diff options
Diffstat (limited to 'crypto/krb5/doc/html/user')
17 files changed, 0 insertions, 4128 deletions
diff --git a/crypto/krb5/doc/html/user/index.html b/crypto/krb5/doc/html/user/index.html deleted file mode 100644 index 0f13553ebe2f..000000000000 --- a/crypto/krb5/doc/html/user/index.html +++ /dev/null @@ -1,165 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>For users — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Password management" href="pwd_mgmt.html" /> - <link rel="prev" title="MIT Kerberos Documentation (1.22-final)" href="../index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../index.html" title="MIT Kerberos Documentation (1.22-final)" - accesskey="P">previous</a> | - <a href="pwd_mgmt.html" title="Password management" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="for-users"> -<h1>For users<a class="headerlink" href="#for-users" title="Link to this heading">¶</a></h1> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="pwd_mgmt.html">Password management</a><ul> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#changing-your-password">Changing your password</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#granting-access-to-your-account">Granting access to your account</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#password-quality-verification">Password quality verification</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a><ul> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#kerberos-ticket-properties">Kerberos ticket properties</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#viewing-tickets-with-klist">Viewing tickets with klist</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="user_config/index.html">User config files</a><ul> -<li class="toctree-l2"><a class="reference internal" href="user_config/kerberos.html">kerberos</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/k5login.html">.k5login</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="user_commands/index.html">User commands</a><ul> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kdestroy.html">kdestroy</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kinit.html">kinit</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/klist.html">klist</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kpasswd.html">kpasswd</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/krb5-config.html">krb5-config</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/ksu.html">ksu</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kswitch.html">kswitch</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kvno.html">kvno</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</div> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">For users</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="current reference internal" href="#">For users</a><ul> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../index.html" title="MIT Kerberos Documentation (1.22-final)" - >previous</a> | - <a href="pwd_mgmt.html" title="Password management" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/pwd_mgmt.html b/crypto/krb5/doc/html/user/pwd_mgmt.html deleted file mode 100644 index 6af1d7d83dad..000000000000 --- a/crypto/krb5/doc/html/user/pwd_mgmt.html +++ /dev/null @@ -1,227 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Password management — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="Ticket management" href="tkt_mgmt.html" /> - <link rel="prev" title="For users" href="index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="For users" - accesskey="P">previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="password-management"> -<h1>Password management<a class="headerlink" href="#password-management" title="Link to this heading">¶</a></h1> -<p>Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you—send email that comes from you, read, edit, or delete your files, -or log into other hosts as you—and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -<a class="reference internal" href="#grant-access"><span class="std std-ref">Granting access to your account</span></a>). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is.</p> -<section id="changing-your-password"> -<h2>Changing your password<a class="headerlink" href="#changing-your-password" title="Link to this heading">¶</a></h2> -<p>To change your Kerberos password, use the <a class="reference internal" href="user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a> command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you’re not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user <code class="docutils literal notranslate"><span class="pre">david</span></code> would do the following:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">your</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">new</span> <span class="n">password</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">your</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">it</span> <span class="n">again</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">new</span> <span class="n">password</span> <span class="n">again</span><span class="o">.</span> -<span class="n">Password</span> <span class="n">changed</span><span class="o">.</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If <code class="docutils literal notranslate"><span class="pre">david</span></code> typed the incorrect old password, he would get the -following message:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">incorrect</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">kpasswd</span><span class="p">:</span> <span class="n">Password</span> <span class="n">incorrect</span> <span class="k">while</span> <span class="n">getting</span> <span class="n">initial</span> <span class="n">ticket</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If you make a mistake and don’t type the new password the same way -twice, kpasswd will ask you to try again:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kpasswd</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">old</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">new</span> <span class="n">password</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">the</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">Enter</span> <span class="n">it</span> <span class="n">again</span><span class="p">:</span> <span class="o"><-</span> <span class="n">Type</span> <span class="n">a</span> <span class="n">different</span> <span class="n">new</span> <span class="n">password</span><span class="o">.</span> -<span class="n">kpasswd</span><span class="p">:</span> <span class="n">Password</span> <span class="n">mismatch</span> <span class="k">while</span> <span class="n">reading</span> <span class="n">password</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn’t work, try again -using the old one.</p> -</section> -<section id="granting-access-to-your-account"> -<span id="grant-access"></span><h2>Granting access to your account<a class="headerlink" href="#granting-access-to-your-account" title="Link to this heading">¶</a></h2> -<p>If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called <a class="reference internal" href="user_config/k5login.html#k5login-5"><span class="std std-ref">.k5login</span></a> in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> -</pre></div> -</div> -<p>This file would allow the users <code class="docutils literal notranslate"><span class="pre">jennifer</span></code> and <code class="docutils literal notranslate"><span class="pre">david</span></code> to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts.</p> -<p>Using a .k5login file is much safer than giving out your password, -because:</p> -<ul class="simple"> -<li><p>You can take access away any time simply by removing the principal -from your .k5login file.</p></li> -<li><p>Although the user has full access to your account on one particular -host (or set of hosts if your .k5login file is shared, e.g., over -NFS), that user does not inherit your network privileges.</p></li> -<li><p>Kerberos keeps a log of who obtains tickets, so a system -administrator could find out, if necessary, who was capable of using -your user ID at a particular time.</p></li> -</ul> -<p>One common application is to have a .k5login file in root’s home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network.</p> -</section> -<section id="password-quality-verification"> -<h2>Password quality verification<a class="headerlink" href="#password-quality-verification" title="Link to this heading">¶</a></h2> -<p>TODO</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Password management</a><ul> -<li><a class="reference internal" href="#changing-your-password">Changing your password</a></li> -<li><a class="reference internal" href="#granting-access-to-your-account">Granting access to your account</a></li> -<li><a class="reference internal" href="#password-quality-verification">Password quality verification</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current"> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="For users" - >previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/tkt_mgmt.html b/crypto/krb5/doc/html/user/tkt_mgmt.html deleted file mode 100644 index 6e121c0abd29..000000000000 --- a/crypto/krb5/doc/html/user/tkt_mgmt.html +++ /dev/null @@ -1,443 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>Ticket management — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../_static/kerb.css?v=6a0b3979" /> - <script src="../_static/documentation_options.js?v=236fef3b"></script> - <script src="../_static/doctools.js?v=888ff710"></script> - <script src="../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="index" title="Index" href="../genindex.html" /> - <link rel="search" title="Search" href="../search.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="next" title="User config files" href="user_config/index.html" /> - <link rel="prev" title="Password management" href="pwd_mgmt.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="pwd_mgmt.html" title="Password management" - accesskey="P">previous</a> | - <a href="user_config/index.html" title="User config files" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="ticket-management"> -<h1>Ticket management<a class="headerlink" href="#ticket-management" title="Link to this heading">¶</a></h1> -<p>On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a> command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen.</p> -<section id="kerberos-ticket-properties"> -<h2>Kerberos ticket properties<a class="headerlink" href="#kerberos-ticket-properties" title="Link to this heading">¶</a></h2> -<p>There are various properties that Kerberos tickets can have:</p> -<p>If a ticket is <strong>forwardable</strong>, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally.</p> -<p>When the KDC creates a new ticket based on a forwardable ticket, it -sets the <strong>forwarded</strong> flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set.</p> -<p>A <strong>proxiable</strong> ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket-granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable.</p> -<p>A <strong>proxy</strong> ticket is one that was issued based on a proxiable ticket.</p> -<p>A <strong>postdated</strong> ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets.</p> -<p>Ticket-granting tickets with the <strong>postdateable</strong> flag set can be used -to obtain postdated service tickets.</p> -<p><strong>Renewable</strong> tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket.</p> -<p>A ticket with the <strong>initial flag</strong> set was issued based on the -authentication protocol, and not on a ticket-granting ticket. -Application servers that wish to ensure that the user’s key has been -recently presented for verification could specify that this flag must -be set to accept the ticket.</p> -<p>An <strong>invalid</strong> ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used.</p> -<p>A <strong>preauthenticated</strong> ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC.</p> -<p>The <strong>hardware authentication</strong> flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets.</p> -<p>If a ticket has the <strong>transit policy</strong> checked flag set, then the KDC -that issued this ticket implements the transited-realm check policy -and checked the transited-realms list on the ticket. The -transited-realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket.</p> -<p>The <strong>okay as delegate</strong> flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it.</p> -<p>An <strong>anonymous</strong> ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key.</p> -</section> -<section id="obtaining-tickets-with-kinit"> -<span id="obtain-tkt"></span><h2>Obtaining tickets with kinit<a class="headerlink" href="#obtaining-tickets-with-kinit" title="Link to this heading">¶</a></h2> -<p>If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -<a class="reference internal" href="user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a> program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones.</p> -<p>To use the kinit program, simply type <code class="docutils literal notranslate"><span class="pre">kinit</span></code> and then type your -password at the prompt. For example, Jennifer (whose username is -<code class="docutils literal notranslate"><span class="pre">jennifer</span></code>) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kinit</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><--</span> <span class="p">[</span><span class="n">Type</span> <span class="n">jennifer</span><span class="s1">'s password here.]</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If you type your password incorrectly, kinit will give you the -following error message:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kinit</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><--</span> <span class="p">[</span><span class="n">Type</span> <span class="n">the</span> <span class="n">wrong</span> <span class="n">password</span> <span class="n">here</span><span class="o">.