diff options
author | Jelmer Vernooij <jelmer@jelmer.uk> | 2015-09-28 01:40:38 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@jelmer.uk> | 2015-09-28 01:40:38 +0000 |
commit | fa33ac7a7e965347411ba0dadaa5a4e75c07994e (patch) | |
tree | 9608bef57c336b287761dc446e2ade921db6d308 | |
parent | 87c40ebf6a26652610ef703af4637611ebe7fab1 (diff) |
Drop patch 050_kadmin_to_usr_bin: applied upstream.
-rw-r--r-- | debian/changelog | 1 | ||||
-rw-r--r-- | debian/patches/050_kadmin_to_usr_bin | 1077 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 1 insertions, 1078 deletions
diff --git a/debian/changelog b/debian/changelog index 9e704c783..57e44867d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ heimdal (1.7~git20150920+dfsg-1) UNRELEASED; urgency=medium * Drop patch 044_hdb_ldap_static: applied upstream. * Drop patch 045_hx509_symbol_names: applied upstream. * Drop patch 048_private_libs: applied upstream. + * Drop patch 050_kadmin_to_usr_bin: applied upstream. -- Jelmer Vernooij <jelmer@debian.org> Sun, 20 Sep 2015 15:56:49 +0000 diff --git a/debian/patches/050_kadmin_to_usr_bin b/debian/patches/050_kadmin_to_usr_bin deleted file mode 100644 index 50f05df8b..000000000 --- a/debian/patches/050_kadmin_to_usr_bin +++ /dev/null @@ -1,1077 +0,0 @@ -Subject: [PATCH] Move kadmin and ktutil to /usr/bin. -Author: Jelmer Vernooij <jelmer@samba.org> -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=168170 -Status: merged upstream, 5fd158db474838c3e2fa7e50c2920fdb771c3a51 - ---- - admin/Makefile.am | 4 +- - admin/ktutil.1 | 124 ++++++++++++++++++ - admin/ktutil.8 | 124 ------------------ - kadmin/Makefile.am | 4 +- - kadmin/kadmin.1 | 362 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - kadmin/kadmin.8 | 362 ---------------------------------------------------- - kadmin/kadmind.8 | 2 +- - lib/krb5/kerberos.8 | 4 +- - 8 files changed, 493 insertions(+), 493 deletions(-) - create mode 100644 admin/ktutil.1 - delete mode 100644 admin/ktutil.8 - create mode 100644 kadmin/kadmin.1 - delete mode 100644 kadmin/kadmin.8 - -diff --git a/admin/Makefile.am b/admin/Makefile.am -index 7bb5ef5..21d0157 100644 ---- a/admin/Makefile.am -+++ b/admin/Makefile.am -@@ -4,9 +4,9 @@ include $(top_srcdir)/Makefile.am.common - - AM_CPPFLAGS += $(INCLUDE_readline) $(INCLUDE_hcrypto) - --man_MANS = ktutil.8 -+man_MANS = ktutil.1 - --sbin_PROGRAMS = ktutil -+bin_PROGRAMS = ktutil - - dist_ktutil_SOURCES = \ - add.c \ -diff --git a/admin/ktutil.1 b/admin/ktutil.1 -new file mode 100644 -index 0000000..a905419 ---- /dev/null -+++ b/admin/ktutil.1 -@@ -0,0 +1,124 @@ -+.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan -+.\" (Royal Institute of Technology, Stockholm, Sweden). -+.\" All rights reserved. -+.\" -+.\" Redistribution and use in source and binary forms, with or without -+.\" modification, are permitted provided that the following conditions -+.\" are met: -+.\" -+.\" 1. Redistributions of source code must retain the above copyright -+.\" notice, this list of conditions and the following disclaimer. -+.\" -+.\" 2. Redistributions in binary form must reproduce the above copyright -+.\" notice, this list of conditions and the following disclaimer in the -+.\" documentation and/or other materials provided with the distribution. -+.\" -+.\" 3. Neither the name of the Institute nor the names of its contributors -+.\" may be used to endorse or promote products derived from this software -+.\" without specific prior written permission. -+.\" -+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+.\" SUCH DAMAGE. -+.\" -+.\" $Id$ -+.\" -+.Dd April 14, 2005 -+.Dt KTUTIL 1 -+.Os HEIMDAL -+.Sh NAME -+.Nm ktutil -+.Nd manage Kerberos keytabs -+.Sh SYNOPSIS -+.Nm -+.Oo Fl k Ar keytab \*(Ba Xo -+.Fl Fl keytab= Ns Ar keytab -+.Xc -+.Oc -+.Op Fl v | Fl Fl verbose -+.Op Fl Fl version -+.Op Fl h | Fl Fl help -+.Ar command -+.Op Ar args -+.Sh DESCRIPTION -+.Nm -+is a program for managing keytabs. -+Supported options: -+.Bl -tag -width Ds -+.It Fl v , Fl Fl verbose -+Verbose output. -+.El -+.Pp -+.Ar command -+can be one of the following: -+.Bl -tag -width srvconvert -+.