1.\"	$NetBSD: kpasswdd.8,v 1.3 2014/04/24 13:45:34 pettai Exp $
2.\"
3.\" Copyright (c) 1997, 2000 - 2005 Kungliga Tekniska Högskolan
4.\" (Royal Institute of Technology, Stockholm, Sweden).
5.\" All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\"
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\"
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" 3. Neither the name of the Institute nor the names of its contributors
19.\"    may be used to endorse or promote products derived from this software
20.\"    without specific prior written permission.
21.\"
22.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32.\" SUCH DAMAGE.
33.\"
34.Dd April 19, 1999
35.Dt KPASSWDD 8
36.Os
37.Sh NAME
38.Nm kpasswdd
39.Nd Kerberos 5 password changing server
40.Sh SYNOPSIS
41.Nm
42.Bk -words
43.Op Fl Fl addresses= Ns Ar address
44.Op Fl Fl check-library= Ns Ar library
45.Op Fl Fl check-function= Ns Ar function
46.Oo Fl k Ar kspec \*(Ba Xo
47.Fl Fl keytab= Ns Ar kspec
48.Xc
49.Oc
50.Oo Fl r Ar realm \*(Ba Xo
51.Fl Fl realm= Ns Ar realm
52.Xc
53.Oc
54.Oo Fl p Ar string \*(Ba Xo
55.Fl Fl port= Ns Ar string
56.Xc
57.Oc
58.Op Fl Fl version
59.Op Fl Fl help
60.Ek
61.Sh DESCRIPTION
62.Nm
63serves request for password changes. It listens on UDP port 464
64(service kpasswd) and processes requests when they arrive. It changes
65the database directly and should thus only run on the master KDC.
66.Pp
67Supported options:
68.Bl -tag -width Ds
69.It Fl Fl addresses= Ns Ar address
70For each till the argument is given, add the address to what kpasswdd
71should listen too.
72.It Fl Fl check-library= Ns Ar library
73If your system has support for dynamic loading of shared libraries,
74you can use an external function to check password quality. This
75option specifies which library to load.
76.It Fl Fl check-function= Ns Ar function
77This is the function to call in the loaded library. The function
78should look like this:
79.Pp
80.Ft const char *
81.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
82.Pp
83.Fa context
84is an initialized context;
85.Fa principal
86is the one who tries to change passwords, and
87.Fa password
88is the new password. Note that the password (in
89.Fa password->data )
90is not zero terminated.
91.It Fl k Ar kspec , Fl Fl keytab= Ns Ar kspec
92Keytab to get authentication key from.
93.It Fl r Ar realm , Fl Fl realm= Ns Ar realm
94Default realm.
95.It Fl p Ar string , Fl Fl port= Ns Ar string
96Port to listen on (default service kpasswd - 464).
97.El
98.Sh DIAGNOSTICS
99If an error occurs, the error message is returned to the user and/or
100logged to syslog.
101.Sh BUGS
102The default password quality checks are too basic.
103.Sh SEE ALSO
104.Xr kpasswd 1 ,
105.Xr kdc 8
106.\".Sh ENVIRONMENT
107.\".Sh FILES
108.\".Sh EXAMPLES
109.\".Sh SEE ALSO
110.\".Sh STANDARDS
111.\".Sh HISTORY
112.\".Sh AUTHORS
113