</span><span class="p">]</span> -<span class="n">kinit</span><span class="p">:</span> <span class="n">Password</span> <span class="n">incorrect</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>and you won’t get Kerberos tickets.</p> -<p>By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer’s friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kinit</span> <span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span class="p">:</span> <span class="o"><--</span> <span class="p">[</span><span class="n">Type</span> <span class="n">david</span><span class="s1">'s password here.]</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer’s -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm.</p> -<p>If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the -<strong>-f</strong> option:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kinit</span> <span class="o">-</span><span class="n">f</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="p">:</span> <span class="o"><--</span> <span class="p">[</span><span class="n">Type</span> <span class="n">your</span> <span class="n">password</span> <span class="n">here</span><span class="o">.</span><span class="p">]</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the <a class="reference internal" href="user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> command (see -<a class="reference internal" href="#view-tkt"><span class="std std-ref">Viewing tickets with klist</span></a>).</p> -<p>Normally, your tickets are good for your system’s default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the <strong>-l</strong> option. Add the letter -<strong>s</strong> to the value for seconds, <strong>m</strong> for minutes, <strong>h</strong> for hours, or -<strong>d</strong> for days. For example, to obtain forwardable tickets for -<code class="docutils literal notranslate"><span class="pre">david@EXAMPLE.COM</span></code> that would be good for three hours, you would -type:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kinit</span> <span class="o">-</span><span class="n">f</span> <span class="o">-</span><span class="n">l</span> <span class="mi">3</span><span class="n">h</span> <span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> -<span class="n">Password</span> <span class="k">for</span> <span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span class="p">:</span> <span class="o"><--</span> <span class="p">[</span><span class="n">Type</span> <span class="n">david</span><span class="s1">'s password here.]</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<div class="admonition note"> -<p class="admonition-title">Note</p> -<p>You cannot mix units; specifying a lifetime of 3h30m would -result in an error. Note also that most systems specify a -maximum ticket lifetime. If you request a longer ticket -lifetime, it will be automatically truncated to the maximum -lifetime.</p> -</div> -</section> -<section id="viewing-tickets-with-klist"> -<span id="view-tkt"></span><h2>Viewing tickets with klist<a class="headerlink" href="#viewing-tickets-with-klist" title="Link to this heading">¶</a></h2> -<p>The <a class="reference internal" href="user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a> command shows your tickets. When you first obtain -tickets, you will have only the ticket-granting ticket. The listing -would look like this:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">klist</span> -<span class="n">Ticket</span> <span class="n">cache</span><span class="p">:</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5cc_ttypa</span> -<span class="n">Default</span> <span class="n">principal</span><span class="p">:</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> - -<span class="n">Valid</span> <span class="n">starting</span> <span class="n">Expires</span> <span class="n">Service</span> <span class="n">principal</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">19</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">21</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>The ticket cache is the location of your ticket file. In the above -example, this file is named <code class="docutils literal notranslate"><span class="pre">/tmp/krb5cc_ttypa</span></code>. The default -principal is your Kerberos principal.</p> -<p>The “valid starting” and “expires” fields describe the period of time -during which the ticket is valid. The “service principal” describes -each ticket. The ticket-granting ticket has a first component -<code class="docutils literal notranslate"><span class="pre">krbtgt</span></code>, and a second component which is the realm name.</p> -<p>Now, if <code class="docutils literal notranslate"><span class="pre">jennifer</span></code> connected to the machine <code class="docutils literal notranslate"><span class="pre">daffodil.mit.edu</span></code>, -and then typed “klist” again, she would have gotten the following -result:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">klist</span> -<span class="n">Ticket</span> <span class="n">cache</span><span class="p">:</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5cc_ttypa</span> -<span class="n">Default</span> <span class="n">principal</span><span class="p">:</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> - -<span class="n">Valid</span> <span class="n">starting</span> <span class="n">Expires</span> <span class="n">Service</span> <span class="n">principal</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">19</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">21</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">20</span><span class="p">:</span><span class="mi">22</span><span class="p">:</span><span class="mi">30</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">host</span><span class="o">/</span><span class="n">daffodil</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>Here’s what happened: when <code class="docutils literal notranslate"><span class="pre">jennifer</span></code> used ssh to connect to the -host <code class="docutils literal notranslate"><span class="pre">daffodil.mit.edu</span></code>, the ssh program presented her -ticket-granting ticket to the KDC and requested a host ticket for the -host <code class="docutils literal notranslate"><span class="pre">daffodil.mit.edu</span></code>. The KDC sent the host ticket, which ssh -then presented to the host <code class="docutils literal notranslate"><span class="pre">daffodil.mit.edu</span></code>, and she was allowed -to log in without typing her password.</p> -<p>Suppose your Kerberos tickets allow you to log into a host in another -domain, such as <code class="docutils literal notranslate"><span class="pre">trillium.example.com</span></code>, which is also in another -Kerberos realm, <code class="docutils literal notranslate"><span class="pre">EXAMPLE.COM</span></code>. If you ssh to this host, you will -receive a ticket-granting ticket for the realm <code class="docutils literal notranslate"><span class="pre">EXAMPLE.COM</span></code>, plus -the new host ticket for <code class="docutils literal notranslate"><span class="pre">trillium.example.com</span></code>. klist will now -show:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">klist</span> -<span class="n">Ticket</span> <span class="n">cache</span><span class="p">:</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5cc_ttypa</span> -<span class="n">Default</span> <span class="n">principal</span><span class="p">:</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> - -<span class="n">Valid</span> <span class="n">starting</span> <span class="n">Expires</span> <span class="n">Service</span> <span class="n">principal</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">19</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">21</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">20</span><span class="p">:</span><span class="mi">22</span><span class="p">:</span><span class="mi">30</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">host</span><span class="o">/</span><span class="n">daffodil</span><span class="o">.</span><span class="n">mit</span><span class="o">.</span><span class="n">edu</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">20</span><span class="p">:</span><span class="mi">24</span><span class="p">:</span><span class="mi">18</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> -<span class="mi">06</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">04</span> <span class="mi">20</span><span class="p">:</span><span class="mi">24</span><span class="p">:</span><span class="mi">18</span> <span class="mi">06</span><span class="o">/</span><span class="mi">08</span><span class="o">/</span><span class="mi">04</span> <span class="mi">05</span><span class="p">:</span><span class="mi">49</span><span class="p">:</span><span class="mi">19</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>Depending on your host’s and realm’s configuration, you may also see a -ticket with the service principal <code class="docutils literal notranslate"><span class="pre">host/trillium.example.com@</span></code>. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the <code class="docutils literal notranslate"><span class="pre">ATHENA.MIT.EDU</span></code> KDC for -a referral. The next time you connect to <code class="docutils literal notranslate"><span class="pre">trillium.example.com</span></code>, -the odd-looking entry will be used to avoid needing to ask for a -referral again.</p> -<p>You can use the <strong>-f</strong> option to view the flags that apply to your -tickets. The flags are:</p> -<table class="docutils align-default"> -<tbody> -<tr class="row-odd"><td><p>F</p></td> -<td><p>Forwardable</p></td> -</tr> -<tr class="row-even"><td><p>f</p></td> -<td><p>forwarded</p></td> -</tr> -<tr class="row-odd"><td><p>P</p></td> -<td><p>Proxiable</p></td> -</tr> -<tr class="row-even"><td><p>p</p></td> -<td><p>proxy</p></td> -</tr> -<tr class="row-odd"><td><p>D</p></td> -<td><p>postDateable</p></td> -</tr> -<tr class="row-even"><td><p>d</p></td> -<td><p>postdated</p></td> -</tr> -<tr class="row-odd"><td><p>R</p></td> -<td><p>Renewable</p></td> -</tr> -<tr class="row-even"><td><p>I</p></td> -<td><p>Initial</p></td> -</tr> -<tr class="row-odd"><td><p>i</p></td> -<td><p>invalid</p></td> -</tr> -<tr class="row-even"><td><p>H</p></td> -<td><p>Hardware authenticated</p></td> -</tr> -<tr class="row-odd"><td><p>A</p></td> -<td><p>preAuthenticated</p></td> -</tr> -<tr class="row-even"><td><p>T</p></td> -<td><p>Transit policy checked</p></td> -</tr> -<tr class="row-odd"><td><p>O</p></td> -<td><p>Okay as delegate</p></td> -</tr> -<tr class="row-even"><td><p>a</p></td> -<td><p>anonymous</p></td> -</tr> -</tbody> -</table> -<p>Here is a sample listing. In this example, the user <em>jennifer</em> -obtained her initial tickets (<strong>I</strong>), which are forwardable (<strong>F</strong>) -and postdated (<strong>d</strong>) but not yet validated (<strong>i</strong>):</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">klist</span> <span class="o">-</span><span class="n">f</span> -<span class="n">Ticket</span> <span class="n">cache</span><span class="p">:</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5cc_320</span> -<span class="n">Default</span> <span class="n">principal</span><span class="p">:</span> <span class="n">jennifer</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> - -<span class="n">Valid</span> <span class="n">starting</span> <span class="n">Expires</span> <span class="n">Service</span> <span class="n">principal</span> -<span class="mi">31</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">05</span> <span class="mi">19</span><span class="p">:</span><span class="mi">06</span><span class="p">:</span><span class="mi">25</span> <span class="mi">31</span><span class="o">/</span><span class="mi">07</span><span class="o">/</span><span class="mi">05</span> <span class="mi">19</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">25</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span><span class="nd">@ATHENA</span><span class="o">.</span><span class="n">MIT</span><span class="o">.</span><span class="n">EDU</span> - <span class="n">Flags</span><span class="p">:</span> <span class="n">FdiI</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>In the following example, the user <em>david</em>’s tickets were forwarded -(<strong>f</strong>) to this host from another host. The tickets are reforwardable -(<strong>F</strong>):</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">klist</span> <span class="o">-</span><span class="n">f</span> -<span class="n">Ticket</span> <span class="n">cache</span><span class="p">:</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">krb5cc_p11795</span> -<span class="n">Default</span> <span class="n">principal</span><span class="p">:</span> <span class="n">david</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> - -<span class="n">Valid</span> <span class="n">starting</span> <span class="n">Expires</span> <span class="n">Service</span> <span class="n">principal</span> -<span class="mi">07</span><span class="o">/</span><span class="mi">31</span><span class="o">/</span><span class="mi">05</span> <span class="mi">11</span><span class="p">:</span><span class="mi">52</span><span class="p">:</span><span class="mi">29</span> <span class="mi">07</span><span class="o">/</span><span class="mi">31</span><span class="o">/</span><span class="mi">05</span> <span class="mi">21</span><span class="p">:</span><span class="mi">11</span><span class="p">:</span><span class="mi">23</span> <span class="n">krbtgt</span><span class="o">/</span><span class="n">EXAMPLE</span><span class="o">.