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ -+Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ -+Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ -+Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ -+Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex -+Adds a key to the keytab. Options that are not specified will be -+prompted for. This requires that you know the password or the hex key of the -+principal to add; if what you really want is to add a new principal to -+the keytab, you should consider the -+.Ar get -+command, which talks to the kadmin server. -+.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ -+Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ -+Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port -+Update one or several keys to new versions. By default, use the admin -+server for the realm of a keytab entry. Otherwise it will use the -+values specified by the options. -+.Pp -+If no principals are given, all the ones in the keytab are updated. -+.It copy Ar keytab-src Ar keytab-dest -+Copies all the entries from -+.Ar keytab-src -+to -+.Ar keytab-dest . -+.It get Oo Fl p Ar admin principal Oc \ -+Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ -+Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ -+Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ -+Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ -+Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... -+For each -+.Ar principal , -+generate a new key for it (creating it if it doesn't already exist), -+and put that key in the keytab. -+.Pp -+If no -+.Ar realm -+is specified, the realm to operate on is taken from the first -+principal. -+.It list Oo Fl Fl keys Oc Op Fl Fl timestamp -+List the keys stored in the keytab. -+.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ -+Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ -+Oo Fl Fl enctype= Ns Ar enctype Oc -+Removes the specified key or keys. Not specifying a -+.Ar kvno -+removes keys with any version number. Not specifying an -+.Ar enctype -+removes keys of any type. -+.It rename Ar from-principal Ar to-principal -+Renames all entries in the keytab that match the -+.Ar from-principal -+to -+.Ar to-principal . -+.It purge Op Fl Fl age= Ns Ar age -+Removes all old versions of a key for which there is a newer version -+that is at least -+.Ar age -+(default one week) old. -+.El -+.Sh SEE ALSO -+.Xr kadmin 1 -diff --git a/admin/ktutil.8 b/admin/ktutil.8 -deleted file mode 100644 -index 72a6c81..0000000 ---- a/admin/ktutil.8 -+++ /dev/null -@@ -1,124 +0,0 @@ --.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan --.\" (Royal Institute of Technology, Stockholm, Sweden). --.\" All rights reserved. --.\" --.\" Redistribution and use in source and binary forms, with or without --.\" modification, are permitted provided that the following conditions --.\" are met: --.\" --.\" 1. Redistributions of source code must retain the above copyright --.\" notice, this list of conditions and the following disclaimer. --.\" --.\" 2. Redistributions in binary form must reproduce the above copyright --.\" notice, this list of conditions and the following disclaimer in the --.\" documentation and/or other materials provided with the distribution. --.\" --.\" 3. Neither the name of the Institute nor the names of its contributors --.\" may be used to endorse or promote products derived from this software --.\" without specific prior written permission. --.\" --.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND --.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE --.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE --.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE --.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL --.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS --.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) --.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT --.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY --.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF --.\" SUCH DAMAGE. --.\" --.\" $Id$ --.