It changes 65the database directly and should thus only run on the master KDC. 66.Pp 67Supported options: 68.Bl -tag -width Ds 69.It Fl Fl addresses= Ns Ar address 70For each till the argument is given, add the address to what kpasswdd 71should listen too. 72.It Fl Fl check-library= Ns Ar library 73If your system has support for dynamic loading of shared libraries, 74you can use an external function to check password quality. This 75option specifies which library to load. 76.It Fl Fl check-function= Ns Ar function 77This is the function to call in the loaded library. The function 78should look like this: 79.Pp 80.Ft const char * 81.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password" 82.Pp 83.Fa context 84is an initialized context; 85.Fa principal 86is the one who tries to change passwords, and 87.Fa password 88is the new password. Note that the password (in 89.Fa password->data ) 90is not zero terminated. 91.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec 92Keytab to get authentication key from. 93.It Fl r Ar realm , Fl Fl realm= Ns Ar realm 94Default realm. 95.It Fl p Ar string , Fl Fl port= Ns Ar string 96Port to listen on (default service kpasswd - 464). 97.El 98.Sh DIAGNOSTICS 99If an error occurs, the error message is returned to the user and/or 100logged to syslog. 101.Sh BUGS 102The default password quality checks are too basic. 103.Sh SEE ALSO 104.Xr kpasswd 1 , 105.Xr kdc 8 106.\".Sh ENVIRONMENT 107.\".Sh FILES 108.\".Sh EXAMPLES 109.\".Sh SEE ALSO 110.\".Sh STANDARDS 111.\".Sh HISTORY 112.\".Sh AUTHORS 113