</span><span class="n">COM</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> - <span class="n">Flags</span><span class="p">:</span> <span class="n">Ff</span> -<span class="mi">07</span><span class="o">/</span><span class="mi">31</span><span class="o">/</span><span class="mi">05</span> <span class="mi">12</span><span class="p">:</span><span class="mi">03</span><span class="p">:</span><span class="mi">48</span> <span class="mi">07</span><span class="o">/</span><span class="mi">31</span><span class="o">/</span><span class="mi">05</span> <span class="mi">21</span><span class="p">:</span><span class="mi">11</span><span class="p">:</span><span class="mi">23</span> <span class="n">host</span><span class="o">/</span><span class="n">trillium</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> - <span class="n">Flags</span><span class="p">:</span> <span class="n">Ff</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -</section> -<section id="destroying-tickets-with-kdestroy"> -<h2>Destroying tickets with kdestroy<a class="headerlink" href="#destroying-tickets-with-kdestroy" title="Link to this heading">¶</a></h2> -<p>Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer.</p> -<p>Destroying your tickets is easy. Simply type kdestroy:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdestroy</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -<p>If <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a> fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can’t find any -tickets to destroy, it will give the following message:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">kdestroy</span> -<span class="n">kdestroy</span><span class="p">:</span> <span class="n">No</span> <span class="n">credentials</span> <span class="n">cache</span> <span class="n">file</span> <span class="n">found</span> <span class="k">while</span> <span class="n">destroying</span> <span class="n">cache</span> -<span class="n">shell</span><span class="o">%</span> -</pre></div> -</div> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Ticket management</a><ul> -<li><a class="reference internal" href="#kerberos-ticket-properties">Kerberos ticket properties</a></li> -<li><a class="reference internal" href="#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li> -<li><a class="reference internal" href="#viewing-tickets-with-klist">Viewing tickets with klist</a></li> -<li><a class="reference internal" href="#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="pwd_mgmt.html" title="Password management" - >previous</a> | - <a href="user_config/index.html" title="User config files" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/index.html b/crypto/krb5/doc/html/user/user_commands/index.html deleted file mode 100644 index cdf6ceee0992..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/index.html +++ /dev/null @@ -1,154 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>User commands — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kdestroy" href="kdestroy.html" /> - <link rel="prev" title=".k5identity" href="../user_config/k5identity.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../user_config/k5identity.html" title=".k5identity" - accesskey="P">previous</a> | - <a href="kdestroy.html" title="kdestroy" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="user-commands"> -<span id="id1"></span><h1>User commands<a class="headerlink" href="#user-commands" title="Link to this heading">¶</a></h1> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l1"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l1"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l1"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l1"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l1"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l1"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l1"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l1"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</div> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">User commands</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">User commands</a><ul> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../user_config/k5identity.html" title=".k5identity" - >previous</a> | - <a href="kdestroy.html" title="kdestroy" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/kdestroy.html b/crypto/krb5/doc/html/user/user_commands/kdestroy.html deleted file mode 100644 index 5bfd893f1743..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kdestroy.html +++ /dev/null @@ -1,210 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kdestroy — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kinit" href="kinit.html" /> - <link rel="prev" title="User commands" href="index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="User commands" - accesskey="P">previous</a> | - <a href="kinit.html" title="kinit" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kdestroy"> -<span id="kdestroy-1"></span><h1>kdestroy<a class="headerlink" href="#kdestroy" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kdestroy</strong> -[<strong>-A</strong>] -[<strong>-q</strong>] -[<strong>-c</strong> <em>cache_name</em>] -[<strong>-p</strong> <em>princ_name</em>]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>The kdestroy utility destroys the user’s active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-A</strong></dt><dd><p>Destroys all caches in the collection, if a cache collection is -available. May be used with the <strong>-c</strong> option to specify the -collection to be destroyed.</p> -</dd> -<dt><strong>-q</strong></dt><dd><p>Run quietly. Normally kdestroy beeps if it fails to destroy the -user’s tickets. The <strong>-q</strong> flag suppresses this behavior.</p> -</dd> -<dt><strong>-c</strong> <em>cache_name</em></dt><dd><p>Use <em>cache_name</em> as the credentials (ticket) cache name and -location; if this option is not used, the default cache name and -location are used.</p> -<p>The default credentials cache may vary between systems. If the -<strong>KRB5CCNAME</strong> environment variable is set, its value is used to -name the default ticket cache.</p> -</dd> -<dt><strong>-p</strong> <em>princ_name</em></dt><dd><p>If a cache collection is available, destroy the cache for -<em>princ_name</em> instead of the primary cache. May be used with the -<strong>-c</strong> option to specify the collection to be searched.</p> -</dd> -</dl> -</section> -<section id="note"> -<h2>NOTE<a class="headerlink" href="#note" title="Link to this heading">¶</a></h2> -<p>Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out.</p> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>Default location of Kerberos 5 credentials cache</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kdestroy</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#note">NOTE</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="User commands" - >previous</a> | - <a href="kinit.html" title="kinit" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/kinit.html b/crypto/krb5/doc/html/user/user_commands/kinit.html deleted file mode 100644 index f647f24ec0a6..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kinit.html +++ /dev/null @@ -1,336 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kinit — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="klist" href="klist.html" /> - <link rel="prev" title="kdestroy" href="kdestroy.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kdestroy.html" title="kdestroy" - accesskey="P">previous</a> | - <a href="klist.html" title="klist" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kinit"> -<span id="kinit-1"></span><h1>kinit<a class="headerlink" href="#kinit" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kinit</strong> -[<strong>-V</strong>] -[<strong>-l</strong> <em>lifetime</em>] -[<strong>-s</strong> <em>start_time</em>] -[<strong>-r</strong> <em>renewable_life</em>] -[<strong>-p</strong> | -<strong>P</strong>] -[<strong>-f</strong> | -<strong>F</strong>] -[<strong>-a</strong>] -[<strong>-A</strong>] -[<strong>-C</strong>] -[<strong>-E</strong>] -[<strong>-v</strong>] -[<strong>-R</strong>] -[<strong>-k</strong> [<strong>-i</strong> | -<strong>t</strong> <em>keytab_file</em>]] -[<strong>-c</strong> <em>cache_name</em>] -[<strong>-n</strong>] -[<strong>-S</strong> <em>service_name</em>] -[<strong>-I</strong> <em>input_ccache</em>] -[<strong>-T</strong> <em>armor_ccache</em>] -[<strong>-X</strong> <em>attribute</em>[=<em>value</em>]] -[<strong>–request-pac</strong> | <strong>–no-request-pac</strong>] -[<em>principal</em>]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>kinit obtains and caches an initial ticket-granting ticket for -<em>principal</em>. If <em>principal</em> is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-V</strong></dt><dd><p>display verbose output.</p> -</dd> -<dt><strong>-l</strong> <em>lifetime</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests a ticket with the lifetime -<em>lifetime</em>.</p> -<p>For example, <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5:30</span></code> or <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5h30m</span></code>.</p> -<p>If the <strong>-l</strong> option is not specified, the default ticket lifetime -(configured by each site) is used. Specifying a ticket lifetime -longer than the maximum ticket lifetime (configured by each site) -will not override the configured maximum ticket lifetime.</p> -</dd> -<dt><strong>-s</strong> <em>start_time</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests a postdated ticket. Postdated -tickets are issued with the <strong>invalid</strong> flag set, and need to be -resubmitted to the KDC for validation before use.</p> -<p><em>start_time</em> specifies the duration of the delay before the ticket -can become valid.</p> -</dd> -<dt><strong>-r</strong> <em>renewable_life</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Requests renewable tickets, with a total -lifetime of <em>renewable_life</em>.</p> -</dd> -<dt><strong>-f</strong></dt><dd><p>requests forwardable tickets.</p> -</dd> -<dt><strong>-F</strong></dt><dd><p>requests non-forwardable tickets.</p> -</dd> -<dt><strong>-p</strong></dt><dd><p>requests proxiable tickets.</p> -</dd> -<dt><strong>-P</strong></dt><dd><p>requests non-proxiable tickets.</p> -</dd> -<dt><strong>-a</strong></dt><dd><p>requests tickets restricted to the host’s local address[es].</p> -</dd> -<dt><strong>-A</strong></dt><dd><p>requests tickets not restricted by address.</p> -</dd> -<dt><strong>-C</strong></dt><dd><p>requests canonicalization of the principal name, and allows the -KDC to reply with a different client principal from the one -requested.</p> -</dd> -<dt><strong>-E</strong></dt><dd><p>treats the principal name as an enterprise name.</p> -</dd> -<dt><strong>-v</strong></dt><dd><p>requests that the ticket-granting ticket in the cache (with the -<strong>invalid</strong> flag set) be passed to the KDC for validation. If the -ticket is within its requested time range, the cache is replaced -with the validated ticket.</p> -</dd> -<dt><strong>-R</strong></dt><dd><p>requests renewal of the ticket-granting ticket. Note that an -expired ticket cannot be renewed, even if the ticket is still -within its renewable life.</p> -<p>Note that renewable tickets that have expired as reported by -<a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a> may sometimes be renewed using this option, -because the KDC applies a grace period to account for client-KDC -clock skew. See <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a> <strong>clockskew</strong> setting.</p> -</dd> -<dt><strong>-k</strong> [<strong>-i</strong> | <strong>-t</strong> <em>keytab_file</em>]</dt><dd><p>requests a ticket, obtained from a key in the local host’s keytab. -The location of the keytab may be specified with the <strong>-t</strong> -<em>keytab_file</em> option, or with the <strong>-i</strong> option to specify the use -of the default client keytab; otherwise the default keytab will be -used. By default, a host ticket for the local host is requested, -but any principal may be specified. On a KDC, the special keytab -location <code class="docutils literal notranslate"><span class="pre">KDB:</span></code> can be used to indicate that kinit should open -the KDC database and look up the key directly. This permits an -administrator to obtain tickets as any principal that supports -authentication based on the key.</p> -</dd> -<dt><strong>-n</strong></dt><dd><p>Requests anonymous processing. Two types of anonymous principals -are supported.</p> -<p>For fully anonymous Kerberos, configure pkinit on the KDC and -configure <strong>pkinit_anchors</strong> in the client’s <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>. -Then use the <strong>-n</strong> option with a principal of the form <code class="docutils literal notranslate"><span class="pre">@REALM</span></code> -(an empty principal name followed by the at-sign and a realm -name). If permitted by the KDC, an anonymous ticket will be -returned.</p> -<p>A second form of anonymous tickets is supported; these -realm-exposed tickets hide the identity of the client but not the -client’s realm. For this mode, use <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-n</span></code> with a normal -principal name. If supported by the KDC, the principal (but not -realm) will be replaced by the anonymous principal.</p> -<p>As of release 1.8, the MIT Kerberos KDC only supports fully -anonymous operation.</p> -</dd> -</dl> -<p><strong>-I</strong> <em>input_ccache</em></p> -<blockquote> -<div><p>Specifies the name of a credentials cache that already contains a -ticket. When obtaining that ticket, if information about how that -ticket was obtained was also stored to the cache, that information -will be used to affect how new credentials are obtained, including -preselecting the same methods of authenticating to the KDC.</p> -</div></blockquote> -<dl> -<dt><strong>-T</strong> <em>armor_ccache</em></dt><dd><p>Specifies the name of a credentials cache that already contains a -ticket. If supported by the KDC, this cache will be used to armor -the request, preventing offline dictionary attacks and allowing -the use of additional preauthentication mechanisms. Armoring also -makes sure that the response from the KDC is not modified in -transit.</p> -</dd> -<dt><strong>-c</strong> <em>cache_name</em></dt><dd><p>use <em>cache_name</em> as the Kerberos 5 credentials (ticket) cache -location. If this option is not used, the default cache location -is used.