\" --.Dd April 14, 2005 --.Dt KTUTIL 8 --.Os HEIMDAL --.Sh NAME --.Nm ktutil --.Nd manage Kerberos keytabs --.Sh SYNOPSIS --.Nm --.Oo Fl k Ar keytab \*(Ba Xo --.Fl Fl keytab= Ns Ar keytab --.Xc --.Oc --.Op Fl v | Fl Fl verbose --.Op Fl Fl version --.Op Fl h | Fl Fl help --.Ar command --.Op Ar args --.Sh DESCRIPTION --.Nm --is a program for managing keytabs. --Supported options: --.Bl -tag -width Ds --.It Fl v , Fl Fl verbose --Verbose output. --.El --.Pp --.Ar command --can be one of the following: --.Bl -tag -width srvconvert --.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ --Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ --Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ --Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ --Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex --Adds a key to the keytab. Options that are not specified will be --prompted for. This requires that you know the password or the hex key of the --principal to add; if what you really want is to add a new principal to --the keytab, you should consider the --.Ar get --command, which talks to the kadmin server. --.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ --Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ --Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port --Update one or several keys to new versions. By default, use the admin --server for the realm of a keytab entry. Otherwise it will use the --values specified by the options. --.Pp --If no principals are given, all the ones in the keytab are updated. --.It copy Ar keytab-src Ar keytab-dest --Copies all the entries from --.Ar keytab-src --to --.Ar keytab-dest . --.It get Oo Fl p Ar admin principal Oc \ --Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ --Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ --Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ --Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ --Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... --For each --.Ar principal , --generate a new key for it (creating it if it doesn't already exist), --and put that key in the keytab. --.Pp --If no --.Ar realm --is specified, the realm to operate on is taken from the first --principal. --.It list Oo Fl Fl keys Oc Op Fl Fl timestamp --List the keys stored in the keytab. --.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ --Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ --Oo Fl Fl enctype= Ns Ar enctype Oc --Removes the specified key or keys. Not specifying a --.Ar kvno --removes keys with any version number. Not specifying an --.Ar enctype --removes keys of any type. --.It rename Ar from-principal Ar to-principal --Renames all entries in the keytab that match the --.Ar from-principal --to --.Ar to-principal . --.It purge Op Fl Fl age= Ns Ar age --Removes all old versions of a key for which there is a newer version --that is at least --.Ar age --(default one week) old. --.El --.Sh SEE ALSO --.Xr kadmin 8 -diff --git a/kadmin/Makefile.am b/kadmin/Makefile.am -index 96e4c2f..a26c3cc 100644 ---- a/kadmin/Makefile.am -+++ b/kadmin/Makefile.am -@@ -4,11 +4,11 @@ include $(top_srcdir)/Makefile.am.common - - AM_CPPFLAGS += $(INCLUDE_libintl) $(INCLUDE_readline) $(INCLUDE_hcrypto) -I$(srcdir)/../lib/krb5 -I$(top_builddir)/include/gssapi - --sbin_PROGRAMS = kadmin -+bin_PROGRAMS = kadmin - - libexec_PROGRAMS = kadmind - --man_MANS = kadmin.8 kadmind.8 -+man_MANS = kadmin.1 kadmind.8 - - noinst_PROGRAMS = add_random_users - -diff --git a/kadmin/kadmin.1 b/kadmin/kadmin.1 -new file mode 100644 -index 0000000..ca61f71 ---- /dev/null -+++ b/kadmin/kadmin.1 -@@ -0,0 +1,362 @@ -+.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan -+.\" (Royal Institute of Technology, Stockholm, Sweden). -+.\" All rights reserved. -+.\" -+.\" Redistribution and use in source and binary forms, with or without -+.\" modification, are permitted provided that the following conditions -+.\" are met: -+.\" -+.\" 1. Redistributions of source code must retain the above copyright -+.\" notice, this list of conditions and the following disclaimer. -+.\" -+.\" 2. Redistributions in binary form must reproduce the above copyright -+.