2001-09-17 16:32:33 +04:00
|
|
|
.\" $Id: kpasswdd.8,v 1.4 2001/09/17 12:32:36 assar Exp $
|
2000-06-16 22:31:35 +04:00
|
|
|
.\"
|
|
|
|
.Dd April 19, 1999
|
|
|
|
.Dt KPASSWDD 8
|
2001-06-05 14:13:54 +04:00
|
|
|
.Os
|
2000-06-16 22:31:35 +04:00
|
|
|
.Sh NAME
|
|
|
|
.Nm kpasswdd
|
2001-06-20 02:39:52 +04:00
|
|
|
.Nd Kerberos 5 password changing server
|
2000-06-16 22:31:35 +04:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm
|
|
|
|
.Op Fl -check-library= Ns Ar library
|
|
|
|
.Op Fl -check-function= Ns Ar function
|
2001-02-11 16:51:06 +03:00
|
|
|
.Oo Fl k Ar kspec \*(Ba Xo
|
2001-06-20 02:39:52 +04:00
|
|
|
.Fl -keytab= Ns Ar kspec
|
2001-02-11 16:51:06 +03:00
|
|
|
.Xc
|
2001-06-20 02:39:52 +04:00
|
|
|
.Oc
|
2001-02-11 16:51:06 +03:00
|
|
|
.Oo Fl r Ar realm \*(Ba Xo
|
2001-06-20 02:39:52 +04:00
|
|
|
.Fl -realm= Ns Ar realm
|
2001-02-11 16:51:06 +03:00
|
|
|
.Xc
|
2001-06-20 02:39:52 +04:00
|
|
|
.Oc
|
2001-02-11 16:51:06 +03:00
|
|
|
.Oo Fl p Ar string \*(Ba Xo
|
2001-06-20 02:39:52 +04:00
|
|
|
.Fl -port= Ns Ar string
|
2001-02-11 16:51:06 +03:00
|
|
|
.Xc
|
2001-06-20 02:39:52 +04:00
|
|
|
.Oc
|
2001-02-11 16:51:06 +03:00
|
|
|
.Op Fl -version
|
|
|
|
.Op Fl -help
|
2000-06-16 22:31:35 +04:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm
|
|
|
|
serves request for password changes. It listens on UDP port 464
|
|
|
|
(service kpasswd) and processes requests when they arrive. It changes
|
|
|
|
the database directly and should thus only run on the master KDC.
|
|
|
|
.Pp
|
|
|
|
Supported options:
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Xo
|
|
|
|
.Fl -check-library= Ns Ar library
|
|
|
|
.Xc
|
|
|
|
If your system has support for dynamic loading of shared libraries,
|
|
|
|
you can use an external function to check password quality. This
|
|
|
|
option specifies which library to load.
|
|
|
|
.It Xo
|
|
|
|
.Fl -check-function= Ns Ar function
|
|
|
|
.Xc
|
|
|
|
This is the function to call in the loaded library. The function
|
|
|
|
should look like this:
|
|
|
|
.Pp
|
|
|
|
.Ft const char *
|
|
|
|
.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
|
|
|
|
.Pp
|
|
|
|
.Fa context
|
|
|
|
is an initialized context;
|
|
|
|
.Fa principal
|
|
|
|
is the one who tries to change passwords, and
|
|
|
|
.Fa password
|
|
|
|
is the new password. Note that the password (in
|
|
|
|
.Fa password->data )
|
|
|
|
is not zero terminated.
|
2001-02-11 16:51:06 +03:00
|
|
|
.It Xo
|
|
|
|
.Fl k Ar kspec Ns ,
|
|
|
|
.Fl -keytab= Ns Ar kspec
|
|
|
|
.Xc
|
|
|
|
keytab to get authentication key from
|
|
|
|
.It Xo
|
|
|
|
.Fl r Ar realm Ns ,
|
|
|
|
.Fl -realm= Ns Ar realm
|
|
|
|
.Xc
|
|
|
|
default realm
|
|
|
|
.It Xo
|
|
|
|
.Fl p Ar string Ns ,
|
|
|
|
.Fl -port= Ns Ar string
|
|
|
|
.Xc
|
|
|
|
port to listen on (default service kpasswd - 464).
|
2000-06-16 22:31:35 +04:00
|
|
|
.El
|
|
|
|
.Sh DIAGNOSTICS
|
|
|
|
If an error occurs, the error message is returned to the user and/or
|
|
|
|
logged to syslog.
|
|
|
|
.Sh BUGS
|
|
|
|
The default password quality checks are too basic.
|
|
|
|
.Sh SEE ALSO
|
2001-09-17 16:32:33 +04:00
|
|
|
.Xr kpasswd 1 ,
|
|
|
|
.Xr kdc 8
|
2000-06-16 22:31:35 +04:00
|
|
|
.\".Sh ENVIRONMENT
|
|
|
|
.\".Sh FILES
|
|
|
|
.\".Sh EXAMPLES
|
|
|
|
.\".Sh SEE ALSO
|
|
|
|
.\".Sh STANDARDS
|
|
|
|
.\".Sh HISTORY
|
|
|
|
.\".Sh AUTHORS
|