</p> -<p>The default cache location may vary between systems. If the -<strong>KRB5CCNAME</strong> environment variable is set, its value is used to -locate the default cache. If a principal name is specified and -the type of the default cache supports a collection (such as the -DIR type), an existing cache containing credentials for the -principal is selected or a new one is created and becomes the new -primary cache. Otherwise, any existing contents of the default -cache are destroyed by kinit.</p> -</dd> -<dt><strong>-S</strong> <em>service_name</em></dt><dd><p>specify an alternate service name to use when getting initial -tickets.</p> -</dd> -<dt><strong>-X</strong> <em>attribute</em>[=<em>value</em>]</dt><dd><p>specify a pre-authentication <em>attribute</em> and <em>value</em> to be -interpreted by pre-authentication modules. The acceptable -attribute and value values vary from module to module. This -option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be “yes”.</p> -<p>The following attributes are recognized by the PKINIT -pre-authentication mechanism:</p> -<dl class="simple"> -<dt><strong>X509_user_identity</strong>=<em>value</em></dt><dd><p>specify where to find user’s X509 identity information</p> -</dd> -<dt><strong>X509_anchors</strong>=<em>value</em></dt><dd><p>specify where to find trusted X509 anchor information</p> -</dd> -<dt><strong>disable_freshness</strong>[<strong>=yes</strong>]</dt><dd><p>disable sending freshness tokens (for testing purposes only)</p> -</dd> -</dl> -</dd> -<dt><strong>–request-pac</strong> | <strong>–no-request-pac</strong></dt><dd><p>mutually exclusive. If <strong>–request-pac</strong> is set, ask the KDC to -include a PAC in authdata; if <strong>–no-request-pac</strong> is set, ask the -KDC not to include a PAC; if neither are set, the KDC will follow -its default, which is typically is to include a PAC if doing so is -supported.</p> -</dd> -</dl> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>default location of Kerberos 5 credentials cache</p> -</dd> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a></dt><dd><p>default location for the local host’s keytab.</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kinit</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kdestroy.html" title="kdestroy" - >previous</a> | - <a href="klist.html" title="klist" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/klist.html b/crypto/krb5/doc/html/user/user_commands/klist.html deleted file mode 100644 index c59cf80c4260..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/klist.html +++ /dev/null @@ -1,252 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>klist — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kpasswd" href="kpasswd.html" /> - <link rel="prev" title="kinit" href="kinit.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kinit.html" title="kinit" - accesskey="P">previous</a> | - <a href="kpasswd.html" title="kpasswd" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="klist"> -<span id="klist-1"></span><h1>klist<a class="headerlink" href="#klist" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>klist</strong> -[<strong>-e</strong>] -[[<strong>-c</strong>] [<strong>-l</strong>] [<strong>-A</strong>] [<strong>-f</strong>] [<strong>-s</strong>] [<strong>-a</strong> [<strong>-n</strong>]]] -[<strong>-C</strong>] -[<strong>-k</strong> [<strong>-i</strong>] [<strong>-t</strong>] [<strong>-K</strong>]] -[<strong>-V</strong>] -[<strong>-d</strong>] -[<em>cache_name</em>|<em>keytab_name</em>]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-e</strong></dt><dd><p>Displays the encryption types of the session key and the ticket -for each credential in the credential cache, or each key in the -keytab file.</p> -</dd> -<dt><strong>-l</strong></dt><dd><p>If a cache collection is available, displays a table summarizing -the caches present in the collection.</p> -</dd> -<dt><strong>-A</strong></dt><dd><p>If a cache collection is available, displays the contents of all -of the caches in the collection.</p> -</dd> -<dt><strong>-c</strong></dt><dd><p>List tickets held in a credentials cache. This is the default if -neither <strong>-c</strong> nor <strong>-k</strong> is specified.</p> -</dd> -<dt><strong>-f</strong></dt><dd><p>Shows the flags present in the credentials, using the following -abbreviations:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">F</span> <span class="n">Forwardable</span> -<span class="n">f</span> <span class="n">forwarded</span> -<span class="n">P</span> <span class="n">Proxiable</span> -<span class="n">p</span> <span class="n">proxy</span> -<span class="n">D</span> <span class="n">postDateable</span> -<span class="n">d</span> <span class="n">postdated</span> -<span class="n">R</span> <span class="n">Renewable</span> -<span class="n">I</span> <span class="n">Initial</span> -<span class="n">i</span> <span class="n">invalid</span> -<span class="n">H</span> <span class="n">Hardware</span> <span class="n">authenticated</span> -<span class="n">A</span> <span class="n">preAuthenticated</span> -<span class="n">T</span> <span class="n">Transit</span> <span class="n">policy</span> <span class="n">checked</span> -<span class="n">O</span> <span class="n">Okay</span> <span class="k">as</span> <span class="n">delegate</span> -<span class="n">a</span> <span class="n">anonymous</span> -</pre></div> -</div> -</dd> -<dt><strong>-s</strong></dt><dd><p>Causes klist to run silently (produce no output). klist will exit -with status 1 if the credentials cache cannot be read or is -expired, and with status 0 otherwise.</p> -</dd> -<dt><strong>-a</strong></dt><dd><p>Display list of addresses in credentials.</p> -</dd> -<dt><strong>-n</strong></dt><dd><p>Show numeric addresses instead of reverse-resolving addresses.</p> -</dd> -<dt><strong>-C</strong></dt><dd><p>List configuration data that has been stored in the credentials -cache when klist encounters it. By default, configuration data -is not listed.</p> -</dd> -<dt><strong>-k</strong></dt><dd><p>List keys held in a keytab file.</p> -</dd> -<dt><strong>-i</strong></dt><dd><p>In combination with <strong>-k</strong>, defaults to using the default client -keytab instead of the default acceptor keytab, if no name is -given.</p> -</dd> -<dt><strong>-t</strong></dt><dd><p>Display the time entry timestamps for each keytab entry in the -keytab file.</p> -</dd> -<dt><strong>-K</strong></dt><dd><p>Display the value of the encryption key in each keytab entry in -the keytab file.</p> -</dd> -<dt><strong>-d</strong></dt><dd><p>Display the authdata types (if any) for each entry.</p> -</dd> -<dt><strong>-V</strong></dt><dd><p>Display the Kerberos version number and exit.</p> -</dd> -</dl> -<p>If <em>cache_name</em> or <em>keytab_name</em> is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the <strong>KRB5CCNAME</strong> environment variable is set, its -value is used to locate the default ticket cache.</p> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>Default location of Kerberos 5 credentials cache</p> -</dd> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a></dt><dd><p>Default location for the local host’s keytab file.</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">klist</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kinit.html" title="kinit" - >previous</a> | - <a href="kpasswd.html" title="kpasswd" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/kpasswd.html b/crypto/krb5/doc/html/user/user_commands/kpasswd.html deleted file mode 100644 index 4ba541861f4d..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kpasswd.html +++ /dev/null @@ -1,182 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kpasswd — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="krb5-config" href="krb5-config.html" /> - <link rel="prev" title="klist" href="klist.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="klist.html" title="klist" - accesskey="P">previous</a> | - <a href="krb5-config.html" title="krb5-config" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kpasswd"> -<span id="kpasswd-1"></span><h1>kpasswd<a class="headerlink" href="#kpasswd" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kpasswd</strong> [<em>principal</em>]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>The kpasswd command is used to change a Kerberos principal’s password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed.</p> -<p>If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.)</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><em>principal</em></dt><dd><p>Change the password for the Kerberos principal principal. -Otherwise, kpasswd uses the principal name from an existing ccache -if there is one; if not, the principal is derived from the -identity of the user invoking the kpasswd command.</p> -</dd> -</dl> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="../../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>, <a class="reference internal" href="../../admin/admin_commands/kadmind.html#kadmind-8"><span class="std std-ref">kadmind</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kpasswd</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="klist.html" title="klist" - >previous</a> | - <a href="krb5-config.html" title="krb5-config" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/krb5-config.html b/crypto/krb5/doc/html/user/user_commands/krb5-config.html deleted file mode 100644 index f7fe1e6da5dd..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/krb5-config.html +++ /dev/null @@ -1,223 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>krb5-config — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="ksu" href="ksu.html" /> - <link rel="prev" title="kpasswd" href="kpasswd.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kpasswd.html" title="kpasswd" - accesskey="P">previous</a> | - <a href="ksu.html" title="ksu" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="krb5-config"> -<span id="krb5-config-1"></span><h1>krb5-config<a class="headerlink" href="#krb5-config" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>krb5-config</strong> -[<strong>-</strong><strong>-help</strong> | <strong>-</strong><strong>-all</strong> | <strong>-</strong><strong>-version</strong> | <strong>-</strong><strong>-vendor</strong> | <strong>-</strong><strong>-prefix</strong> | <strong>-</strong><strong>-exec-prefix</strong> | <strong>-</strong><strong>-defccname</strong> | <strong>-</strong><strong>-defktname</strong> | <strong>-</strong><strong>-defcktname</strong> | <strong>-</strong><strong>-cflags</strong> | <strong>-</strong><strong>-libs</strong> [<em>libraries</em>]]</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>krb5-config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-</strong><strong>-help</strong></dt><dd><p>prints a usage message. This is the default behavior when no options -are specified.</p> -</dd> -<dt><strong>-</strong><strong>-all</strong></dt><dd><p>prints the version, vendor, prefix, and exec-prefix.</p> -</dd> -<dt><strong>-</strong><strong>-version</strong></dt><dd><p>prints the version number of the Kerberos installation.</p> -</dd> -<dt><strong>-</strong><strong>-vendor</strong></dt><dd><p>prints the name of the vendor of the Kerberos installation.</p> -</dd> -<dt><strong>-</strong><strong>-prefix</strong></dt><dd><p>prints the prefix for which the Kerberos installation was built.</p> -</dd> -<dt><strong>-</strong><strong>-exec-prefix</strong></dt><dd><p>prints the prefix for executables for which the Kerberos installation -was built.</p> -</dd> -<dt><strong>-</strong><strong>-defccname</strong></dt><dd><p>prints the built-in default credentials cache location.</p> -</dd> -<dt><strong>-</strong><strong>-defktname</strong></dt><dd><p>prints the built-in default keytab location.</p> -</dd> -<dt><strong>-</strong><strong>-defcktname</strong></dt><dd><p>prints the built-in default client (initiator) keytab location.</p> -</dd> -<dt><strong>-</strong><strong>-cflags</strong></dt><dd><p>prints the compilation flags used to build the Kerberos installation.</p> -</dd> -<dt><strong>-</strong><strong>-libs</strong> [<em>library</em>]</dt><dd><p>prints the compiler options needed to link against <em>library</em>. -Allowed values for <em>library</em> are:</p> -<table class="docutils align-default"> -<tbody> -<tr class="row-odd"><td><p>krb5</p></td> -<td><p>Kerberos 5 applications (default)</p></td> -</tr> -<tr class="row-even"><td><p>gssapi</p></td> -<td><p>GSSAPI applications with Kerberos 5 bindings</p></td> -</tr> -<tr class="row-odd"><td><p>kadm-client</p></td> -<td><p>Kadmin client</p></td> -</tr> -<tr class="row-even"><td><p>kadm-server</p></td> -<td><p>Kadmin server</p></td> -</tr> -<tr class="row-odd"><td><p>kdb</p></td> -<td><p>Applications that access the Kerberos database</p></td> -</tr> -</tbody> -</table> -</dd> -</dl> -</section> -<section id="examples"> -<h2>EXAMPLES<a class="headerlink" href="#examples" title="Link to this heading">¶</a></h2> -<p>krb5-config is particularly useful for compiling against a Kerberos -installation that was installed in a non-standard location. For example, -a Kerberos installation that is installed in <code class="docutils literal notranslate"><span class="pre">/opt/krb5/</span></code> but uses -libraries in <code class="docutils literal notranslate"><span class="pre">/usr/local/lib/</span></code> for text localization would produce -the following output:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">shell</span><span class="o">%</span> <span class="n">krb5</span><span class="o">-</span><span class="n">config</span> <span class="o">--</span><span class="n">libs</span> <span class="n">krb5</span> -<span class="o">-</span><span class="n">L</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">krb5</span><span class="o">/</span><span class="n">lib</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">-</span><span class="n">rpath</span> <span class="o">-</span><span class="n">Wl</span><span class="p">,</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">krb5</span><span class="o">/</span><span class="n">lib</span> <span class="o">-</span><span class="n">L</span><span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">lib</span> <span class="o">-</span><span class="n">lkrb5</span> <span class="o">-</span><span class="n">lk5crypto</span> <span class="o">-</span><span class="n">lcom_err</span> -</pre></div> -</div> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a>, cc(1)</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">krb5-config</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#examples">EXAMPLES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kpasswd.html" title="kpasswd" - >previous</a> | - <a href="ksu.html" title="ksu" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/ksu.html b/crypto/krb5/doc/html/user/user_commands/ksu.html deleted file mode 100644 index b010f9d0c8f2..