\" notice, this list of conditions and the following disclaimer in the -+.\" documentation and/or other materials provided with the distribution. -+.\" -+.\" 3. Neither the name of the Institute nor the names of its contributors -+.\" may be used to endorse or promote products derived from this software -+.\" without specific prior written permission. -+.\" -+.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+.\" SUCH DAMAGE. -+.\" -+.\" $Id$ -+.\" -+.Dd Feb 22, 2007 -+.Dt KADMIN 1 -+.Os HEIMDAL -+.Sh NAME -+.Nm kadmin -+.Nd Kerberos administration utility -+.Sh SYNOPSIS -+.Nm -+.Bk -words -+.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string -+.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string -+.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file -+.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file -+.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm -+.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host -+.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number -+.Op Fl l | Fl Fl local -+.Op Fl h | Fl Fl help -+.Op Fl v | Fl Fl version -+.Op Ar command -+.Ek -+.Sh DESCRIPTION -+The -+.Nm -+program is used to make modifications to the Kerberos database, either remotely via the -+.Xr kadmind 8 -+daemon, or locally (with the -+.Fl l -+option). -+.Pp -+Supported options: -+.Bl -tag -width Ds -+.It Fl p Ar string , Fl Fl principal= Ns Ar string -+principal to authenticate as -+.It Fl K Ar string , Fl Fl keytab= Ns Ar string -+keytab for authentication principal -+.It Fl c Ar file , Fl Fl config-file= Ns Ar file -+location of config file -+.It Fl k Ar file , Fl Fl key-file= Ns Ar file -+location of master key file -+.It Fl r Ar realm , Fl Fl realm= Ns Ar realm -+realm to use -+.It Fl a Ar host , Fl Fl admin-server= Ns Ar host -+server to contact -+.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number -+port to use -+.It Fl l , Fl Fl local -+local admin mode -+.El -+.Pp -+If no -+.Ar command -+is given on the command line, -+.Nm -+will prompt for commands to process. Some of the commands that take -+one or more principals as argument -+.Ns ( Nm delete , -+.Nm ext_keytab , -+.Nm get , -+.Nm modify , -+and -+.Nm passwd ) -+will accept a glob style wildcard, and perform the operation on all -+matching principals. -+.Pp -+Commands include: -+.\" not using a list here, since groff apparently gets confused -+.\" with nested Xo/Xc -+.Pp -+.Nm add -+.Op Fl r | Fl Fl random-key -+.Op Fl Fl random-password -+.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string -+.Op Fl Fl key= Ns Ar string -+.Op Fl Fl max-ticket-life= Ns Ar lifetime -+.Op Fl Fl max-renewable-life= Ns Ar lifetime -+.Op Fl Fl attributes= Ns Ar attributes -+.Op Fl Fl expiration-time= Ns Ar time -+.Op Fl Fl pw-expiration-time= Ns Ar time -+.Op Fl Fl policy= Ns Ar policy-name -+.Ar principal... -+.Bd -ragged -offset indent -+Adds a new principal to the database. The options not passed on the -+command line will be promped for. -+The only policy supported by Heimdal servers is -+.Q1 default . -+.Ed -+.Pp -+.Nm add_enctype -+.Op Fl r | Fl Fl random-key -+.Ar principal enctypes... -+.Pp -+.Bd -ragged -offset indent -+Adds a new encryption type to the principal, only random key are -+supported. -+.Ed -+.Pp -+.Nm delete -+.Ar principal... -+.Bd -ragged -offset indent -+Removes a principal. -+.Ed -+.Pp -+.Nm del_enctype -+.Ar principal enctypes... -+.Bd -ragged -offset indent -+Removes some enctypes from a principal; this can be useful if the -+service belonging to the principal is known to not handle certain -+enctypes. -+.Ed -+.Pp -+.Nm ext_keytab -+.Oo Fl k Ar string \*(Ba Xo -+.Fl Fl keytab= Ns Ar string -+.Xc -+.Oc -+.Ar principal... -+.Bd -ragged -offset indent -+Creates a keytab with the keys of the specified principals. Requires -+get-keys rights, otherwise the principal's keys are changed and saved in -+the keytab. -+.Ed -+.Pp -+.Nm get -+.Op Fl l | Fl Fl long -+.Op Fl s | Fl Fl short -+.Op Fl t | Fl Fl terse -+.Op Fl o Ar string | Fl Fl column-info= Ns Ar string -+.Ar principal... -+.Bd -ragged -offset indent -+Lists the matching principals, short