-
Notifications
You must be signed in to change notification settings - Fork 2
/
krb525d.8
99 lines (97 loc) · 2.31 KB
/
krb525d.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
.\"
.\" krb525d man page
.\"
.\" $Id: krb525d.8,v 1.1.1.1 2009/11/13 09:13:02 kouril Exp $
.\"
.TH KRB525D 8
.SH NAME
krb525d \- Kerberos V5 Ticket translater daemon
.SH SYNOPSIS
.B krb525d
[
.B \-c
.I config_file
] [
.B \-d
] [
.B \-k
] [
.B \-p
.I port
] [
.B \-s
.I service_name
] [
.B \-t
.I keytab_name
] [
.B \-T
.I timeout
] [
.B \-V
]
.br
.SH DESCRIPTION
.I krb525d
is the daemon that works with the krb525(1) program to convert
client and/or serice principals in Kerberos 5 tickets. It receive the
encrypted ticket from the krb525 client along with the names of the
target client and services principals. It checks the conversion
against the authorization information supplied in it's configuration
file, krb525.conf, and if permissable, decrypts the ticket, changes the
client and/or service names, re-encrypts the ticket and sends it back
to the client.
.PP
Normally, krb525d is invoked out of inetd(8).
This is done by adding a line to the inetd.conf file which looks like
this:
krb525d stream tcp nowait root /krb5/sbin/krb525d krb525d
.SH OPTIONS
.TP
\fB\-c\fP \fIconfig_file\fP
specifies the location of the krb525.conf(5) file to use. Normally it
is in the etc directory of the Kerberos 5 installation tree (e.g.
.BR /krb5/etc/krb525.conf ).
.TP
.B \-d
specifies that the
.I krb525d
daemon should get all the needed service keys from the Kerberos 5
database. The code to read the database must be included at compile
time, in which case this is the default.
.TP
.B \-k
specifies that the
.I krb525d
daemon should get all the needed services keys from the keytab
file. This is the default if the database reading code was not
included at compile time.
.TP
\fB\-s\fP \fIservice_name\fP
specifies the name of the service principal that the
.Ikrb525d
daemon expects to be used by the client to authenticate to it. By
default this will be
.BR krb525/<hostname> ,
where
.B <hostname>
is the name of the host that
.I krb525d
is running on. Note that krb525d will always get this key from the
local keytab file.
.TP
\fB\-t\fP \fIkeytab_name\fP
specifies the name of the keytab file to be used by
.IR krb525d .
.TP
\fB\-T\fP \fItimeout\fP
specifies the TCP connection timeout in seconds. Must be greater or equal 0.
.TP
.B \-V
specifies that
.I krb525d
should print it's version number to standard output and exit.
.PP
.SH SEE ALSO
krb525(1)
krb525d(8)