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/ksu.html +++ /dev/null @@ -1,514 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>ksu — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kswitch" href="kswitch.html" /> - <link rel="prev" title="krb5-config" href="krb5-config.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="krb5-config.html" title="krb5-config" - accesskey="P">previous</a> | - <a href="kswitch.html" title="kswitch" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="ksu"> -<span id="ksu-1"></span><h1>ksu<a class="headerlink" href="#ksu" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>ksu</strong> -[ <em>target_user</em> ] -[ <strong>-n</strong> <em>target_principal_name</em> ] -[ <strong>-c</strong> <em>source_cache_name</em> ] -[ <strong>-k</strong> ] -[ <strong>-r</strong> time ] -[ <strong>-p</strong> | <strong>-P</strong>] -[ <strong>-f</strong> | <strong>-F</strong>] -[ <strong>-l</strong> <em>lifetime</em> ] -[ <strong>-z | Z</strong> ] -[ <strong>-q</strong> ] -[ <strong>-e</strong> <em>command</em> [ args … ] ] [ <strong>-a</strong> [ args … ] ]</p> -</section> -<section id="requirements"> -<h2>REQUIREMENTS<a class="headerlink" href="#requirements" title="Link to this heading">¶</a></h2> -<p>Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu.</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context.</p> -<div class="admonition note"> -<p class="admonition-title">Note</p> -<p>For the sake of clarity, all references to and attributes of -the user invoking the program will start with “source” -(e.g., “source user”, “source cache”, etc.).</p> -<p>Likewise, all references to and attributes of the target -account will start with “target”.</p> -</div> -</section> -<section id="authentication"> -<h2>AUTHENTICATION<a class="headerlink" href="#authentication" title="Link to this heading">¶</a></h2> -<p>To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the <strong>-n</strong> option (e.g., <code class="docutils literal notranslate"><span class="pre">-n</span> <span class="pre">jqpublic@USC.EDU</span></code>) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see <strong>-n</strong> option). The target user -name must be the first argument to ksu; if not specified root is the -default. If <code class="docutils literal notranslate"><span class="pre">.</span></code> is specified then the target user will be the -source user (e.g., <code class="docutils literal notranslate"><span class="pre">ksu</span> <span class="pre">.</span></code>). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache.</p> -<p>The ticket can either be for the end-server or a ticket granting -ticket (TGT) for the target principal’s realm. If the ticket for the -end-server is already in the cache, it’s decrypted and verified. If -it’s not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end-server. The end-server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -<strong>GET_TGT_VIA_PASSWD</strong> define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -<strong>GET_TGT_VIA_PASSWD</strong> is not defined, authentication fails.</p> -</section> -<section id="authorization"> -<h2>AUTHORIZATION<a class="headerlink" href="#authorization" title="Link to this heading">¶</a></h2> -<p>This section describes authorization of the source user when ksu is -invoked without the <strong>-e</strong> option. For a description of the <strong>-e</strong> -option, see the OPTIONS section.</p> -<p>Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user’s home directory, ksu attempts to access two authorization files: -<a class="reference internal" href="../user_config/k5login.html#k5login-5"><span class="std std-ref">.k5login</span></a> and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account.</p> -<p>For example:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">jqpublic</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">jqpublic</span><span class="o">/</span><span class="n">secure</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> -<span class="n">jqpublic</span><span class="o">/</span><span class="n">admin</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> -</pre></div> -</div> -<p>The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the <strong>-e</strong> option in the OPTIONS section for details).</p> -<p>Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by <code class="docutils literal notranslate"><span class="pre">*</span></code> then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname->lname mapping -rules. Otherwise, authorization fails.</p> -</section> -<section id="execution-of-the-target-shell"> -<h2>EXECUTION OF THE TARGET SHELL<a class="headerlink" href="#execution-of-the-target-shell" title="Link to this heading">¶</a></h2> -<p>Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login’s -default values. In addition, the environment variable <strong>KRB5CCNAME</strong> -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user’s shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the <strong>-k</strong> option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su.</p> -</section> -<section id="creating-a-new-security-context"> -<h2>CREATING A NEW SECURITY CONTEXT<a class="headerlink" href="#creating-a-new-security-context" title="Link to this heading">¶</a></h2> -<p>ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the <strong>-e</strong> -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using <strong>-z</strong> or <strong>-Z</strong> option. <strong>-z</strong> restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The <strong>-Z</strong> option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non-root, <strong>-z</strong> option is the default mode of -operation.</p> -<p>While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If <strong>-n</strong> is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless <strong>-Z</strong> specified or <strong>GET_TGT_VIA_PASSWD</strong> -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails.</p> -<div class="admonition note"> -<p class="admonition-title">Note</p> -<p>During authentication, only the tickets that could be -obtained without providing a password are cached in the -source cache.</p> -</div> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl> -<dt><strong>-n</strong> <em>target_principal_name</em></dt><dd><p>Specify a Kerberos target principal name. Used in authentication -and authorization phases of ksu.</p> -<p>If ksu is invoked without <strong>-n</strong>, a default principal name is -assigned via the following heuristic:</p> -<ul> -<li><p>Case 1: source user is non-root.</p> -<p>If the target user is the source user the default principal name -is set to the default principal of the source cache. If the -cache does not exist then the default principal name is set to -<code class="docutils literal notranslate"><span class="pre">target_user@local_realm</span></code>. If the source and target users are -different and neither <code class="docutils literal notranslate"><span class="pre">~target_user/.k5users</span></code> nor -<code class="docutils literal notranslate"><span class="pre">~target_user/.k5login</span></code> exist then the default principal name -is <code class="docutils literal notranslate"><span class="pre">target_user_login_name@local_realm</span></code>. Otherwise, starting -with the first principal listed below, ksu checks if the -principal is authorized to access the target account and whether -there is a legitimate ticket for that principal in the source -cache. If both conditions are met that principal becomes the -default target principal, otherwise go to the next principal.</p> -<ol class="loweralpha simple"> -<li><p>default principal of the source cache</p></li> -<li><p>target_user@local_realm</p></li> -<li><p>source_user@local_realm</p></li> -</ol> -<p>If a-c fails try any principal for which there is a ticket in -the source cache and that is authorized to access the target -account. If that fails select the first principal that is -authorized to access the target account from the above list. If -none are authorized and ksu is configured with -<strong>PRINC_LOOK_AHEAD</strong> turned on, select the default principal as -follows:</p> -<p>For each candidate in the above list, select an authorized -principal that has the same realm name and first part of the -principal name equal to the prefix of the candidate. For -example if candidate a) is <code class="docutils literal notranslate"><span class="pre">jqpublic@ISI.EDU</span></code> and -<code class="docutils literal notranslate"><span class="pre">jqpublic/secure@ISI.EDU</span></code> is authorized to access the target -account then the default principal is set to -<code class="docutils literal notranslate"><span class="pre">jqpublic/secure@ISI.EDU</span></code>.</p> -</li> -<li><p>Case 2: source user is root.</p> -<p>If the target user is non-root then the default principal name -is <code class="docutils literal notranslate"><span class="pre">target_user@local_realm</span></code>. Else, if the source cache -exists the default principal name is set to the default -principal of the source cache. If the source cache does not -exist, default principal name is set to <code class="docutils literal notranslate"><span class="pre">root\@local_realm</span></code>.</p> -</li> -</ul> -</dd> -</dl> -<p><strong>-c</strong> <em>source_cache_name</em></p> -<blockquote> -<div><p>Specify source cache name (e.g., <code class="docutils literal notranslate"><span class="pre">-c</span> <span class="pre">FILE:/tmp/my_cache</span></code>). If -<strong>-c</strong> option is not used then the name is obtained from -<strong>KRB5CCNAME</strong> environment variable. If <strong>KRB5CCNAME</strong> is not -defined the source cache name is set to <code class="docutils literal notranslate"><span class="pre">krb5cc_<source</span> <span class="pre">uid></span></code>. -The target cache name is automatically set to <code class="docutils literal notranslate"><span class="pre">krb5cc_<target</span> -<span class="pre">uid>.(gen_sym())</span></code>, where gen_sym generates a new number such that -the resulting cache does not already exist. For example:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">krb5cc_1984</span><span class="mf">.2</span> -</pre></div> -</div> -</div></blockquote> -<dl class="simple"> -<dt><strong>-k</strong></dt><dd><p>Do not delete the target cache upon termination of the target -shell or a command (<strong>-e</strong> command). Without <strong>-k</strong>, ksu deletes -the target cache.</p> -</dd> -<dt><strong>-z</strong></dt><dd><p>Restrict the copy of tickets from the source cache to the target -cache to only the tickets where client == the target principal -name. Use the <strong>-n</strong> option if you want the tickets for other then -the default principal. Note that the <strong>-z</strong> option is mutually -exclusive with the <strong>-Z</strong> option.</p> -</dd> -<dt><strong>-Z</strong></dt><dd><p>Don’t copy any tickets from the source cache to the target cache. -Just create a fresh target cache, where the default principal name -of the cache is initialized to the target principal name. Note -that the <strong>-Z</strong> option is mutually exclusive with the <strong>-z</strong> -option.</p> -</dd> -<dt><strong>-q</strong></dt><dd><p>Suppress the printing of status messages.</p> -</dd> -</dl> -<p>Ticket granting ticket options:</p> -<dl> -<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-p</strong> <strong>-P</strong> <strong>-f</strong> <strong>-F</strong></dt><dd><p>The ticket granting ticket options only apply to the case where -there are no appropriate tickets in the cache to authenticate the -source user. In this case if ksu is configured to prompt users -for a Kerberos password (<strong>GET_TGT_VIA_PASSWD</strong> is defined), the -ticket granting ticket options that are specified will be used -when getting a ticket granting ticket from the Kerberos server.</p> -</dd> -<dt><strong>-l</strong> <em>lifetime</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Specifies the lifetime to be requested -for the ticket; if this option is not specified, the default ticket -lifetime (12 hours) is used instead.</p> -</dd> -<dt><strong>-r</strong> <em>time</em></dt><dd><p>(<a class="reference internal" href="../../basic/date_format.html#duration"><span class="std std-ref">Time duration</span></a> string.) Specifies that the <strong>renewable</strong> option -should be requested for the ticket, and specifies the desired -total lifetime of the ticket.</p> -</dd> -<dt><strong>-p</strong></dt><dd><p>specifies that the <strong>proxiable</strong> option should be requested for -the ticket.</p> -</dd> -<dt><strong>-P</strong></dt><dd><p>specifies that the <strong>proxiable</strong> option should not be requested -for the ticket, even if the default configuration is to ask for -proxiable tickets.</p> -</dd> -<dt><strong>-f</strong></dt><dd><p>option specifies that the <strong>forwardable</strong> option should be -requested for the ticket.</p> -</dd> -<dt><strong>-F</strong></dt><dd><p>option specifies that the <strong>forwardable</strong> option should not be -requested for the ticket, even if the default configuration is to -ask for forwardable tickets.