prints the result as a table, -+while long format produces a more verbose output. Which columns to -+print can be selected with the -+.Fl o -+option. The argument is a comma separated list of column names -+optionally appended with an equal sign -+.Pq Sq = -+and a column header. Which columns are printed by default differ -+slightly between short and long output. -+.Pp -+The default terse output format is similar to -+.Fl s o Ar principal= , -+just printing the names of matched principals. -+.Pp -+Possible column names include: -+.Li principal , -+.Li princ_expire_time , -+.Li pw_expiration , -+.Li last_pwd_change , -+.Li max_life , -+.Li max_rlife , -+.Li mod_time , -+.Li mod_name , -+.Li attributes , -+.Li kvno , -+.Li mkvno , -+.Li last_success , -+.Li last_failed , -+.Li fail_auth_count , -+.Li policy , -+and -+.Li keytypes . -+.Ed -+.Pp -+.Nm modify -+.Oo Fl a Ar attributes \*(Ba Xo -+.Fl Fl attributes= Ns Ar attributes -+.Xc -+.Oc -+.Op Fl Fl max-ticket-life= Ns Ar lifetime -+.Op Fl Fl max-renewable-life= Ns Ar lifetime -+.Op Fl Fl expiration-time= Ns Ar time -+.Op Fl Fl pw-expiration-time= Ns Ar time -+.Op Fl Fl kvno= Ns Ar number -+.Op Fl Fl policy= Ns Ar policy-name -+.Ar principal... -+.Bd -ragged -offset indent -+Modifies certain attributes of a principal. If run without command -+line options, you will be prompted. With command line options, it will -+only change the ones specified. -+.Pp -+Only policy supported by Heimdal is -+.Q1 default . -+.Pp -+Possible attributes are: -+.Li new-princ , -+.Li support-desmd5 , -+.Li pwchange-service , -+.Li disallow-svr , -+.Li requires-pw-change , -+.Li requires-hw-auth , -+.Li requires-pre-auth , -+.Li disallow-all-tix , -+.Li disallow-dup-skey , -+.Li disallow-proxiable , -+.Li disallow-renewable , -+.Li disallow-tgt-based , -+.Li disallow-forwardable , -+.Li disallow-postdated -+.Pp -+Attributes may be negated with a "-", e.g., -+.Pp -+kadmin -l modify -a -disallow-proxiable user -+.Ed -+.Pp -+.Nm passwd -+.Op Fl Fl keepold -+.Op Fl r | Fl Fl random-key -+.Op Fl Fl random-password -+.Oo Fl p Ar string \*(Ba Xo -+.Fl Fl password= Ns Ar string -+.Xc -+.Oc -+.Op Fl Fl key= Ns Ar string -+.Ar principal... -+.Bd -ragged -offset indent -+Changes the password of an existing principal. -+.Ed -+.Pp -+.Nm password-quality -+.Ar principal -+.Ar password -+.Bd -ragged -offset indent -+Run the password quality check function locally. -+You can run this on the host that is configured to run the kadmind -+process to verify that your configuration file is correct. -+The verification is done locally, if kadmin is run in remote mode, -+no rpc call is done to the server. -+.Ed -+.Pp -+.Nm privileges -+.Bd -ragged -offset indent -+Lists the operations you are allowed to perform. These include -+.Li add , -+.Li add_enctype , -+.Li change-password , -+.Li delete , -+.Li del_enctype , -+.Li get , -+.Li get-keys , -+.Li list , -+and -+.Li modify . -+.Ed -+.Pp -+.Nm rename -+.Ar from to -+.Bd -ragged -offset indent -+Renames a principal. This is normally transparent, but since keys are -+salted with the principal name, they will have a non-standard salt, -+and clients which are unable to cope with this will fail. Kerberos 4 -+suffers from this. -+.Ed -+.Pp -+.Nm check -+.Op Ar realm -+.Pp -+.Bd -ragged -offset indent -+Check database for strange configurations on important principals. If -+no realm is given, the default realm is used. -+.Ed -+.Pp -+When running in local mode, the following commands can also be used: -+.Pp -+.Nm dump -+.Op Fl d | Fl Fl decrypt -+.Op Fl f Ns Ar format | Fl Fl format= Ns Ar format -+.Op Ar dump-file -+.Bd -ragged -offset indent -+Writes the database in -+.Dq machine readable text -+form to the specified file, or standard out. If the database is -+encrypted, the dump will also have encrypted keys, unless -+.Fl Fl decrypt -+is used. If -+.Fl Fl format=MIT -+is used then the dump will be in MIT format. Otherwise it will be in -+Heimdal format. -+.Ed -+.Pp -+.Nm init -+.Op Fl Fl realm-max-ticket-life= Ns Ar string -+.Op Fl Fl realm-max-renewable-life= Ns Ar string -+.Ar realm -+.Bd -ragged -offset indent -+Initializes the Kerberos database with entries for a new realm. It's -+possible to have more than one realm served by one server. -+.Ed -+.Pp -+.Nm load -+.Ar file -+.Bd -ragged -offset indent -+Reads a previously dumped database, and re-creates that database from -+scratch. -+.Ed -+.Pp -+.Nm merge -+.Ar file -+.Bd -ragged -offset indent -+Similar to -+.Nm load -+but just modifies the database with the entries in the dump file. -+.Ed -+.Pp -+.Nm stash -+.Oo Fl e Ar enctype \*(Ba Xo -+.Fl Fl enctype= Ns Ar enctype -+.Xc -+.Oc -+.Oo Fl k Ar keyfile \*(Ba Xo -+.Fl Fl key-file= Ns Ar keyfile -+.Xc -+.Oc -+.Op Fl Fl convert-file -+.Op Fl Fl master-key-fd= Ns Ar fd -+.Bd -ragged -offset indent -+Writes the Kerberos master key to a file used by the KDC. -+.Ed -+.\".Sh ENVIRONMENT -+.\".Sh FILES -+.\".Sh EXAMPLES -+.\".Sh DIAGNOSTICS -+.Sh SEE ALSO -+.Xr kadmind 8 , -+.Xr kdc 8 -+.\".Sh STANDARDS -+.\".Sh HISTORY -+.\".Sh AUTHORS -+.\".Sh BUGS -diff --git a/kadmin/kadmin.8 b/kadmin/kadmin.8 -deleted file mode 100644 -index cce545a..0000000 ---- a/kadmin/kadmin.8 -+++ /dev/null -@@ -1,361 +0,0 @@ --.\" Copyright (c) 2000 - 2007 Kungliga Tekniska Högskolan --.\" (Royal Institute of Technology, Stockholm, Sweden). --.\" All rights reserved. --.\" --.\" Redistribution and use in source and binary forms, with or without --.\" modification, are permitted provided that the following conditions --.\" are met: --.\" --.\" 1. Redistributions of source code must retain the above copyright --.\" notice, this list of conditions and the following disclaimer. --.\" --.\" 2. Redistributions in binary form must reproduce the above copyright --.\" notice, this list of conditions and the following disclaimer in the --.\" documentation and/or other materials provided with the distribution. --.\" --.\" 3. Neither the name of the Institute nor the names of its contributors --.\" may be used to endorse or promote products derived from this software --.\" without specific prior written permission. --.\" --.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND --.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE --.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE --.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE --.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL --.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS --.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) --.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT --.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY --.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF --.\" SUCH DAMAGE. --.\" --.\" $Id$ --.\" --.Dd Feb 22, 2007 --.Dt KADMIN 8 --.Os HEIMDAL --.Sh NAME --.Nm kadmin --.Nd Kerberos administration utility --.Sh SYNOPSIS --.Nm --.Bk -words --.Op Fl p Ar string \*(Ba Fl Fl principal= Ns Ar string --.Op Fl K Ar string \*(Ba Fl Fl keytab= Ns Ar string --.Op Fl c Ar file \*(Ba Fl Fl config-file= Ns Ar file --.Op Fl k Ar file \*(Ba Fl Fl key-file= Ns Ar file --.Op Fl r Ar realm \*(Ba Fl Fl realm= Ns Ar realm --.Op Fl a Ar host \*(Ba Fl Fl admin-server= Ns Ar host --.Op Fl s Ar port number \*(Ba Fl Fl server-port= Ns Ar port number --.Op Fl l | Fl Fl local --.Op Fl h | Fl Fl help --.Op Fl v | Fl Fl version --.Op Ar command --.Ek --.Sh DESCRIPTION --The --.Nm --program is used to make modifications to the Kerberos database, either remotely via the --.Xr kadmind 8 --daemon, or locally (with the --.Fl l --option). --.Pp --Supported options: --.Bl -tag -width Ds --.It Fl p Ar string , Fl Fl principal= Ns Ar string --principal to authenticate as --.It Fl K Ar string , Fl Fl keytab= Ns Ar string --keytab for authentication principal --.It Fl c Ar file , Fl Fl config-file= Ns Ar file --location of config file --.It Fl k Ar file , Fl Fl key-file= Ns Ar file --location of master key file --.It Fl r Ar realm , Fl Fl realm= Ns Ar realm --realm to use --.It Fl a Ar host , Fl Fl admin-server= Ns Ar host --server to contact --.It Fl s Ar port number , Fl Fl server-port= Ns Ar port number --port to use --.It Fl l , Fl Fl local --local admin mode --.El --.Pp --If no --.Ar command --is given on the command line, --.Nm --will prompt for commands to process. Some of the commands that take --one or more principals as argument --.Ns ( Nm delete , --.Nm ext_keytab , --.Nm get , --.Nm modify , --and --.Nm passwd ) --will accept a glob style wildcard, and perform the operation on all --matching principals. --.Pp --Commands include: --.