</p> -</dd> -<dt><strong>-e</strong> <em>command</em> [<em>args</em> …]</dt><dd><p>ksu proceeds exactly the same as if it was invoked without the -<strong>-e</strong> option, except instead of executing the target shell, ksu -executes the specified command. Example of usage:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ksu</span> <span class="n">bob</span> <span class="o">-</span><span class="n">e</span> <span class="n">ls</span> <span class="o">-</span><span class="n">lag</span> -</pre></div> -</div> -<p>The authorization algorithm for <strong>-e</strong> is as follows:</p> -<p>If the source user is root or source user == target user, no -authorization takes place and the command is executed. If source -user id != 0, and <code class="docutils literal notranslate"><span class="pre">~target_user/.k5users</span></code> file does not exist, -authorization fails. Otherwise, <code class="docutils literal notranslate"><span class="pre">~target_user/.k5users</span></code> file -must have an appropriate entry for target principal to get -authorized.</p> -<p>The .k5users file format:</p> -<p>A single principal entry on each line that may be followed by a -list of commands that the principal is authorized to execute. A -principal name followed by a <code class="docutils literal notranslate"><span class="pre">*</span></code> means that the user is -authorized to execute any command. Thus, in the following -example:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">jqpublic</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> <span class="n">ls</span> <span class="n">mail</span> <span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">kerberos</span><span class="o">/</span><span class="n">klist</span> -<span class="n">jqpublic</span><span class="o">/</span><span class="n">secure</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> <span class="o">*</span> -<span class="n">jqpublic</span><span class="o">/</span><span class="n">admin</span><span class="nd">@USC</span><span class="o">.</span><span class="n">EDU</span> -</pre></div> -</div> -<p><code class="docutils literal notranslate"><span class="pre">jqpublic@USC.EDU</span></code> is only authorized to execute <code class="docutils literal notranslate"><span class="pre">ls</span></code>, -<code class="docutils literal notranslate"><span class="pre">mail</span></code> and <code class="docutils literal notranslate"><span class="pre">klist</span></code> commands. <code class="docutils literal notranslate"><span class="pre">jqpublic/secure@USC.EDU</span></code> is -authorized to execute any command. <code class="docutils literal notranslate"><span class="pre">jqpublic/admin@USC.EDU</span></code> is -not authorized to execute any command. Note, that -<code class="docutils literal notranslate"><span class="pre">jqpublic/admin@USC.EDU</span></code> is authorized to execute the target -shell (regular ksu, without the <strong>-e</strong> option) but -<code class="docutils literal notranslate"><span class="pre">jqpublic@USC.EDU</span></code> is not.</p> -<p>The commands listed after the principal name must be either a full -path names or just the program name. In the second case, -<strong>CMD_PATH</strong> specifying the location of authorized programs must -be defined at the compilation time of ksu. Which command gets -executed?</p> -<p>If the source user is root or the target user is the source user -or the user is authorized to execute any command (<code class="docutils literal notranslate"><span class="pre">*</span></code> entry) -then command can be either a full or a relative path leading to -the target program. Otherwise, the user must specify either a -full path or just the program name.</p> -</dd> -<dt><strong>-a</strong> <em>args</em></dt><dd><p>Specify arguments to be passed to the target shell. Note that all -flags and parameters following -a will be passed to the shell, -thus all options intended for ksu must precede <strong>-a</strong>.</p> -<p>The <strong>-a</strong> option can be used to simulate the <strong>-e</strong> option if -used as follows:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">-</span><span class="n">a</span> <span class="o">-</span><span class="n">c</span> <span class="p">[</span><span class="n">command</span> <span class="p">[</span><span class="n">arguments</span><span class="p">]]</span><span class="o">.</span> -</pre></div> -</div> -<p><strong>-c</strong> is interpreted by the c-shell to execute the command.</p> -</dd> -</dl> -</section> -<section id="installation-instructions"> -<h2>INSTALLATION INSTRUCTIONS<a class="headerlink" href="#installation-instructions" title="Link to this heading">¶</a></h2> -<p>ksu can be compiled with the following four flags:</p> -<dl class="simple"> -<dt><strong>GET_TGT_VIA_PASSWD</strong></dt><dd><p>In case no appropriate tickets are found in the source cache, the -user will be prompted for a Kerberos password. The password is -then used to get a ticket granting ticket from the Kerberos -server. The danger of configuring ksu with this macro is if the -source user is logged in remotely and does not have a secure -channel, the password may get exposed.</p> -</dd> -<dt><strong>PRINC_LOOK_AHEAD</strong></dt><dd><p>During the resolution of the default principal name, -<strong>PRINC_LOOK_AHEAD</strong> enables ksu to find principal names in -the .k5users file as described in the OPTIONS section -(see <strong>-n</strong> option).</p> -</dd> -<dt><strong>CMD_PATH</strong></dt><dd><p>Specifies a list of directories containing programs that users are -authorized to execute (via .k5users file).</p> -</dd> -<dt><strong>HAVE_GETUSERSHELL</strong></dt><dd><p>If the source user is non-root, ksu insists that the target user’s -shell to be invoked is a “legal shell”. <em>getusershell(3)</em> is -called to obtain the names of “legal shells”. Note that the -target user’s shell is obtained from the passwd file.</p> -</dd> -</dl> -<p>Sample configuration:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">KSU_OPTS</span> <span class="o">=</span> <span class="o">-</span><span class="n">DGET_TGT_VIA_PASSWD</span> <span class="o">-</span><span class="n">DPRINC_LOOK_AHEAD</span> <span class="o">-</span><span class="n">DCMD_PATH</span><span class="o">=</span><span class="s1">'"/bin /usr/ucb /local/bin"</span> -</pre></div> -</div> -<p>ksu should be owned by root and have the set user id bit turned on.</p> -<p>ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., <code class="docutils literal notranslate"><span class="pre">host/nii.isi.edu@ISI.EDU</span></code>). The keytab -file must be in an appropriate location.</p> -</section> -<section id="side-effects"> -<h2>SIDE EFFECTS<a class="headerlink" href="#side-effects" title="Link to this heading">¶</a></h2> -<p>ksu deletes all expired tickets from the source cache.</p> -</section> -<section id="author-of-ksu"> -<h2>AUTHOR OF KSU<a class="headerlink" href="#author-of-ksu" title="Link to this heading">¶</a></h2> -<p>GENNADY (ARI) MEDVINSKY</p> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a>, <a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">ksu</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#requirements">REQUIREMENTS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#authentication">AUTHENTICATION</a></li> -<li><a class="reference internal" href="#authorization">AUTHORIZATION</a></li> -<li><a class="reference internal" href="#execution-of-the-target-shell">EXECUTION OF THE TARGET SHELL</a></li> -<li><a class="reference internal" href="#creating-a-new-security-context">CREATING A NEW SECURITY CONTEXT</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#installation-instructions">INSTALLATION INSTRUCTIONS</a></li> -<li><a class="reference internal" href="#side-effects">SIDE EFFECTS</a></li> -<li><a class="reference internal" href="#author-of-ksu">AUTHOR OF KSU</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="krb5-config.html" title="krb5-config" - >previous</a> | - <a href="kswitch.html" title="kswitch" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/kswitch.html b/crypto/krb5/doc/html/user/user_commands/kswitch.html deleted file mode 100644 index 5384b1468eb6..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kswitch.html +++ /dev/null @@ -1,187 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kswitch — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kvno" href="kvno.html" /> - <link rel="prev" title="ksu" href="ksu.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="ksu.html" title="ksu" - accesskey="P">previous</a> | - <a href="kvno.html" title="kvno" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kswitch"> -<span id="kswitch-1"></span><h1>kswitch<a class="headerlink" href="#kswitch" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kswitch</strong> -{<strong>-c</strong> <em>cachename</em>|<strong>-p</strong> <em>principal</em>}</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><strong>-c</strong> <em>cachename</em></dt><dd><p>Directly specifies the credential cache to be made primary.</p> -</dd> -<dt><strong>-p</strong> <em>principal</em></dt><dd><p>Causes the cache collection to be searched for a cache containing -credentials for <em>principal</em>. If one is found, that collection is -made primary.</p> -</dd> -</dl> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>Default location of Kerberos 5 credentials cache</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="klist.html#klist-1"><span class="std std-ref">klist</span></a>, -<a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kswitch</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="ksu.html" title="ksu" - >previous</a> | - <a href="kvno.html" title="kvno" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/kvno.html b/crypto/krb5/doc/html/user/user_commands/kvno.html deleted file mode 100644 index dd32f670f032..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/kvno.html +++ /dev/null @@ -1,245 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kvno — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="sclient" href="sclient.html" /> - <link rel="prev" title="kswitch" href="kswitch.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kswitch.html" title="kswitch" - accesskey="P">previous</a> | - <a href="sclient.html" title="sclient" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kvno"> -<span id="kvno-1"></span><h1>kvno<a class="headerlink" href="#kvno" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>kvno</strong> -[<strong>-c</strong> <em>ccache</em>] -[<strong>-e</strong> <em>etype</em>] -[<strong>-k</strong> <em>keytab</em>] -[<strong>-q</strong>] -[<strong>-u</strong> | <strong>-S</strong> <em>sname</em>] -[<strong>-P</strong>] -[<strong>–cached-only</strong>] -[<strong>–no-store</strong>] -[<strong>–out-cache</strong> <em>cache</em>] -[[{<strong>-F</strong> <em>cert_file</em> | {<strong>-I</strong> | <strong>-U</strong>} <em>for_user</em>} [<strong>-P</strong>]] | <strong>–u2u</strong> <em>ccache</em>] -<em>service1 service2</em> …</p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each.</p> -</section> -<section id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><strong>-c</strong> <em>ccache</em></dt><dd><p>Specifies the name of a credentials cache to use (if not the -default)</p> -</dd> -<dt><strong>-e</strong> <em>etype</em></dt><dd><p>Specifies the enctype which will be requested for the session key -of all the services named on the command line. This is useful in -certain backward compatibility situations.</p> -</dd> -<dt><strong>-k</strong> <em>keytab</em></dt><dd><p>Decrypt the acquired tickets using <em>keytab</em> to confirm their -validity.</p> -</dd> -<dt><strong>-q</strong></dt><dd><p>Suppress printing output when successful. If a service ticket -cannot be obtained, an error message will still be printed and -kvno will exit with nonzero status.</p> -</dd> -<dt><strong>-u</strong></dt><dd><p>Use the unknown name type in requested service principal names. -This option Cannot be used with <em>-S</em>.</p> -</dd> -<dt><strong>-P</strong></dt><dd><p>Specifies that the <em>service1 service2</em> … arguments are to be -treated as services for which credentials should be acquired using -constrained delegation. This option is only valid when used in -conjunction with protocol transition.</p> -</dd> -<dt><strong>-S</strong> <em>sname</em></dt><dd><p>Specifies that the <em>service1 service2</em> … arguments are -interpreted as hostnames, and the service principals are to be -constructed from those hostnames and the service name <em>sname</em>. -The service hostnames will be canonicalized according to the usual -rules for constructing service principals.</p> -</dd> -<dt><strong>-I</strong> <em>for_user</em></dt><dd><p>Specifies that protocol transition (S4U2Self) is to be used to -acquire a ticket on behalf of <em>for_user</em>. If constrained -delegation is not requested, the service name must match the -credentials cache client principal.</p> -</dd> -<dt><strong>-U</strong> <em>for_user</em></dt><dd><p>Same as -I, but treats <em>for_user</em> as an enterprise name.</p> -</dd> -<dt><strong>-F</strong> <em>cert_file</em></dt><dd><p>Specifies that protocol transition is to be used, identifying the -client principal with the X.509 certificate in <em>cert_file</em>. The -certificate file must be in PEM format.</p> -</dd> -<dt><strong>–cached-only</strong></dt><dd><p>Only retrieve credentials already present in the cache, not from -the KDC. (Added in release 1.19.)</p> -</dd> -<dt><strong>–no-store</strong></dt><dd><p>Do not store retrieved credentials in the cache. If -<strong>–out-cache</strong> is also specified, credentials will still be -stored into the output credential cache. (Added in release 1.19.)</p> -</dd> -<dt><strong>–out-cache</strong> <em>ccache</em></dt><dd><p>Initialize <em>ccache</em> and store all retrieved credentials into it. -Do not store acquired credentials in the input cache. (Added in -release 1.19.)</p> -</dd> -<dt><strong>–u2u</strong> <em>ccache</em></dt><dd><p>Requests a user-to-user ticket. <em>ccache</em> must contain a local -krbtgt ticket for the server principal. The reported version -number will typically be 0, as the resulting ticket is not -encrypted in the server’s long-term key.</p> -</dd> -</dl> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Link to this heading">¶</a></h2> -<dl class="simple"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCCNAME</span></a></dt><dd><p>Default location of the credentials cache</p> -</dd> -</dl> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kvno</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kswitch.html" title="kswitch" - >previous</a> | - <a href="sclient.html" title="sclient" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_commands/sclient.html b/crypto/krb5/doc/html/user/user_commands/sclient.html deleted file mode 100644 index c6e5e29a366e..000000000000 --- a/crypto/krb5/doc/html/user/user_commands/sclient.html +++ /dev/null @@ -1,167 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>sclient — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="For administrators" href="../../admin/index.html" /> - <link rel="prev" title="kvno" href="kvno.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kvno.html" title="kvno" - accesskey="P">previous</a> | - <a href="../../admin/index.html" title="For administrators" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="sclient"> -<span id="sclient-1"></span><h1>sclient<a class="headerlink" href="#sclient" title="Link to this heading">¶</a></h1> -<section id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading">¶</a></h2> -<p><strong>sclient</strong> <em>remotehost</em></p> -</section> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><span class="std std-ref">sserver</span></a> and -authenticates to it using Kerberos version 5 tickets, then displays -the server’s response.</p> -</section> -<section id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Link to this heading">¶</a></h2> -<p>See <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a> for a description of Kerberos environment -variables.</p> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><span class="std std-ref">sserver</span></a>, <a class="reference internal" href="../user_config/kerberos.html#kerberos-7"><span class="std std-ref">kerberos</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">sclient</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kvno.html" title="kvno" - >previous</a> | - <a href="../../admin/index.html" title="For administrators" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_config/index.html b/crypto/krb5/doc/html/user/user_config/index.html deleted file mode 100644 index 1a9cc8e77b63..000000000000 --- a/crypto/krb5/doc/html/user/user_config/index.html +++ /dev/null @@ -1,145 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>User config files — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="kerberos" href="kerberos.html" /> - <link rel="prev" title="Ticket management" href="../tkt_mgmt.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../tkt_mgmt.html" title="Ticket management" - accesskey="P">previous</a> | - <a href="kerberos.html" title="kerberos" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="user-config-files"> -<h1>User config files<a class="headerlink" href="#user-config-files" title="Link to this heading">¶</a></h1> -<p>The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host’s configuration):</p> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="kerberos.html">kerberos</a></li> -<li class="toctree-l1"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l1"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</div> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">User config files</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="#">User config files</a><ul> -<li class="toctree-l3"><a class="reference internal" href="kerberos.html">kerberos</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../tkt_mgmt.html" title="Ticket management" - >previous</a> | - <a href="kerberos.html" title="kerberos" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_config/k5identity.html b/crypto/krb5/doc/html/user/user_config/k5identity.html deleted file mode 100644 index 20bcd756654b..000000000000 --- a/crypto/krb5/doc/html/user/user_config/k5identity.html +++ /dev/null @@ -1,193 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>.k5identity — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title="User commands" href="../user_commands/index.html" /> - <link rel="prev" title=".k5login" href="k5login.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="k5login.html" title=".k5login" - accesskey="P">previous</a> | - <a href="../user_commands/index.html" title="User commands" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="k5identity"> -<span id="k5identity-5"></span><h1>.k5identity<a class="headerlink" href="#k5identity" title="Link to this heading">¶</a></h1> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>The .k5identity file, which resides in a user’s home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible.</p> -<p>Blank lines and lines beginning with <code class="docutils literal notranslate"><span class="pre">#</span></code> are ignored. Each line has -the form:</p> -<blockquote> -<div><p><em>principal</em> <em>field</em>=<em>value</em> …</p> -</div></blockquote> -<p>If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized:</p> -<dl> -<dt><strong>realm</strong></dt><dd><p>If the realm of the server principal is known, it is matched -against <em>value</em>, which may be a pattern using shell wildcards. -For host-based server principals, the realm will generally only be -known if there is a <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#domain-realm"><span class="std std-ref">[domain_realm]</span></a> section in -<a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a> with a mapping for the hostname.</p> -</dd> -<dt><strong>service</strong></dt><dd><p>If the server principal is a host-based principal, its service -component is matched against <em>value</em>, which may be a pattern using -shell wildcards.</p> -</dd> -<dt><strong>host</strong></dt><dd><p>If the server principal is a host-based principal, its hostname -component is converted to lower case and matched against <em>value</em>, -which may be a pattern using shell wildcards.</p> -<p>If the server principal matches the constraints of multiple lines -in the .k5identity file, the principal from the first matching -line is used. If no line matches, credentials will be selected -some other way, such as the realm heuristic or the current primary -cache.</p> -</dd> -</dl> -</section> -<section id="example"> -<h2>EXAMPLE<a class="headerlink" href="#example" title="Link to this heading">¶</a></h2> -<p>The following example .k5identity file selects the client principal -<code class="docutils literal notranslate"><span class="pre">alice@KRBTEST.COM</span></code> if the server principal is within that realm, -the principal <code class="docutils literal notranslate"><span class="pre">alice/root@EXAMPLE.COM</span></code> if the server host is within -a servers subdomain, and the principal <code class="docutils literal notranslate"><span class="pre">alice/mail@EXAMPLE.COM</span></code> when -accessing the IMAP service on <code class="docutils literal notranslate"><span class="pre">mail.example.com</span></code>:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">alice</span><span class="nd">@KRBTEST</span><span class="o">.</span><span class="n">COM</span> <span class="n">realm</span><span class="o">=</span><span class="n">KRBTEST</span><span class="o">.</span><span class="n">COM</span> -<span class="n">alice</span><span class="o">/</span><span class="n">root</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> <span class="n">host</span><span class="o">=*.</span><span class="n">servers</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> -<span class="n">alice</span><span class="o">/</span><span class="n">mail</span><span class="nd">@EXAMPLE</span><span class="o">.</span><span class="n">COM</span> <span class="n">host</span><span class="o">=</span><span class="n">mail</span><span class="o">.</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> <span class="n">service</span><span class="o">=</span><span class="n">imap</span> -</pre></div> -</div> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p>kerberos(1), <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a></p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">.k5identity</a><ul> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#example">EXAMPLE</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kerberos.html">kerberos</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="k5login.html" title=".k5login" - >previous</a> | - <a href="../user_commands/index.html" title="User commands" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_config/k5login.html b/crypto/krb5/doc/html/user/user_config/k5login.html deleted file mode 100644 index d87b1f29d583..000000000000 --- a/crypto/krb5/doc/html/user/user_config/k5login.html +++ /dev/null @@ -1,184 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>.k5login — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title=".k5identity" href="k5identity.html" /> - <link rel="prev" title="kerberos" href="kerberos.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kerberos.html" title="kerberos" - accesskey="P">previous</a> | - <a href="k5identity.html" title=".k5identity" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="k5login"> -<span id="k5login-5"></span><h1>.k5login<a class="headerlink" href="#k5login" title="Link to this heading">¶</a></h1> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>The .k5login file, which resides in a user’s home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root’s home directory, thereby granting system -administrators remote root access to the host via Kerberos.</p> -</section> -<section id="examples"> -<h2>EXAMPLES<a class="headerlink" href="#examples" title="Link to this heading">¶</a></h2> -<p>Suppose the user <code class="docutils literal notranslate"><span class="pre">alice</span></code> had a .k5login file in her home directory -containing just the following line:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">bob</span><span class="nd">@FOOBAR</span><span class="o">.</span><span class="n">ORG</span> -</pre></div> -</div> -<p>This would allow <code class="docutils literal notranslate"><span class="pre">bob</span></code> to use Kerberos network applications, such as -ssh(1), to access <code class="docutils literal notranslate"><span class="pre">alice</span></code>’s account, using <code class="docutils literal notranslate"><span class="pre">bob</span></code>’s Kerberos -tickets. In a default configuration (with <strong>k5login_authoritative</strong> set -to true in <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>), this .k5login file would not let -<code class="docutils literal notranslate"><span class="pre">alice</span></code> use those network applications to access her account, since -she is not listed! With no .k5login file, or with <strong>k5login_authoritative</strong> -set to false, a default rule would permit the principal <code class="docutils literal notranslate"><span class="pre">alice</span></code> in the -machine’s default realm to access the <code class="docutils literal notranslate"><span class="pre">alice</span></code> account.</p> -<p>Let us further suppose that <code class="docutils literal notranslate"><span class="pre">alice</span></code> is a system administrator. -Alice and the other system administrators would have their principals -in root’s .k5login file on each host:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">alice</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span> - -<span class="n">joeadmin</span><span class="o">/</span><span class="n">root</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span> -</pre></div> -</div> -<p>This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because <code class="docutils literal notranslate"><span class="pre">bob</span></code> retains the Kerberos tickets for -his own principal, <code class="docutils literal notranslate"><span class="pre">bob@FOOBAR.ORG</span></code>, he would not have any of the -privileges that require <code class="docutils literal notranslate"><span class="pre">alice</span></code>’s tickets, such as root access to -any of the site’s hosts, or the ability to change <code class="docutils literal notranslate"><span class="pre">alice</span></code>’s -password.</p> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p>kerberos(1)</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">.k5login</a><ul> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#examples">EXAMPLES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kerberos.html">kerberos</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="#">.k5login</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kerberos.html" title="kerberos" - >previous</a> | - <a href="k5identity.html" title=".k5identity" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/crypto/krb5/doc/html/user/user_config/kerberos.html b/crypto/krb5/doc/html/user/user_config/kerberos.html deleted file mode 100644 index 855d3213f7f9..000000000000 --- a/crypto/krb5/doc/html/user/user_config/kerberos.html +++ /dev/null @@ -1,301 +0,0 @@ -<!DOCTYPE html> - -<html lang="en" data-content_root="../../"> - <head> - <meta charset="utf-8" /> - <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> - - <title>kerberos — MIT Kerberos Documentation</title> - <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" /> - <link rel="stylesheet" type="text/css" href="../../_static/agogo.css?v=879f3c71" /> - <link rel="stylesheet" type="text/css" href="../../_static/kerb.css?v=6a0b3979" /> - <script src="../../_static/documentation_options.js?v=236fef3b"></script> - <script src="../../_static/doctools.js?v=888ff710"></script> - <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="index" title="Index" href="../../genindex.html" /> - <link rel="search" title="Search" href="../../search.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="next" title=".k5login" href="k5login.html" /> - <link rel="prev" title="User config files" href="index.html" /> - </head><body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="User config files" - accesskey="P">previous</a> | - <a href="k5login.html" title=".k5login" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kerberos">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body" role="main"> - - <section id="kerberos"> -<span id="kerberos-7"></span><h1>kerberos<a class="headerlink" href="#kerberos" title="Link to this heading">¶</a></h1> -<section id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading">¶</a></h2> -<p>The Kerberos system authenticates individual users in a network -environment. After authenticating yourself to Kerberos, you can use -Kerberos-enabled programs without having to present passwords or -certificates to those programs.