\" not using a list here, since groff apparently gets confused --.\" with nested Xo/Xc --.Pp --.Nm add --.Op Fl r | Fl Fl random-key --.Op Fl Fl random-password --.Op Fl p Ar string \*(Ba Fl Fl password= Ns Ar string --.Op Fl Fl key= Ns Ar string --.Op Fl Fl max-ticket-life= Ns Ar lifetime --.Op Fl Fl max-renewable-life= Ns Ar lifetime --.Op Fl Fl attributes= Ns Ar attributes --.Op Fl Fl expiration-time= Ns Ar time --.Op Fl Fl pw-expiration-time= Ns Ar time --.Op Fl Fl policy= Ns Ar policy-name --.Ar principal... --.Bd -ragged -offset indent --Adds a new principal to the database. The options not passed on the --command line will be promped for. --The only policy supported by Heimdal servers is --.Q1 default . --.Ed --.Pp --.Nm add_enctype --.Op Fl r | Fl Fl random-key --.Ar principal enctypes... --.Pp --.Bd -ragged -offset indent --Adds a new encryption type to the principal, only random key are --supported. --.Ed --.Pp --.Nm delete --.Ar principal... --.Bd -ragged -offset indent --Removes a principal. --.Ed --.Pp --.Nm del_enctype --.Ar principal enctypes... --.Bd -ragged -offset indent --Removes some enctypes from a principal; this can be useful if the --service belonging to the principal is known to not handle certain --enctypes. --.Ed --.Pp --.Nm ext_keytab --.Oo Fl k Ar string \*(Ba Xo --.Fl Fl keytab= Ns Ar string --.Xc --.Oc --.Ar principal... --.Bd -ragged -offset indent --Creates a keytab with the keys of the specified principals. Requires --get-keys rights. --.Ed --.Pp --.Nm get --.Op Fl l | Fl Fl long --.Op Fl s | Fl Fl short --.Op Fl t | Fl Fl terse --.Op Fl o Ar string | Fl Fl column-info= Ns Ar string --.Ar principal... --.Bd -ragged -offset indent --Lists the matching principals, short prints the result as a table, --while long format produces a more verbose output. Which columns to --print can be selected with the --.Fl o --option. The argument is a comma separated list of column names --optionally appended with an equal sign --.Pq Sq = --and a column header. Which columns are printed by default differ --slightly between short and long output. --.Pp --The default terse output format is similar to --.Fl s o Ar principal= , --just printing the names of matched principals. --.Pp --Possible column names include: --.Li principal , --.Li princ_expire_time , --.Li pw_expiration , --.Li last_pwd_change , --.Li max_life , --.Li max_rlife , --.Li mod_time , --.Li mod_name , --.Li attributes , --.Li kvno , --.Li mkvno , --.Li last_success , --.Li last_failed , --.Li fail_auth_count , --.Li policy , --and --.Li keytypes . --.Ed --.Pp --.Nm modify --.Oo Fl a Ar attributes \*(Ba Xo --.Fl Fl attributes= Ns Ar attributes --.Xc --.Oc --.Op Fl Fl max-ticket-life= Ns Ar lifetime --.Op Fl Fl max-renewable-life= Ns Ar lifetime --.Op Fl Fl expiration-time= Ns Ar time --.Op Fl Fl pw-expiration-time= Ns Ar time --.Op Fl Fl kvno= Ns Ar number --.Op Fl Fl policy= Ns Ar policy-name --.Ar principal... --.Bd -ragged -offset indent --Modifies certain attributes of a principal. If run without command --line options, you will be prompted. With command line options, it will --only change the ones specified. --.Pp --Only policy supported by Heimdal is --.Q1 default . --.Pp --Possible attributes are: --.Li new-princ , --.Li support-desmd5 , --.Li pwchange-service , --.Li disallow-svr , --.Li requires-pw-change , --.Li requires-hw-auth , --.Li requires-pre-auth , --.Li disallow-all-tix , --.Li disallow-dup-skey , --.Li disallow-proxiable , --.Li disallow-renewable , --.Li disallow-tgt-based , --.Li disallow-forwardable , --.Li disallow-postdated --.Pp --Attributes may be negated with a "-", e.g., --.Pp --kadmin -l modify -a -disallow-proxiable user --.Ed --.Pp --.Nm passwd --.Op Fl Fl keepold --.Op Fl r | Fl Fl random-key --.Op Fl Fl random-password --.Oo Fl p Ar string \*(Ba Xo --.Fl Fl password= Ns Ar string --.Xc --.Oc --.Op Fl Fl key= Ns Ar string --.Ar principal... --.Bd -ragged -offset indent --Changes the password of an existing principal. --.Ed --.Pp --.Nm password-quality --.Ar principal --.Ar password --.Bd -ragged -offset indent --Run the password quality check function locally. --You can run this on the host that is configured to run the kadmind --process to verify that your configuration file is correct. --The verification is done locally, if kadmin is run in remote mode, --no rpc call is done to the server. --.Ed --.Pp --.Nm privileges --.Bd -ragged -offset indent --Lists the operations you are allowed to perform. These include --.Li add , --.Li add_enctype , --.Li change-password , --.Li delete , --.Li del_enctype , --.Li get , --.Li get-keys , --.Li list , --and --.Li modify . --.Ed --.Pp --.Nm rename --.Ar from to --.Bd -ragged -offset indent --Renames a principal. This is normally transparent, but since keys are --salted with the principal name, they will have a non-standard salt, --and clients which are unable to cope with this will fail. Kerberos 4 --suffers from this. --.Ed --.Pp --.Nm check --.Op Ar realm --.Pp --.Bd -ragged -offset indent --Check database for strange configurations on important principals. If --no realm is given, the default realm is used. --.Ed --.Pp --When running in local mode, the following commands can also be used: --.Pp --.Nm dump --.Op Fl d | Fl Fl decrypt --.Op Fl f Ns Ar format | Fl Fl format= Ns Ar format --.Op Ar dump-file --.Bd -ragged -offset indent --Writes the database in --.Dq machine readable text --form to the specified file, or standard out. If the database is --encrypted, the dump will also have encrypted keys, unless --.Fl Fl decrypt --is used. If --.Fl Fl format=MIT --is used then the dump will be in MIT format. Otherwise it will be in --Heimdal format. --.Ed --.Pp --.Nm init --.Op Fl Fl realm-max-ticket-life= Ns Ar string --.Op Fl Fl realm-max-renewable-life= Ns Ar string --.Ar realm --.Bd -ragged -offset indent --Initializes the Kerberos database with entries for a new realm. It's --possible to have more than one realm served by one server. --.Ed --.Pp --.Nm load --.Ar file --.Bd -ragged -offset indent --Reads a previously dumped database, and re-creates that database from --scratch. --.Ed --.Pp --.Nm merge --.Ar file --.Bd -ragged -offset indent --Similar to --.Nm load --but just modifies the database with the entries in the dump file. --.Ed --.Pp --.Nm stash --.Oo Fl e Ar enctype \*(Ba Xo --.Fl Fl enctype= Ns Ar enctype --.Xc --.Oc --.Oo Fl k Ar keyfile \*(Ba Xo --.Fl Fl key-file= Ns Ar keyfile --.Xc --.Oc --.Op Fl Fl convert-file --.Op Fl Fl master-key-fd= Ns Ar fd --.Bd -ragged -offset indent --Writes the Kerberos master key to a file used by the KDC. --.Ed --.\".Sh ENVIRONMENT --.\".Sh FILES --.\".Sh EXAMPLES --.\".Sh DIAGNOSTICS --.Sh SEE ALSO --.Xr kadmind 8 , --.Xr kdc 8 --.\".Sh STANDARDS --.\".Sh HISTORY --.\".Sh AUTHORS --.\".Sh BUGS -diff --git a/kadmin/kadmind.8 b/kadmin/kadmind.8 -index 453b8e7..f666159 100644 ---- a/kadmin/kadmind.8 -+++ b/kadmin/kadmind.8 -@@ -158,6 +158,6 @@ mallory/admin@EXAMPLE.COM add,get-keys host/*@EXAMPLE.COM - .\".Sh DIAGNOSTICS - .Sh SEE ALSO - .Xr kpasswd 1 , --.Xr kadmin 8 , -+.Xr kadmin 1 , - .Xr kdc 8 , - .Xr kpasswdd 8 -diff --git a/lib/krb5/kerberos.8 b/lib/krb5/kerberos.8 -index 1465a5b..d54ced5 100644 ---- a/lib/krb5/kerberos.8 -+++ b/lib/krb5/kerberos.8 -@@ -85,9 +85,9 @@ For setup instructions see the Heimdal Texinfo manual. - .Xr telnet 1 , - .Xr krb5 3 , - .Xr krb5.conf 5 , --.Xr kadmin 8 , -+.Xr kadmin 1 , - .Xr kdc 8 , --.Xr ktutil 8 -+.Xr ktutil 1 - .Sh HISTORY - The Kerberos authentication system was developed in the late 1980's as - part of the Athena Project at the Massachusetts Institute of diff --git a/debian/patches/series b/debian/patches/series index cf059d307..2af4610bc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,6 +12,5 @@ installsh 046_hurd_sundevdata 047_link_gssapi 049_testkdc_timeout -050_kadmin_to_usr_bin 051_bug746486-memleak 060_no_build_string |