</p> -<p>If you receive the following response from <a class="reference internal" href="../user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>:</p> -<p>kinit: Client not found in Kerberos database while getting initial -credentials</p> -<p>you haven’t been registered as a Kerberos user. See your system -administrator.</p> -<p>A Kerberos name usually contains three parts. The first is the -<strong>primary</strong>, which is usually a user’s or service’s name. The second -is the <strong>instance</strong>, which in the case of a user is usually null. -Some users may have privileged instances, however, such as <code class="docutils literal notranslate"><span class="pre">root</span></code> or -<code class="docutils literal notranslate"><span class="pre">admin</span></code>. In the case of a service, the instance is the fully -qualified name of the machine on which it runs; i.e. there can be an -ssh service running on the machine ABC (<a class="reference external" href="mailto:ssh/ABC%40REALM">ssh/ABC<span>@</span>REALM</a>), which is -different from the ssh service running on the machine XYZ -(<a class="reference external" href="mailto:ssh/XYZ%40REALM">ssh/XYZ<span>@</span>REALM</a>). The third part of a Kerberos name is the <strong>realm</strong>. -The realm corresponds to the Kerberos service providing authentication -for the principal. Realms are conventionally all-uppercase, and often -match the end of hostnames in the realm (for instance, host01.example.com -might be in realm EXAMPLE.COM).</p> -<p>When writing a Kerberos name, the principal name is separated from the -instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an “@” sign. The following are examples -of valid Kerberos names:</p> -<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">david</span> -<span class="n">jennifer</span><span class="o">/</span><span class="n">admin</span> -<span class="n">joeuser</span><span class="nd">@BLEEP</span><span class="o">.</span><span class="n">COM</span> -<span class="n">cbrown</span><span class="o">/</span><span class="n">root</span><span class="nd">@FUBAR</span><span class="o">.</span><span class="n">ORG</span> -</pre></div> -</div> -<p>When you authenticate yourself with Kerberos you get an initial -Kerberos <strong>ticket</strong>. (A Kerberos ticket is an encrypted protocol -message that provides authentication.) Kerberos uses this ticket for -network utilities such as ssh. The ticket transactions are done -transparently, so you don’t have to worry about their management.</p> -<p>Note, however, that tickets expire. Administrators may configure more -privileged tickets, such as those with service or instance of <code class="docutils literal notranslate"><span class="pre">root</span></code> -or <code class="docutils literal notranslate"><span class="pre">admin</span></code>, to expire in a few minutes, while tickets that carry -more ordinary privileges may be good for several hours or a day. If -your login session extends beyond the time limit, you will have to -re-authenticate yourself to Kerberos to get new tickets using the -<a class="reference internal" href="../user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a> command.</p> -<p>Some tickets are <strong>renewable</strong> beyond their initial lifetime. This -means that <code class="docutils literal notranslate"><span class="pre">kinit</span> <span class="pre">-R</span></code> can extend their lifetime without requiring -you to re-authenticate.</p> -<p>If you wish to delete your local tickets, use the <a class="reference internal" href="../user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a> -command.</p> -<p>Kerberos tickets can be forwarded. In order to forward tickets, you -must request <strong>forwardable</strong> tickets when you kinit. Once you have -forwardable tickets, most Kerberos programs have a command line option -to forward them to the remote host. This can be useful for, e.g., -running kinit on your local machine and then sshing into another to do -work. Note that this should not be done on untrusted machines since -they will then have your tickets.</p> -</section> -<section id="environment-variables"> -<h2>ENVIRONMENT VARIABLES<a class="headerlink" href="#environment-variables" title="Link to this heading">¶</a></h2> -<p>Several environment variables affect the operation of Kerberos-enabled -programs. These include:</p> -<dl> -<dt><strong>KRB5CCNAME</strong></dt><dd><p>Default name for the credentials cache file, in the form -<em>TYPE</em>:<em>residual</em>. The type of the default cache may determine -the availability of a cache collection. <code class="docutils literal notranslate"><span class="pre">FILE</span></code> is not a -collection type; <code class="docutils literal notranslate"><span class="pre">KEYRING</span></code>, <code class="docutils literal notranslate"><span class="pre">DIR</span></code>, and <code class="docutils literal notranslate"><span class="pre">KCM</span></code> are.</p> -<p>If not set, the value of <strong>default_ccache_name</strong> from -configuration files (see <strong>KRB5_CONFIG</strong>) will be used. If that -is also not set, the default <em>type</em> is <code class="docutils literal notranslate"><span class="pre">FILE</span></code>, and the -<em>residual</em> is the path /tmp/krb5cc_*uid*, where <em>uid</em> is the -decimal user ID of the user.</p> -</dd> -<dt><strong>KRB5_KTNAME</strong></dt><dd><p>Specifies the location of the default keytab file, in the form -<em>TYPE</em>:<em>residual</em>. If no <em>type</em> is present, the <strong>FILE</strong> type is -assumed and <em>residual</em> is the pathname of the keytab file. If -unset, <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFKTNAME</span></a> will be used.</p> -</dd> -<dt><strong>KRB5_CONFIG</strong></dt><dd><p>Specifies the location of the Kerberos configuration file. The -default is <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal notranslate"><span class="pre">/krb5.conf</span></code>. Multiple filenames can -be specified, separated by a colon; all files which are present -will be read.</p> -</dd> -<dt><strong>KRB5_KDC_PROFILE</strong></dt><dd><p>Specifies the location of the KDC configuration file, which -contains additional configuration directives for the Key -Distribution Center daemon and associated programs. The default -is <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">LOCALSTATEDIR</span></a><code class="docutils literal notranslate"><span class="pre">/krb5kdc</span></code><code class="docutils literal notranslate"><span class="pre">/kdc.conf</span></code>.</p> -</dd> -<dt><strong>KRB5RCACHENAME</strong></dt><dd><p>(New in release 1.18) Specifies the location of the default replay -cache, in the form <em>type</em>:<em>residual</em>. The <code class="docutils literal notranslate"><span class="pre">file2</span></code> type with a -pathname residual specifies a replay cache file in the version-2 -format in the specified location. The <code class="docutils literal notranslate"><span class="pre">none</span></code> type (residual is -ignored) disables the replay cache. The <code class="docutils literal notranslate"><span class="pre">dfl</span></code> type (residual is -ignored) indicates the default, which uses a file2 replay cache in -a temporary directory. The default is <code class="docutils literal notranslate"><span class="pre">dfl:</span></code>.</p> -</dd> -<dt><strong>KRB5RCACHETYPE</strong></dt><dd><p>Specifies the type of the default replay cache, if -<strong>KRB5RCACHENAME</strong> is unspecified. No residual can be specified, -so <code class="docutils literal notranslate"><span class="pre">none</span></code> and <code class="docutils literal notranslate"><span class="pre">dfl</span></code> are the only useful types.</p> -</dd> -<dt><strong>KRB5RCACHEDIR</strong></dt><dd><p>Specifies the directory used by the <code class="docutils literal notranslate"><span class="pre">dfl</span></code> replay cache type. -The default is the value of the <strong>TMPDIR</strong> environment variable, -or <code class="docutils literal notranslate"><span class="pre">/var/tmp</span></code> if <strong>TMPDIR</strong> is not set.</p> -</dd> -<dt><strong>KRB5_TRACE</strong></dt><dd><p>Specifies a filename to write trace log output to. Trace logs can -help illuminate decisions made internally by the Kerberos -libraries. For example, <code class="docutils literal notranslate"><span class="pre">env</span> <span class="pre">KRB5_TRACE=/dev/stderr</span> <span class="pre">kinit</span></code> -would send tracing information for <a class="reference internal" href="../user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a> to -<code class="docutils literal notranslate"><span class="pre">/dev/stderr</span></code>. The default is not to write trace log output -anywhere.</p> -</dd> -<dt><strong>KRB5_CLIENT_KTNAME</strong></dt><dd><p>Default client keytab file name. If unset, <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">DEFCKTNAME</span></a> will be -used).</p> -</dd> -<dt><strong>KPROP_PORT</strong></dt><dd><p><a class="reference internal" href="../../admin/admin_commands/kprop.html#kprop-8"><span class="std std-ref">kprop</span></a> port to use. Defaults to 754.</p> -</dd> -<dt><strong>GSS_MECH_CONFIG</strong></dt><dd><p>Specifies a filename containing GSSAPI mechanism module -configuration. The default is to read <a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal notranslate"><span class="pre">/gss/mech</span></code> -and files with a <code class="docutils literal notranslate"><span class="pre">.conf</span></code> suffix within the directory -<a class="reference internal" href="../../mitK5defaults.html#paths"><span class="std std-ref">SYSCONFDIR</span></a><code class="docutils literal notranslate"><span class="pre">/gss/mech.d</span></code>.</p> -</dd> -</dl> -<p>Most environment variables are disabled for certain programs, such as -login system programs and setuid programs, which are designed to be -secure when run within an untrusted process environment.</p> -</section> -<section id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading">¶</a></h2> -<p><a class="reference internal" href="../user_commands/kdestroy.html#kdestroy-1"><span class="std std-ref">kdestroy</span></a>, <a class="reference internal" href="../user_commands/kinit.html#kinit-1"><span class="std std-ref">kinit</span></a>, <a class="reference internal" href="../user_commands/klist.html#klist-1"><span class="std std-ref">klist</span></a>, -<a class="reference internal" href="../user_commands/kswitch.html#kswitch-1"><span class="std std-ref">kswitch</span></a>, <a class="reference internal" href="../user_commands/kpasswd.html#kpasswd-1"><span class="std std-ref">kpasswd</span></a>, <a class="reference internal" href="../user_commands/ksu.html#ksu-1"><span class="std std-ref">ksu</span></a>, -<a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><span class="std std-ref">krb5.conf</span></a>, <a class="reference internal" href="../../admin/conf_files/kdc_conf.html#kdc-conf-5"><span class="std std-ref">kdc.conf</span></a>, <a class="reference internal" href="../../admin/admin_commands/kadmin_local.html#kadmin-1"><span class="std std-ref">kadmin</span></a>, -<a class="reference internal" href="../../admin/admin_commands/kadmind.html#kadmind-8"><span class="std std-ref">kadmind</span></a>, <a class="reference internal" href="../../admin/admin_commands/kdb5_util.html#kdb5-util-8"><span class="std std-ref">kdb5_util</span></a>, <a class="reference internal" href="../../admin/admin_commands/krb5kdc.html#krb5kdc-8"><span class="std std-ref">krb5kdc</span></a></p> -</section> -<section id="bugs"> -<h2>BUGS<a class="headerlink" href="#bugs" title="Link to this heading">¶</a></h2> -</section> -<section id="authors"> -<h2>AUTHORS<a class="headerlink" href="#authors" title="Link to this heading">¶</a></h2> -<div class="line-block"> -<div class="line">Steve Miller, MIT Project Athena/Digital Equipment Corporation</div> -<div class="line">Clifford Neuman, MIT Project Athena</div> -<div class="line">Greg Hudson, MIT Kerberos Consortium</div> -<div class="line">Robbie Harwood, Red Hat, Inc.</div> -</div> -</section> -<section id="history"> -<h2>HISTORY<a class="headerlink" href="#history" title="Link to this heading">¶</a></h2> -<p>The MIT Kerberos 5 implementation was developed at MIT, with -contributions from many outside parties. It is currently maintained -by the MIT Kerberos Consortium.</p> -</section> -<section id="restrictions"> -<h2>RESTRICTIONS<a class="headerlink" href="#restrictions" title="Link to this heading">¶</a></h2> -<p>Copyright 1985, 1986, 1989-1996, 2002, 2011, 2018 Masachusetts -Institute of Technology</p> -</section> -</section> - - - <div class="clearer"></div> - </div> - </div> - </div> - </div> - <div class="sidebar"> - - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kerberos</a><ul> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#environment-variables">ENVIRONMENT VARIABLES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -<li><a class="reference internal" href="#bugs">BUGS</a></li> -<li><a class="reference internal" href="#authors">AUTHORS</a></li> -<li><a class="reference internal" href="#history">HISTORY</a></li> -<li><a class="reference internal" href="#restrictions">RESTRICTIONS</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current"> -<li class="toctree-l3 current"><a class="current reference internal" href="#">kerberos</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.22-final</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2025, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="User config files" - >previous</a> | - <a href="k5login.html" title=".k5login" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kerberos">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |