diff options
Diffstat (limited to 'doc/html/user')
| -rw-r--r-- | doc/html/user/index.html | 173 | ||||
| -rw-r--r-- | doc/html/user/pwd_mgmt.html | 239 | ||||
| -rw-r--r-- | doc/html/user/tkt_mgmt.html | 459 | ||||
| -rw-r--r-- | doc/html/user/user_commands/index.html | 164 | ||||
| -rw-r--r-- | doc/html/user/user_commands/kdestroy.html | 223 | ||||
| -rw-r--r-- | doc/html/user/user_commands/kinit.html | 354 | ||||
| -rw-r--r-- | doc/html/user/user_commands/klist.html | 268 | ||||
| -rw-r--r-- | doc/html/user/user_commands/kpasswd.html | 186 | ||||
| -rw-r--r-- | doc/html/user/user_commands/krb5-config.html | 238 | ||||
| -rw-r--r-- | doc/html/user/user_commands/ksu.html | 507 | ||||
| -rw-r--r-- | doc/html/user/user_commands/kswitch.html | 204 | ||||
| -rw-r--r-- | doc/html/user/user_commands/kvno.html | 229 | ||||
| -rw-r--r-- | doc/html/user/user_commands/sclient.html | 171 | ||||
| -rw-r--r-- | doc/html/user/user_config/index.html | 153 | ||||
| -rw-r--r-- | doc/html/user/user_config/k5identity.html | 202 | ||||
| -rw-r--r-- | doc/html/user/user_config/k5login.html | 193 |
16 files changed, 0 insertions, 3963 deletions
diff --git a/doc/html/user/index.html b/doc/html/user/index.html deleted file mode 100644 index 9f3731a10d39..000000000000 --- a/doc/html/user/index.html +++ /dev/null @@ -1,173 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>For users — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../_static/jquery.js"></script> - <script type="text/javascript" src="../_static/underscore.js"></script> - <script type="text/javascript" src="../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> - <link rel="next" title="Password management" href="pwd_mgmt.html" /> - <link rel="prev" title="MIT Kerberos Documentation (1.16)" href="../index.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../index.html" title="MIT Kerberos Documentation (1.16)" - accesskey="P">previous</a> | - <a href="pwd_mgmt.html" title="Password management" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="for-users"> -<h1>For users<a class="headerlink" href="#for-users" title="Permalink to this headline">¶</a></h1> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="pwd_mgmt.html">Password management</a><ul> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#changing-your-password">Changing your password</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#granting-access-to-your-account">Granting access to your account</a></li> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html#password-quality-verification">Password quality verification</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a><ul> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#kerberos-ticket-properties">Kerberos ticket properties</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#viewing-tickets-with-klist">Viewing tickets with klist</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="user_config/index.html">User config files</a><ul> -<li class="toctree-l2"><a class="reference internal" href="user_config/k5login.html">.k5login</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="user_commands/index.html">User commands</a><ul> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kdestroy.html">kdestroy</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kinit.html">kinit</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/klist.html">klist</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kpasswd.html">kpasswd</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/krb5-config.html">krb5-config</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/ksu.html">ksu</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kswitch.html">kswitch</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/kvno.html">kvno</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">For users</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="current reference internal" href="">For users</a><ul> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../index.html" title="MIT Kerberos Documentation (1.16)" - >previous</a> | - <a href="pwd_mgmt.html" title="Password management" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__For users">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/pwd_mgmt.html b/doc/html/user/pwd_mgmt.html deleted file mode 100644 index 5eb6d0942c1b..000000000000 --- a/doc/html/user/pwd_mgmt.html +++ /dev/null @@ -1,239 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>Password management — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../_static/jquery.js"></script> - <script type="text/javascript" src="../_static/underscore.js"></script> - <script type="text/javascript" src="../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> - <link rel="up" title="For users" href="index.html" /> - <link rel="next" title="Ticket management" href="tkt_mgmt.html" /> - <link rel="prev" title="For users" href="index.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="For users" - accesskey="P">previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="password-management"> -<h1>Password management<a class="headerlink" href="#password-management" title="Permalink to this headline">¶</a></h1> -<p>Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you—send email that comes from you, read, edit, or delete your files, -or log into other hosts as you—and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -<a class="reference internal" href="#grant-access"><em>Granting access to your account</em></a>). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is.</p> -<div class="section" id="changing-your-password"> -<h2>Changing your password<a class="headerlink" href="#changing-your-password" title="Permalink to this headline">¶</a></h2> -<p>To change your Kerberos password, use the <a class="reference internal" href="user_commands/kpasswd.html#kpasswd-1"><em>kpasswd</em></a> command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you’re not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user <tt class="docutils literal"><span class="pre">david</span></tt> would do the following:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd -Password for david: <- Type your old password. -Enter new password: <- Type your new password. -Enter it again: <- Type the new password again. -Password changed. -shell% -</pre></div> -</div> -<p>If <tt class="docutils literal"><span class="pre">david</span></tt> typed the incorrect old password, he would get the -following message:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd -Password for david: <- Type the incorrect old password. -kpasswd: Password incorrect while getting initial ticket -shell% -</pre></div> -</div> -<p>If you make a mistake and don’t type the new password the same way -twice, kpasswd will ask you to try again:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kpasswd -Password for david: <- Type the old password. -Enter new password: <- Type the new password. -Enter it again: <- Type a different new password. -kpasswd: Password mismatch while reading password -shell% -</pre></div> -</div> -<p>Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn’t work, try again -using the old one.</p> -</div> -<div class="section" id="granting-access-to-your-account"> -<span id="grant-access"></span><h2>Granting access to your account<a class="headerlink" href="#granting-access-to-your-account" title="Permalink to this headline">¶</a></h2> -<p>If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called <a class="reference internal" href="user_config/k5login.html#k5login-5"><em>.k5login</em></a> in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:</p> -<div class="highlight-python"><div class="highlight"><pre>jennifer@ATHENA.MIT.EDU -david@EXAMPLE.COM -</pre></div> -</div> -<p>This file would allow the users <tt class="docutils literal"><span class="pre">jennifer</span></tt> and <tt class="docutils literal"><span class="pre">david</span></tt> to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts.</p> -<p>Using a .k5login file is much safer than giving out your password, -because:</p> -<ul class="simple"> -<li>You can take access away any time simply by removing the principal -from your .k5login file.</li> -<li>Although the user has full access to your account on one particular -host (or set of hosts if your .k5login file is shared, e.g., over -NFS), that user does not inherit your network privileges.</li> -<li>Kerberos keeps a log of who obtains tickets, so a system -administrator could find out, if necessary, who was capable of using -your user ID at a particular time.</li> -</ul> -<p>One common application is to have a .k5login file in root’s home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network.</p> -</div> -<div class="section" id="password-quality-verification"> -<h2>Password quality verification<a class="headerlink" href="#password-quality-verification" title="Permalink to this headline">¶</a></h2> -<p>TODO</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Password management</a><ul> -<li><a class="reference internal" href="#changing-your-password">Changing your password</a></li> -<li><a class="reference internal" href="#granting-access-to-your-account">Granting access to your account</a></li> -<li><a class="reference internal" href="#password-quality-verification">Password quality verification</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current"> -<li class="toctree-l2 current"><a class="current reference internal" href="">Password management</a><ul class="simple"> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="For users" - >previous</a> | - <a href="tkt_mgmt.html" title="Ticket management" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Password management">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/tkt_mgmt.html b/doc/html/user/tkt_mgmt.html deleted file mode 100644 index b9edfb4905ea..000000000000 --- a/doc/html/user/tkt_mgmt.html +++ /dev/null @@ -1,459 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>Ticket management — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../_static/jquery.js"></script> - <script type="text/javascript" src="../_static/underscore.js"></script> - <script type="text/javascript" src="../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../about.html" /> - <link rel="copyright" title="Copyright" href="../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../index.html" /> - <link rel="up" title="For users" href="index.html" /> - <link rel="next" title="User config files" href="user_config/index.html" /> - <link rel="prev" title="Password management" href="pwd_mgmt.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="pwd_mgmt.html" title="Password management" - accesskey="P">previous</a> | - <a href="user_config/index.html" title="User config files" - accesskey="N">next</a> | - <a href="../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="ticket-management"> -<h1>Ticket management<a class="headerlink" href="#ticket-management" title="Permalink to this headline">¶</a></h1> -<p>On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><em>kdestroy</em></a> command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen.</p> -<div class="section" id="kerberos-ticket-properties"> -<h2>Kerberos ticket properties<a class="headerlink" href="#kerberos-ticket-properties" title="Permalink to this headline">¶</a></h2> -<p>There are various properties that Kerberos tickets can have:</p> -<p>If a ticket is <strong>forwardable</strong>, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally.</p> -<p>When the KDC creates a new ticket based on a forwardable ticket, it -sets the <strong>forwarded</strong> flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set.</p> -<p>A <strong>proxiable</strong> ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket-granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable.</p> -<p>A <strong>proxy</strong> ticket is one that was issued based on a proxiable ticket.</p> -<p>A <strong>postdated</strong> ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets.</p> -<p>Ticket-granting tickets with the <strong>postdateable</strong> flag set can be used -to obtain postdated service tickets.</p> -<p><strong>Renewable</strong> tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket.</p> -<p>A ticket with the <strong>initial flag</strong> set was issued based on the -authentication protocol, and not on a ticket-granting ticket. -Application servers that wish to ensure that the user’s key has been -recently presented for verification could specify that this flag must -be set to accept the ticket.</p> -<p>An <strong>invalid</strong> ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used.</p> -<p>A <strong>preauthenticated</strong> ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC.</p> -<p>The <strong>hardware authentication</strong> flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets.</p> -<p>If a ticket has the <strong>transit policy</strong> checked flag set, then the KDC -that issued this ticket implements the transited-realm check policy -and checked the transited-realms list on the ticket. The -transited-realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket.</p> -<p>The <strong>okay as delegate</strong> flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it.</p> -<p>An <strong>anonymous</strong> ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key.</p> -</div> -<div class="section" id="obtaining-tickets-with-kinit"> -<span id="obtain-tkt"></span><h2>Obtaining tickets with kinit<a class="headerlink" href="#obtaining-tickets-with-kinit" title="Permalink to this headline">¶</a></h2> -<p>If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -<a class="reference internal" href="user_commands/kinit.html#kinit-1"><em>kinit</em></a> program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones.</p> -<p>To use the kinit program, simply type <tt class="docutils literal"><span class="pre">kinit</span></tt> and then type your -password at the prompt. For example, Jennifer (whose username is -<tt class="docutils literal"><span class="pre">jennifer</span></tt>) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kinit -Password for jennifer@ATHENA.MIT.EDU: <-- [Type jennifer's password here.] -shell% -</pre></div> -</div> -<p>If you type your password incorrectly, kinit will give you the -following error message:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kinit -Password for jennifer@ATHENA.MIT.EDU: <-- [Type the wrong password here.] -kinit: Password incorrect -shell% -</pre></div> -</div> -<p>and you won’t get Kerberos tickets.</p> -<p>By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer’s friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kinit david@EXAMPLE.COM -Password for david@EXAMPLE.COM: <-- [Type david's password here.] -shell% -</pre></div> -</div> -<p>David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer’s -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm.</p> -<p>If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the -<strong>-f</strong> option:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kinit -f -Password for jennifer@ATHENA.MIT.EDU: <-- [Type your password here.] -shell% -</pre></div> -</div> -<p>Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the <a class="reference internal" href="user_commands/klist.html#klist-1"><em>klist</em></a> command (see -<a class="reference internal" href="#view-tkt"><em>Viewing tickets with klist</em></a>).</p> -<p>Normally, your tickets are good for your system’s default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the <strong>-l</strong> option. Add the letter -<strong>s</strong> to the value for seconds, <strong>m</strong> for minutes, <strong>h</strong> for hours, or -<strong>d</strong> for days. For example, to obtain forwardable tickets for -<tt class="docutils literal"><span class="pre">david@EXAMPLE.COM</span></tt> that would be good for three hours, you would -type:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kinit -f -l 3h david@EXAMPLE.COM -Password for david@EXAMPLE.COM: <-- [Type david's password here.] -shell% -</pre></div> -</div> -<div class="admonition note"> -<p class="first admonition-title">Note</p> -<p class="last">You cannot mix units; specifying a lifetime of 3h30m would -result in an error. Note also that most systems specify a -maximum ticket lifetime. If you request a longer ticket -lifetime, it will be automatically truncated to the maximum -lifetime.</p> -</div> -</div> -<div class="section" id="viewing-tickets-with-klist"> -<span id="view-tkt"></span><h2>Viewing tickets with klist<a class="headerlink" href="#viewing-tickets-with-klist" title="Permalink to this headline">¶</a></h2> -<p>The <a class="reference internal" href="user_commands/klist.html#klist-1"><em>klist</em></a> command shows your tickets. When you first obtain -tickets, you will have only the ticket-granting ticket. The listing -would look like this:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% klist -Ticket cache: /tmp/krb5cc_ttypa -Default principal: jennifer@ATHENA.MIT.EDU - -Valid starting Expires Service principal -06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU -shell% -</pre></div> -</div> -<p>The ticket cache is the location of your ticket file. In the above -example, this file is named <tt class="docutils literal"><span class="pre">/tmp/krb5cc_ttypa</span></tt>. The default -principal is your Kerberos principal.</p> -<p>The “valid starting” and “expires” fields describe the period of time -during which the ticket is valid. The “service principal” describes -each ticket. The ticket-granting ticket has a first component -<tt class="docutils literal"><span class="pre">krbtgt</span></tt>, and a second component which is the realm name.</p> -<p>Now, if <tt class="docutils literal"><span class="pre">jennifer</span></tt> connected to the machine <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>, -and then typed “klist” again, she would have gotten the following -result:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% klist -Ticket cache: /tmp/krb5cc_ttypa -Default principal: jennifer@ATHENA.MIT.EDU - -Valid starting Expires Service principal -06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU -06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU -shell% -</pre></div> -</div> -<p>Here’s what happened: when <tt class="docutils literal"><span class="pre">jennifer</span></tt> used ssh to connect to the -host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>, the ssh program presented her -ticket-granting ticket to the KDC and requested a host ticket for the -host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>. The KDC sent the host ticket, which ssh -then presented to the host <tt class="docutils literal"><span class="pre">daffodil.mit.edu</span></tt>, and she was allowed -to log in without typing her password.</p> -<p>Suppose your Kerberos tickets allow you to log into a host in another -domain, such as <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>, which is also in another -Kerberos realm, <tt class="docutils literal"><span class="pre">EXAMPLE.COM</span></tt>. If you ssh to this host, you will -receive a ticket-granting ticket for the realm <tt class="docutils literal"><span class="pre">EXAMPLE.COM</span></tt>, plus -the new host ticket for <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>. klist will now -show:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% klist -Ticket cache: /tmp/krb5cc_ttypa -Default principal: jennifer@ATHENA.MIT.EDU - -Valid starting Expires Service principal -06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU -06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU -06/07/04 20:24:18 06/08/04 05:49:19 krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU -06/07/04 20:24:18 06/08/04 05:49:19 host/trillium.example.com@EXAMPLE.COM -shell% -</pre></div> -</div> -<p>Depending on your host’s and realm’s configuration, you may also see a -ticket with the service principal <tt class="docutils literal"><span class="pre">host/trillium.example.com@</span></tt>. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the <tt class="docutils literal"><span class="pre">ATHENA.MIT.EDU</span></tt> KDC for -a referral. The next time you connect to <tt class="docutils literal"><span class="pre">trillium.example.com</span></tt>, -the odd-looking entry will be used to avoid needing to ask for a -referral again.</p> -<p>You can use the <strong>-f</strong> option to view the flags that apply to your -tickets. The flags are:</p> -<table border="1" class="docutils"> -<colgroup> -<col width="17%" /> -<col width="83%" /> -</colgroup> -<tbody valign="top"> -<tr class="row-odd"><td>F</td> -<td>Forwardable</td> -</tr> -<tr class="row-even"><td>f</td> -<td>forwarded</td> -</tr> -<tr class="row-odd"><td>P</td> -<td>Proxiable</td> -</tr> -<tr class="row-even"><td>p</td> -<td>proxy</td> -</tr> -<tr class="row-odd"><td>D</td> -<td>postDateable</td> -</tr> -<tr class="row-even"><td>d</td> -<td>postdated</td> -</tr> -<tr class="row-odd"><td>R</td> -<td>Renewable</td> -</tr> -<tr class="row-even"><td>I</td> -<td>Initial</td> -</tr> -<tr class="row-odd"><td>i</td> -<td>invalid</td> -</tr> -<tr class="row-even"><td>H</td> -<td>Hardware authenticated</td> -</tr> -<tr class="row-odd"><td>A</td> -<td>preAuthenticated</td> -</tr> -<tr class="row-even"><td>T</td> -<td>Transit policy checked</td> -</tr> -<tr class="row-odd"><td>O</td> -<td>Okay as delegate</td> -</tr> -<tr class="row-even"><td>a</td> -<td>anonymous</td> -</tr> -</tbody> -</table> -<p>Here is a sample listing. In this example, the user <em>jennifer</em> -obtained her initial tickets (<strong>I</strong>), which are forwardable (<strong>F</strong>) -and postdated (<strong>d</strong>) but not yet validated (<strong>i</strong>):</p> -<div class="highlight-python"><div class="highlight"><pre>shell% klist -f -Ticket cache: /tmp/krb5cc_320 -Default principal: jennifer@ATHENA.MIT.EDU - -Valid starting Expires Service principal -31/07/05 19:06:25 31/07/05 19:16:25 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - Flags: FdiI -shell% -</pre></div> -</div> -<p>In the following example, the user <em>david</em>‘s tickets were forwarded -(<strong>f</strong>) to this host from another host. The tickets are reforwardable -(<strong>F</strong>):</p> -<div class="highlight-python"><div class="highlight"><pre>shell% klist -f -Ticket cache: /tmp/krb5cc_p11795 -Default principal: david@EXAMPLE.COM - -Valid starting Expires Service principal -07/31/05 11:52:29 07/31/05 21:11:23 krbtgt/EXAMPLE.COM@EXAMPLE.COM - Flags: Ff -07/31/05 12:03:48 07/31/05 21:11:23 host/trillium.example.com@EXAMPLE.COM - Flags: Ff -shell% -</pre></div> -</div> -</div> -<div class="section" id="destroying-tickets-with-kdestroy"> -<h2>Destroying tickets with kdestroy<a class="headerlink" href="#destroying-tickets-with-kdestroy" title="Permalink to this headline">¶</a></h2> -<p>Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer.</p> -<p>Destroying your tickets is easy. Simply type kdestroy:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kdestroy -shell% -</pre></div> -</div> -<p>If <a class="reference internal" href="user_commands/kdestroy.html#kdestroy-1"><em>kdestroy</em></a> fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can’t find any -tickets to destroy, it will give the following message:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% kdestroy -kdestroy: No credentials cache file found while destroying cache -shell% -</pre></div> -</div> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">Ticket management</a><ul> -<li><a class="reference internal" href="#kerberos-ticket-properties">Kerberos ticket properties</a></li> -<li><a class="reference internal" href="#obtaining-tickets-with-kinit">Obtaining tickets with kinit</a></li> -<li><a class="reference internal" href="#viewing-tickets-with-klist">Viewing tickets with klist</a></li> -<li><a class="reference internal" href="#destroying-tickets-with-kdestroy">Destroying tickets with kdestroy</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="">Ticket management</a><ul class="simple"> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="user_config/index.html">User config files</a></li> -<li class="toctree-l2"><a class="reference internal" href="user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="pwd_mgmt.html" title="Password management" - >previous</a> | - <a href="user_config/index.html" title="User config files" - >next</a> | - <a href="../genindex.html" title="General Index" - >index</a> | - <a href="../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__Ticket management">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/index.html b/doc/html/user/user_commands/index.html deleted file mode 100644 index 2c363b631787..000000000000 --- a/doc/html/user/user_commands/index.html +++ /dev/null @@ -1,164 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>User commands — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="For users" href="../index.html" /> - <link rel="next" title="kdestroy" href="kdestroy.html" /> - <link rel="prev" title=".k5identity" href="../user_config/k5identity.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../user_config/k5identity.html" title=".k5identity" - accesskey="P">previous</a> | - <a href="kdestroy.html" title="kdestroy" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="user-commands"> -<span id="id1"></span><h1>User commands<a class="headerlink" href="#user-commands" title="Permalink to this headline">¶</a></h1> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l1"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l1"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l1"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l1"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l1"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l1"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l1"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l1"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">User commands</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="">User commands</a><ul> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../user_config/k5identity.html" title=".k5identity" - >previous</a> | - <a href="kdestroy.html" title="kdestroy" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User commands">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/kdestroy.html b/doc/html/user/user_commands/kdestroy.html deleted file mode 100644 index c38e9d7685dd..000000000000 --- a/doc/html/user/user_commands/kdestroy.html +++ /dev/null @@ -1,223 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>kdestroy — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="kinit" href="kinit.html" /> - <link rel="prev" title="User commands" href="index.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="User commands" - accesskey="P">previous</a> | - <a href="kinit.html" title="kinit" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="kdestroy"> -<span id="kdestroy-1"></span><h1>kdestroy<a class="headerlink" href="#kdestroy" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>kdestroy</strong> -[<strong>-A</strong>] -[<strong>-q</strong>] -[<strong>-c</strong> <em>cache_name</em>]</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>The kdestroy utility destroys the user’s active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-A</strong></dt> -<dd>Destroys all caches in the collection, if a cache collection is -available.</dd> -<dt><strong>-q</strong></dt> -<dd>Run quietly. Normally kdestroy beeps if it fails to destroy the -user’s tickets. The <strong>-q</strong> flag suppresses this behavior.</dd> -<dt><strong>-c</strong> <em>cache_name</em></dt> -<dd><p class="first">Use <em>cache_name</em> as the credentials (ticket) cache name and -location; if this option is not used, the default cache name and -location are used.</p> -<p class="last">The default credentials cache may vary between systems. If the -<strong>KRB5CCNAME</strong> environment variable is set, its value is used to -name the default ticket cache.</p> -</dd> -</dl> -</div> -<div class="section" id="note"> -<h2>NOTE<a class="headerlink" href="#note" title="Permalink to this headline">¶</a></h2> -<p>Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out.</p> -</div> -<div class="section" id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2> -<p>kdestroy uses the following environment variable:</p> -<dl class="docutils"> -<dt><strong>KRB5CCNAME</strong></dt> -<dd>Location of the default Kerberos 5 credentials (ticket) cache, in -the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the -<strong>FILE</strong> type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type <strong>DIR</strong> causes caches within the directory -to be present in the collection.</dd> -</dl> -</div> -<div class="section" id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt> -<dd>Default location of Kerberos 5 credentials cache</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="klist.html#klist-1"><em>klist</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kdestroy</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#note">NOTE</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3 current"><a class="current reference internal" href="">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="User commands" - >previous</a> | - <a href="kinit.html" title="kinit" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kdestroy">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/kinit.html b/doc/html/user/user_commands/kinit.html deleted file mode 100644 index e1dad27e9c59..000000000000 --- a/doc/html/user/user_commands/kinit.html +++ /dev/null @@ -1,354 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>kinit — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="klist" href="klist.html" /> - <link rel="prev" title="kdestroy" href="kdestroy.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kdestroy.html" title="kdestroy" - accesskey="P">previous</a> | - <a href="klist.html" title="klist" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="kinit"> -<span id="kinit-1"></span><h1>kinit<a class="headerlink" href="#kinit" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>kinit</strong> -[<strong>-V</strong>] -[<strong>-l</strong> <em>lifetime</em>] -[<strong>-s</strong> <em>start_time</em>] -[<strong>-r</strong> <em>renewable_life</em>] -[<strong>-p</strong> | -<strong>P</strong>] -[<strong>-f</strong> | -<strong>F</strong>] -[<strong>-a</strong>] -[<strong>-A</strong>] -[<strong>-C</strong>] -[<strong>-E</strong>] -[<strong>-v</strong>] -[<strong>-R</strong>] -[<strong>-k</strong> [-<strong>t</strong> <em>keytab_file</em>]] -[<strong>-c</strong> <em>cache_name</em>] -[<strong>-n</strong>] -[<strong>-S</strong> <em>service_name</em>] -[<strong>-I</strong> <em>input_ccache</em>] -[<strong>-T</strong> <em>armor_ccache</em>] -[<strong>-X</strong> <em>attribute</em>[=<em>value</em>]] -[<em>principal</em>]</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>kinit obtains and caches an initial ticket-granting ticket for -<em>principal</em>. If <em>principal</em> is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-V</strong></dt> -<dd>display verbose output.</dd> -<dt><strong>-l</strong> <em>lifetime</em></dt> -<dd><p class="first">(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests a ticket with the lifetime -<em>lifetime</em>.</p> -<p>For example, <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5:30</span></tt> or <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-l</span> <span class="pre">5h30m</span></tt>.</p> -<p class="last">If the <strong>-l</strong> option is not specified, the default ticket lifetime -(configured by each site) is used. Specifying a ticket lifetime -longer than the maximum ticket lifetime (configured by each site) -will not override the configured maximum ticket lifetime.</p> -</dd> -<dt><strong>-s</strong> <em>start_time</em></dt> -<dd><p class="first">(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests a postdated ticket. Postdated -tickets are issued with the <strong>invalid</strong> flag set, and need to be -resubmitted to the KDC for validation before use.</p> -<p class="last"><em>start_time</em> specifies the duration of the delay before the ticket -can become valid.</p> -</dd> -<dt><strong>-r</strong> <em>renewable_life</em></dt> -<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Requests renewable tickets, with a total -lifetime of <em>renewable_life</em>.</dd> -<dt><strong>-f</strong></dt> -<dd>requests forwardable tickets.</dd> -<dt><strong>-F</strong></dt> -<dd>requests non-forwardable tickets.</dd> -<dt><strong>-p</strong></dt> -<dd>requests proxiable tickets.</dd> -<dt><strong>-P</strong></dt> -<dd>requests non-proxiable tickets.</dd> -<dt><strong>-a</strong></dt> -<dd>requests tickets restricted to the host’s local address[es].</dd> -<dt><strong>-A</strong></dt> -<dd>requests tickets not restricted by address.</dd> -<dt><strong>-C</strong></dt> -<dd>requests canonicalization of the principal name, and allows the -KDC to reply with a different client principal from the one -requested.</dd> -<dt><strong>-E</strong></dt> -<dd>treats the principal name as an enterprise name (implies the -<strong>-C</strong> option).</dd> -<dt><strong>-v</strong></dt> -<dd>requests that the ticket-granting ticket in the cache (with the -<strong>invalid</strong> flag set) be passed to the KDC for validation. If the -ticket is within its requested time range, the cache is replaced -with the validated ticket.</dd> -<dt><strong>-R</strong></dt> -<dd><p class="first">requests renewal of the ticket-granting ticket. Note that an -expired ticket cannot be renewed, even if the ticket is still -within its renewable life.</p> -<p class="last">Note that renewable tickets that have expired as reported by -<a class="reference internal" href="klist.html#klist-1"><em>klist</em></a> may sometimes be renewed using this option, -because the KDC applies a grace period to account for client-KDC -clock skew. See <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a> <strong>clockskew</strong> setting.</p> -</dd> -<dt><strong>-k</strong> [<strong>-i</strong> | <strong>-t</strong> <em>keytab_file</em>]</dt> -<dd>requests a ticket, obtained from a key in the local host’s keytab. -The location of the keytab may be specified with the <strong>-t</strong> -<em>keytab_file</em> option, or with the <strong>-i</strong> option to specify the use -of the default client keytab; otherwise the default keytab will be -used. By default, a host ticket for the local host is requested, -but any principal may be specified. On a KDC, the special keytab -location <tt class="docutils literal"><span class="pre">KDB:</span></tt> can be used to indicate that kinit should open -the KDC database and look up the key directly. This permits an -administrator to obtain tickets as any principal that supports -authentication based on the key.</dd> -<dt><strong>-n</strong></dt> -<dd><p class="first">Requests anonymous processing. Two types of anonymous principals -are supported.</p> -<p>For fully anonymous Kerberos, configure pkinit on the KDC and -configure <strong>pkinit_anchors</strong> in the client’s <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a>. -Then use the <strong>-n</strong> option with a principal of the form <tt class="docutils literal"><span class="pre">@REALM</span></tt> -(an empty principal name followed by the at-sign and a realm -name). If permitted by the KDC, an anonymous ticket will be -returned.</p> -<p>A second form of anonymous tickets is supported; these -realm-exposed tickets hide the identity of the client but not the -client’s realm. For this mode, use <tt class="docutils literal"><span class="pre">kinit</span> <span class="pre">-n</span></tt> with a normal -principal name. If supported by the KDC, the principal (but not -realm) will be replaced by the anonymous principal.</p> -<p class="last">As of release 1.8, the MIT Kerberos KDC only supports fully -anonymous operation.</p> -</dd> -</dl> -<p><strong>-I</strong> <em>input_ccache</em></p> -<blockquote> -<div>Specifies the name of a credentials cache that already contains a -ticket. When obtaining that ticket, if information about how that -ticket was obtained was also stored to the cache, that information -will be used to affect how new credentials are obtained, including -preselecting the same methods of authenticating to the KDC.</div></blockquote> -<dl class="docutils"> -<dt><strong>-T</strong> <em>armor_ccache</em></dt> -<dd>Specifies the name of a credentials cache that already contains a -ticket. If supported by the KDC, this cache will be used to armor -the request, preventing offline dictionary attacks and allowing -the use of additional preauthentication mechanisms. Armoring also -makes sure that the response from the KDC is not modified in -transit.</dd> -<dt><strong>-c</strong> <em>cache_name</em></dt> -<dd><p class="first">use <em>cache_name</em> as the Kerberos 5 credentials (ticket) cache -location. If this option is not used, the default cache location -is used.</p> -<p class="last">The default cache location may vary between systems. If the -<strong>KRB5CCNAME</strong> environment variable is set, its value is used to -locate the default cache. If a principal name is specified and -the type of the default cache supports a collection (such as the -DIR type), an existing cache containing credentials for the -principal is selected or a new one is created and becomes the new -primary cache. Otherwise, any existing contents of the default -cache are destroyed by kinit.</p> -</dd> -<dt><strong>-S</strong> <em>service_name</em></dt> -<dd>specify an alternate service name to use when getting initial -tickets.</dd> -<dt><strong>-X</strong> <em>attribute</em>[=<em>value</em>]</dt> -<dd><p class="first">specify a pre-authentication <em>attribute</em> and <em>value</em> to be -interpreted by pre-authentication modules. The acceptable -attribute and value values vary from module to module. This -option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be “yes”.</p> -<p>The following attributes are recognized by the PKINIT -pre-authentication mechanism:</p> -<dl class="last docutils"> -<dt><strong>X509_user_identity</strong>=<em>value</em></dt> -<dd>specify where to find user’s X509 identity information</dd> -<dt><strong>X509_anchors</strong>=<em>value</em></dt> -<dd>specify where to find trusted X509 anchor information</dd> -<dt><strong>flag_RSA_PROTOCOL</strong>[<strong>=yes</strong>]</dt> -<dd>specify use of RSA, rather than the default Diffie-Hellman -protocol</dd> -</dl> -</dd> -</dl> -</div> -<div class="section" id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2> -<p>kinit uses the following environment variables:</p> -<dl class="docutils"> -<dt><strong>KRB5CCNAME</strong></dt> -<dd>Location of the default Kerberos 5 credentials cache, in the form -<em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the <strong>FILE</strong> -type is assumed. The type of the default cache may determine the -availability of a cache collection; for instance, a default cache -of type <strong>DIR</strong> causes caches within the directory to be present -in the collection.</dd> -</dl> -</div> -<div class="section" id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt> -<dd>default location of Kerberos 5 credentials cache</dd> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFKTNAME</em></a></dt> -<dd>default location for the local host’s keytab.</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="klist.html#klist-1"><em>klist</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a>, kerberos(1)</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kinit</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kdestroy.html" title="kdestroy" - >previous</a> | - <a href="klist.html" title="klist" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kinit">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/klist.html b/doc/html/user/user_commands/klist.html deleted file mode 100644 index 0dfb589d1cc6..000000000000 --- a/doc/html/user/user_commands/klist.html +++ /dev/null @@ -1,268 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>klist — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="kpasswd" href="kpasswd.html" /> - <link rel="prev" title="kinit" href="kinit.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kinit.html" title="kinit" - accesskey="P">previous</a> | - <a href="kpasswd.html" title="kpasswd" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="klist"> -<span id="klist-1"></span><h1>klist<a class="headerlink" href="#klist" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>klist</strong> -[<strong>-e</strong>] -[[<strong>-c</strong>] [<strong>-l</strong>] [<strong>-A</strong>] [<strong>-f</strong>] [<strong>-s</strong>] [<strong>-a</strong> [<strong>-n</strong>]]] -[<strong>-C</strong>] -[<strong>-k</strong> [<strong>-t</strong>] [<strong>-K</strong>]] -[<strong>-V</strong>] -[<em>cache_name</em>|<em>keytab_name</em>]</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-e</strong></dt> -<dd>Displays the encryption types of the session key and the ticket -for each credential in the credential cache, or each key in the -keytab file.</dd> -<dt><strong>-l</strong></dt> -<dd>If a cache collection is available, displays a table summarizing -the caches present in the collection.</dd> -<dt><strong>-A</strong></dt> -<dd>If a cache collection is available, displays the contents of all -of the caches in the collection.</dd> -<dt><strong>-c</strong></dt> -<dd>List tickets held in a credentials cache. This is the default if -neither <strong>-c</strong> nor <strong>-k</strong> is specified.</dd> -<dt><strong>-f</strong></dt> -<dd><p class="first">Shows the flags present in the credentials, using the following -abbreviations:</p> -<div class="last highlight-python"><div class="highlight"><pre>F Forwardable -f forwarded -P Proxiable -p proxy -D postDateable -d postdated -R Renewable -I Initial -i invalid -H Hardware authenticated -A preAuthenticated -T Transit policy checked -O Okay as delegate -a anonymous -</pre></div> -</div> -</dd> -<dt><strong>-s</strong></dt> -<dd>Causes klist to run silently (produce no output). klist will exit -with status 1 if the credentials cache cannot be read or is -expired, and with status 0 otherwise.</dd> -<dt><strong>-a</strong></dt> -<dd>Display list of addresses in credentials.</dd> -<dt><strong>-n</strong></dt> -<dd>Show numeric addresses instead of reverse-resolving addresses.</dd> -<dt><strong>-C</strong></dt> -<dd>List configuration data that has been stored in the credentials -cache when klist encounters it. By default, configuration data -is not listed.</dd> -<dt><strong>-k</strong></dt> -<dd>List keys held in a keytab file.</dd> -<dt><strong>-i</strong></dt> -<dd>In combination with <strong>-k</strong>, defaults to using the default client -keytab instead of the default acceptor keytab, if no name is -given.</dd> -<dt><strong>-t</strong></dt> -<dd>Display the time entry timestamps for each keytab entry in the -keytab file.</dd> -<dt><strong>-K</strong></dt> -<dd>Display the value of the encryption key in each keytab entry in -the keytab file.</dd> -<dt><strong>-V</strong></dt> -<dd>Display the Kerberos version number and exit.</dd> -</dl> -<p>If <em>cache_name</em> or <em>keytab_name</em> is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the <strong>KRB5CCNAME</strong> environment variable is set, its -value is used to locate the default ticket cache.</p> -</div> -<div class="section" id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2> -<p>klist uses the following environment variable:</p> -<dl class="docutils"> -<dt><strong>KRB5CCNAME</strong></dt> -<dd>Location of the default Kerberos 5 credentials (ticket) cache, in -the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the -<strong>FILE</strong> type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type <strong>DIR</strong> causes caches within the directory -to be present in the collection.</dd> -</dl> -</div> -<div class="section" id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt> -<dd>Default location of Kerberos 5 credentials cache</dd> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFKTNAME</em></a></dt> -<dd>Default location for the local host’s keytab file.</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">klist</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kinit.html" title="kinit" - >previous</a> | - <a href="kpasswd.html" title="kpasswd" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__klist">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/kpasswd.html b/doc/html/user/user_commands/kpasswd.html deleted file mode 100644 index 824cae0dac3b..000000000000 --- a/doc/html/user/user_commands/kpasswd.html +++ /dev/null @@ -1,186 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>kpasswd — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="krb5-config" href="krb5-config.html" /> - <link rel="prev" title="klist" href="klist.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="klist.html" title="klist" - accesskey="P">previous</a> | - <a href="krb5-config.html" title="krb5-config" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="kpasswd"> -<span id="kpasswd-1"></span><h1>kpasswd<a class="headerlink" href="#kpasswd" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>kpasswd</strong> [<em>principal</em>]</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>The kpasswd command is used to change a Kerberos principal’s password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed.</p> -<p>If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.)</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><em>principal</em></dt> -<dd>Change the password for the Kerberos principal principal. -Otherwise, kpasswd uses the principal name from an existing ccache -if there is one; if not, the principal is derived from the -identity of the user invoking the kpasswd command.</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="../../admin/admin_commands/kadmin_local.html#kadmin-1"><em>kadmin</em></a>, <a class="reference internal" href="../../admin/admin_commands/kadmind.html#kadmind-8"><em>kadmind</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kpasswd</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="klist.html" title="klist" - >previous</a> | - <a href="krb5-config.html" title="krb5-config" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kpasswd">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/krb5-config.html b/doc/html/user/user_commands/krb5-config.html deleted file mode 100644 index 6a8b44c4dfc3..000000000000 --- a/doc/html/user/user_commands/krb5-config.html +++ /dev/null @@ -1,238 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>krb5-config — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="ksu" href="ksu.html" /> - <link rel="prev" title="kpasswd" href="kpasswd.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kpasswd.html" title="kpasswd" - accesskey="P">previous</a> | - <a href="ksu.html" title="ksu" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="krb5-config"> -<span id="krb5-config-1"></span><h1>krb5-config<a class="headerlink" href="#krb5-config" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>krb5-config</strong> -[<strong>-</strong><strong>-help</strong> | <strong>-</strong><strong>-all</strong> | <strong>-</strong><strong>-version</strong> | <strong>-</strong><strong>-vendor</strong> | <strong>-</strong><strong>-prefix</strong> | <strong>-</strong><strong>-exec-prefix</strong> | <strong>-</strong><strong>-defccname</strong> | <strong>-</strong><strong>-defktname</strong> | <strong>-</strong><strong>-defcktname</strong> | <strong>-</strong><strong>-cflags</strong> | <strong>-</strong><strong>-libs</strong> [<em>libraries</em>]]</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>krb5-config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-</strong><strong>-help</strong></dt> -<dd>prints a usage message. This is the default behavior when no options -are specified.</dd> -<dt><strong>-</strong><strong>-all</strong></dt> -<dd>prints the version, vendor, prefix, and exec-prefix.</dd> -<dt><strong>-</strong><strong>-version</strong></dt> -<dd>prints the version number of the Kerberos installation.</dd> -<dt><strong>-</strong><strong>-vendor</strong></dt> -<dd>prints the name of the vendor of the Kerberos installation.</dd> -<dt><strong>-</strong><strong>-prefix</strong></dt> -<dd>prints the prefix for which the Kerberos installation was built.</dd> -<dt><strong>-</strong><strong>-exec-prefix</strong></dt> -<dd>prints the prefix for executables for which the Kerberos installation -was built.</dd> -<dt><strong>-</strong><strong>-defccname</strong></dt> -<dd>prints the built-in default credentials cache location.</dd> -<dt><strong>-</strong><strong>-defktname</strong></dt> -<dd>prints the built-in default keytab location.</dd> -<dt><strong>-</strong><strong>-defcktname</strong></dt> -<dd>prints the built-in default client (initiator) keytab location.</dd> -<dt><strong>-</strong><strong>-cflags</strong></dt> -<dd>prints the compilation flags used to build the Kerberos installation.</dd> -<dt><strong>-</strong><strong>-libs</strong> [<em>library</em>]</dt> -<dd><p class="first">prints the compiler options needed to link against <em>library</em>. -Allowed values for <em>library</em> are:</p> -<table border="1" class="last docutils"> -<colgroup> -<col width="20%" /> -<col width="80%" /> -</colgroup> -<tbody valign="top"> -<tr class="row-odd"><td>krb5</td> -<td>Kerberos 5 applications (default)</td> -</tr> -<tr class="row-even"><td>gssapi</td> -<td>GSSAPI applications with Kerberos 5 bindings</td> -</tr> -<tr class="row-odd"><td>kadm-client</td> -<td>Kadmin client</td> -</tr> -<tr class="row-even"><td>kadm-server</td> -<td>Kadmin server</td> -</tr> -<tr class="row-odd"><td>kdb</td> -<td>Applications that access the Kerberos database</td> -</tr> -</tbody> -</table> -</dd> -</dl> -</div> -<div class="section" id="examples"> -<h2>EXAMPLES<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2> -<p>krb5-config is particularly useful for compiling against a Kerberos -installation that was installed in a non-standard location. For example, -a Kerberos installation that is installed in <tt class="docutils literal"><span class="pre">/opt/krb5/</span></tt> but uses -libraries in <tt class="docutils literal"><span class="pre">/usr/local/lib/</span></tt> for text localization would produce -the following output:</p> -<div class="highlight-python"><div class="highlight"><pre>shell% krb5-config --libs krb5 --L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err -</pre></div> -</div> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p>kerberos(1), cc(1)</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">krb5-config</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#examples">EXAMPLES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kpasswd.html" title="kpasswd" - >previous</a> | - <a href="ksu.html" title="ksu" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__krb5-config">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/ksu.html b/doc/html/user/user_commands/ksu.html deleted file mode 100644 index fe58258b985d..000000000000 --- a/doc/html/user/user_commands/ksu.html +++ /dev/null @@ -1,507 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>ksu — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="kswitch" href="kswitch.html" /> - <link rel="prev" title="krb5-config" href="krb5-config.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="krb5-config.html" title="krb5-config" - accesskey="P">previous</a> | - <a href="kswitch.html" title="kswitch" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="ksu"> -<span id="ksu-1"></span><h1>ksu<a class="headerlink" href="#ksu" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>ksu</strong> -[ <em>target_user</em> ] -[ <strong>-n</strong> <em>target_principal_name</em> ] -[ <strong>-c</strong> <em>source_cache_name</em> ] -[ <strong>-k</strong> ] -[ <strong>-r</strong> time ] -[ <strong>-pf</strong> ] -[ <strong>-l</strong> <em>lifetime</em> ] -[ <strong>-z | Z</strong> ] -[ <strong>-q</strong> ] -[ <strong>-e</strong> <em>command</em> [ args ... ] ] [ <strong>-a</strong> [ args ... ] ]</p> -</div> -<div class="section" id="requirements"> -<h2>REQUIREMENTS<a class="headerlink" href="#requirements" title="Permalink to this headline">¶</a></h2> -<p>Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu.</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context.</p> -<div class="admonition note"> -<p class="first admonition-title">Note</p> -<p>For the sake of clarity, all references to and attributes of -the user invoking the program will start with “source” -(e.g., “source user”, “source cache”, etc.).</p> -<p class="last">Likewise, all references to and attributes of the target -account will start with “target”.</p> -</div> -</div> -<div class="section" id="authentication"> -<h2>AUTHENTICATION<a class="headerlink" href="#authentication" title="Permalink to this headline">¶</a></h2> -<p>To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the <strong>-n</strong> option (e.g., <tt class="docutils literal"><span class="pre">-n</span> <span class="pre">jqpublic@USC.EDU</span></tt>) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see <strong>-n</strong> option). The target user -name must be the first argument to ksu; if not specified root is the -default. If <tt class="docutils literal"><span class="pre">.</span></tt> is specified then the target user will be the -source user (e.g., <tt class="docutils literal"><span class="pre">ksu</span> <span class="pre">.</span></tt>). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache.</p> -<p>The ticket can either be for the end-server or a ticket granting -ticket (TGT) for the target principal’s realm. If the ticket for the -end-server is already in the cache, it’s decrypted and verified. If -it’s not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end-server. The end-server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -<strong>GET_TGT_VIA_PASSWD</strong> define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -<strong>GET_TGT_VIA_PASSWD</strong> is not defined, authentication fails.</p> -</div> -<div class="section" id="authorization"> -<h2>AUTHORIZATION<a class="headerlink" href="#authorization" title="Permalink to this headline">¶</a></h2> -<p>This section describes authorization of the source user when ksu is -invoked without the <strong>-e</strong> option. For a description of the <strong>-e</strong> -option, see the OPTIONS section.</p> -<p>Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user’s home directory, ksu attempts to access two authorization files: -<a class="reference internal" href="../user_config/k5login.html#k5login-5"><em>.k5login</em></a> and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account.</p> -<p>For example:</p> -<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU -jqpublic/secure@USC.EDU -jqpublic/admin@USC.EDU -</pre></div> -</div> -<p>The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the <strong>-e</strong> option in the OPTIONS section for details).</p> -<p>Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by <tt class="docutils literal"><span class="pre">*</span></tt> then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname->lname mapping -rules. Otherwise, authorization fails.</p> -</div> -<div class="section" id="execution-of-the-target-shell"> -<h2>EXECUTION OF THE TARGET SHELL<a class="headerlink" href="#execution-of-the-target-shell" title="Permalink to this headline">¶</a></h2> -<p>Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login’s -default values. In addition, the environment variable <strong>KRB5CCNAME</strong> -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user’s shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the <strong>-k</strong> option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su.</p> -</div> -<div class="section" id="creating-a-new-security-context"> -<h2>CREATING A NEW SECURITY CONTEXT<a class="headerlink" href="#creating-a-new-security-context" title="Permalink to this headline">¶</a></h2> -<p>ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the <strong>-e</strong> -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using <strong>-z</strong> or <strong>-Z</strong> option. <strong>-z</strong> restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The <strong>-Z</strong> option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non-root, <strong>-z</strong> option is the default mode of -operation.</p> -<p>While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If <strong>-n</strong> is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless <strong>-Z</strong> specified or <strong>GET_TGT_VIA_PASSWD</strong> -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails.</p> -<div class="admonition note"> -<p class="first admonition-title">Note</p> -<p class="last">During authentication, only the tickets that could be -obtained without providing a password are cached in in the -source cache.</p> -</div> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-n</strong> <em>target_principal_name</em></dt> -<dd><p class="first">Specify a Kerberos target principal name. Used in authentication -and authorization phases of ksu.</p> -<p>If ksu is invoked without <strong>-n</strong>, a default principal name is -assigned via the following heuristic:</p> -<ul class="last"> -<li><p class="first">Case 1: source user is non-root.</p> -<p>If the target user is the source user the default principal name -is set to the default principal of the source cache. If the -cache does not exist then the default principal name is set to -<tt class="docutils literal"><span class="pre">target_user@local_realm</span></tt>. If the source and target users are -different and neither <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> nor -<tt class="docutils literal"><span class="pre">~target_user/.k5login</span></tt> exist then the default principal name -is <tt class="docutils literal"><span class="pre">target_user_login_name@local_realm</span></tt>. Otherwise, starting -with the first principal listed below, ksu checks if the -principal is authorized to access the target account and whether -there is a legitimate ticket for that principal in the source -cache. If both conditions are met that principal becomes the -default target principal, otherwise go to the next principal.</p> -<ol class="loweralpha simple"> -<li>default principal of the source cache</li> -<li>target_user@local_realm</li> -<li>source_user@local_realm</li> -</ol> -<p>If a-c fails try any principal for which there is a ticket in -the source cache and that is authorized to access the target -account. If that fails select the first principal that is -authorized to access the target account from the above list. If -none are authorized and ksu is configured with -<strong>PRINC_LOOK_AHEAD</strong> turned on, select the default principal as -follows:</p> -<p>For each candidate in the above list, select an authorized -principal that has the same realm name and first part of the -principal name equal to the prefix of the candidate. For -example if candidate a) is <tt class="docutils literal"><span class="pre">jqpublic@ISI.EDU</span></tt> and -<tt class="docutils literal"><span class="pre">jqpublic/secure@ISI.EDU</span></tt> is authorized to access the target -account then the default principal is set to -<tt class="docutils literal"><span class="pre">jqpublic/secure@ISI.EDU</span></tt>.</p> -</li> -<li><p class="first">Case 2: source user is root.</p> -<p>If the target user is non-root then the default principal name -is <tt class="docutils literal"><span class="pre">target_user@local_realm</span></tt>. Else, if the source cache -exists the default principal name is set to the default -principal of the source cache. If the source cache does not -exist, default principal name is set to <tt class="docutils literal"><span class="pre">root\@local_realm</span></tt>.</p> -</li> -</ul> -</dd> -</dl> -<p><strong>-c</strong> <em>source_cache_name</em></p> -<blockquote> -<div><p>Specify source cache name (e.g., <tt class="docutils literal"><span class="pre">-c</span> <span class="pre">FILE:/tmp/my_cache</span></tt>). If -<strong>-c</strong> option is not used then the name is obtained from -<strong>KRB5CCNAME</strong> environment variable. If <strong>KRB5CCNAME</strong> is not -defined the source cache name is set to <tt class="docutils literal"><span class="pre">krb5cc_<source</span> <span class="pre">uid></span></tt>. -The target cache name is automatically set to <tt class="docutils literal"><span class="pre">krb5cc_<target</span> -<span class="pre">uid>.(gen_sym())</span></tt>, where gen_sym generates a new number such that -the resulting cache does not already exist. For example:</p> -<div class="highlight-python"><div class="highlight"><pre>krb5cc_1984.2 -</pre></div> -</div> -</div></blockquote> -<dl class="docutils"> -<dt><strong>-k</strong></dt> -<dd>Do not delete the target cache upon termination of the target -shell or a command (<strong>-e</strong> command). Without <strong>-k</strong>, ksu deletes -the target cache.</dd> -<dt><strong>-z</strong></dt> -<dd>Restrict the copy of tickets from the source cache to the target -cache to only the tickets where client == the target principal -name. Use the <strong>-n</strong> option if you want the tickets for other then -the default principal. Note that the <strong>-z</strong> option is mutually -exclusive with the <strong>-Z</strong> option.</dd> -<dt><strong>-Z</strong></dt> -<dd>Don’t copy any tickets from the source cache to the target cache. -Just create a fresh target cache, where the default principal name -of the cache is initialized to the target principal name. Note -that the <strong>-Z</strong> option is mutually exclusive with the <strong>-z</strong> -option.</dd> -<dt><strong>-q</strong></dt> -<dd>Suppress the printing of status messages.</dd> -</dl> -<p>Ticket granting ticket options:</p> -<dl class="docutils"> -<dt><strong>-l</strong> <em>lifetime</em> <strong>-r</strong> <em>time</em> <strong>-pf</strong></dt> -<dd>The ticket granting ticket options only apply to the case where -there are no appropriate tickets in the cache to authenticate the -source user. In this case if ksu is configured to prompt users -for a Kerberos password (<strong>GET_TGT_VIA_PASSWD</strong> is defined), the -ticket granting ticket options that are specified will be used -when getting a ticket granting ticket from the Kerberos server.</dd> -<dt><strong>-l</strong> <em>lifetime</em></dt> -<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies the lifetime to be requested -for the ticket; if this option is not specified, the default ticket -lifetime (12 hours) is used instead.</dd> -<dt><strong>-r</strong> <em>time</em></dt> -<dd>(<a class="reference internal" href="../../basic/date_format.html#duration"><em>Time duration</em></a> string.) Specifies that the <strong>renewable</strong> option -should be requested for the ticket, and specifies the desired -total lifetime of the ticket.</dd> -<dt><strong>-p</strong></dt> -<dd>specifies that the <strong>proxiable</strong> option should be requested for -the ticket.</dd> -<dt><strong>-f</strong></dt> -<dd>option specifies that the <strong>forwardable</strong> option should be -requested for the ticket.</dd> -<dt><strong>-e</strong> <em>command</em> [<em>args</em> ...]</dt> -<dd><p class="first">ksu proceeds exactly the same as if it was invoked without the -<strong>-e</strong> option, except instead of executing the target shell, ksu -executes the specified command. Example of usage:</p> -<div class="highlight-python"><div class="highlight"><pre>ksu bob -e ls -lag -</pre></div> -</div> -<p>The authorization algorithm for <strong>-e</strong> is as follows:</p> -<p>If the source user is root or source user == target user, no -authorization takes place and the command is executed. If source -user id != 0, and <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file does not exist, -authorization fails. Otherwise, <tt class="docutils literal"><span class="pre">~target_user/.k5users</span></tt> file -must have an appropriate entry for target principal to get -authorized.</p> -<p>The .k5users file format:</p> -<p>A single principal entry on each line that may be followed by a -list of commands that the principal is authorized to execute. A -principal name followed by a <tt class="docutils literal"><span class="pre">*</span></tt> means that the user is -authorized to execute any command. Thus, in the following -example:</p> -<div class="highlight-python"><div class="highlight"><pre>jqpublic@USC.EDU ls mail /local/kerberos/klist -jqpublic/secure@USC.EDU * -jqpublic/admin@USC.EDU -</pre></div> -</div> -<p><tt class="docutils literal"><span class="pre">jqpublic@USC.EDU</span></tt> is only authorized to execute <tt class="docutils literal"><span class="pre">ls</span></tt>, -<tt class="docutils literal"><span class="pre">mail</span></tt> and <tt class="docutils literal"><span class="pre">klist</span></tt> commands. <tt class="docutils literal"><span class="pre">jqpublic/secure@USC.EDU</span></tt> is -authorized to execute any command. <tt class="docutils literal"><span class="pre">jqpublic/admin@USC.EDU</span></tt> is -not authorized to execute any command. Note, that -<tt class="docutils literal"><span class="pre">jqpublic/admin@USC.EDU</span></tt> is authorized to execute the target -shell (regular ksu, without the <strong>-e</strong> option) but -<tt class="docutils literal"><span class="pre">jqpublic@USC.EDU</span></tt> is not.</p> -<p>The commands listed after the principal name must be either a full -path names or just the program name. In the second case, -<strong>CMD_PATH</strong> specifying the location of authorized programs must -be defined at the compilation time of ksu. Which command gets -executed?</p> -<p class="last">If the source user is root or the target user is the source user -or the user is authorized to execute any command (<tt class="docutils literal"><span class="pre">*</span></tt> entry) -then command can be either a full or a relative path leading to -the target program. Otherwise, the user must specify either a -full path or just the program name.</p> -</dd> -<dt><strong>-a</strong> <em>args</em></dt> -<dd><p class="first">Specify arguments to be passed to the target shell. Note that all -flags and parameters following -a will be passed to the shell, -thus all options intended for ksu must precede <strong>-a</strong>.</p> -<p>The <strong>-a</strong> option can be used to simulate the <strong>-e</strong> option if -used as follows:</p> -<div class="highlight-python"><div class="highlight"><pre>-a -c [command [arguments]]. -</pre></div> -</div> -<p class="last"><strong>-c</strong> is interpreted by the c-shell to execute the command.</p> -</dd> -</dl> -</div> -<div class="section" id="installation-instructions"> -<h2>INSTALLATION INSTRUCTIONS<a class="headerlink" href="#installation-instructions" title="Permalink to this headline">¶</a></h2> -<p>ksu can be compiled with the following four flags:</p> -<dl class="docutils"> -<dt><strong>GET_TGT_VIA_PASSWD</strong></dt> -<dd>In case no appropriate tickets are found in the source cache, the -user will be prompted for a Kerberos password. The password is -then used to get a ticket granting ticket from the Kerberos -server. The danger of configuring ksu with this macro is if the -source user is logged in remotely and does not have a secure -channel, the password may get exposed.</dd> -<dt><strong>PRINC_LOOK_AHEAD</strong></dt> -<dd>During the resolution of the default principal name, -<strong>PRINC_LOOK_AHEAD</strong> enables ksu to find principal names in -the .k5users file as described in the OPTIONS section -(see <strong>-n</strong> option).</dd> -<dt><strong>CMD_PATH</strong></dt> -<dd>Specifies a list of directories containing programs that users are -authorized to execute (via .k5users file).</dd> -<dt><strong>HAVE_GETUSERSHELL</strong></dt> -<dd>If the source user is non-root, ksu insists that the target user’s -shell to be invoked is a “legal shell”. <em>getusershell(3)</em> is -called to obtain the names of “legal shells”. Note that the -target user’s shell is obtained from the passwd file.</dd> -</dl> -<p>Sample configuration:</p> -<div class="highlight-python"><div class="highlight"><pre>KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" -</pre></div> -</div> -<p>ksu should be owned by root and have the set user id bit turned on.</p> -<p>ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., <tt class="docutils literal"><span class="pre">host/nii.isi.edu@ISI.EDU</span></tt>). The keytab -file must be in an appropriate location.</p> -</div> -<div class="section" id="side-effects"> -<h2>SIDE EFFECTS<a class="headerlink" href="#side-effects" title="Permalink to this headline">¶</a></h2> -<p>ksu deletes all expired tickets from the source cache.</p> -</div> -<div class="section" id="author-of-ksu"> -<h2>AUTHOR OF KSU<a class="headerlink" href="#author-of-ksu" title="Permalink to this headline">¶</a></h2> -<p>GENNADY (ARI) MEDVINSKY</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">ksu</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#requirements">REQUIREMENTS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#authentication">AUTHENTICATION</a></li> -<li><a class="reference internal" href="#authorization">AUTHORIZATION</a></li> -<li><a class="reference internal" href="#execution-of-the-target-shell">EXECUTION OF THE TARGET SHELL</a></li> -<li><a class="reference internal" href="#creating-a-new-security-context">CREATING A NEW SECURITY CONTEXT</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#installation-instructions">INSTALLATION INSTRUCTIONS</a></li> -<li><a class="reference internal" href="#side-effects">SIDE EFFECTS</a></li> -<li><a class="reference internal" href="#author-of-ksu">AUTHOR OF KSU</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="krb5-config.html" title="krb5-config" - >previous</a> | - <a href="kswitch.html" title="kswitch" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__ksu">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/kswitch.html b/doc/html/user/user_commands/kswitch.html deleted file mode 100644 index c141ef3eb6c3..000000000000 --- a/doc/html/user/user_commands/kswitch.html +++ /dev/null @@ -1,204 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>kswitch — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="kvno" href="kvno.html" /> - <link rel="prev" title="ksu" href="ksu.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="ksu.html" title="ksu" - accesskey="P">previous</a> | - <a href="kvno.html" title="kvno" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="kswitch"> -<span id="kswitch-1"></span><h1>kswitch<a class="headerlink" href="#kswitch" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>kswitch</strong> -{<strong>-c</strong> <em>cachename</em>|<strong>-p</strong> <em>principal</em>}</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-c</strong> <em>cachename</em></dt> -<dd>Directly specifies the credential cache to be made primary.</dd> -<dt><strong>-p</strong> <em>principal</em></dt> -<dd>Causes the cache collection to be searched for a cache containing -credentials for <em>principal</em>. If one is found, that collection is -made primary.</dd> -</dl> -</div> -<div class="section" id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2> -<p>kswitch uses the following environment variables:</p> -<dl class="docutils"> -<dt><strong>KRB5CCNAME</strong></dt> -<dd>Location of the default Kerberos 5 credentials (ticket) cache, in -the form <em>type</em>:<em>residual</em>. If no <em>type</em> prefix is present, the -<strong>FILE</strong> type is assumed. The type of the default cache may -determine the availability of a cache collection; for instance, a -default cache of type <strong>DIR</strong> causes caches within the directory -to be present in the collection.</dd> -</dl> -</div> -<div class="section" id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt> -<dd>Default location of Kerberos 5 credentials cache</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a>, <a class="reference internal" href="klist.html#klist-1"><em>klist</em></a>), kerberos(1)</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kswitch</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="ksu.html" title="ksu" - >previous</a> | - <a href="kvno.html" title="kvno" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kswitch">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/kvno.html b/doc/html/user/user_commands/kvno.html deleted file mode 100644 index 99f37f9ff0cd..000000000000 --- a/doc/html/user/user_commands/kvno.html +++ /dev/null @@ -1,229 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>kvno — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="sclient" href="sclient.html" /> - <link rel="prev" title="kswitch" href="kswitch.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kswitch.html" title="kswitch" - accesskey="P">previous</a> | - <a href="sclient.html" title="sclient" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="kvno"> -<span id="kvno-1"></span><h1>kvno<a class="headerlink" href="#kvno" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>kvno</strong> -[<strong>-c</strong> <em>ccache</em>] -[<strong>-e</strong> <em>etype</em>] -[<strong>-q</strong>] -[<strong>-h</strong>] -[<strong>-P</strong>] -[<strong>-S</strong> <em>sname</em>] -[<strong>-U</strong> <em>for_user</em>] -<em>service1 service2</em> ...</p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each.</p> -</div> -<div class="section" id="options"> -<h2>OPTIONS<a class="headerlink" href="#options" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><strong>-c</strong> <em>ccache</em></dt> -<dd>Specifies the name of a credentials cache to use (if not the -default)</dd> -<dt><strong>-e</strong> <em>etype</em></dt> -<dd>Specifies the enctype which will be requested for the session key -of all the services named on the command line. This is useful in -certain backward compatibility situations.</dd> -<dt><strong>-q</strong></dt> -<dd>Suppress printing output when successful. If a service ticket -cannot be obtained, an error message will still be printed and -kvno will exit with nonzero status.</dd> -<dt><strong>-h</strong></dt> -<dd>Prints a usage statement and exits.</dd> -<dt><strong>-P</strong></dt> -<dd>Specifies that the <em>service1 service2</em> ... arguments are to be -treated as services for which credentials should be acquired using -constrained delegation. This option is only valid when used in -conjunction with protocol transition.</dd> -<dt><strong>-S</strong> <em>sname</em></dt> -<dd>Specifies that the <em>service1 service2</em> ... arguments are -interpreted as hostnames, and the service principals are to be -constructed from those hostnames and the service name <em>sname</em>. -The service hostnames will be canonicalized according to the usual -rules for constructing service principals.</dd> -<dt><strong>-U</strong> <em>for_user</em></dt> -<dd>Specifies that protocol transition (S4U2Self) is to be used to -acquire a ticket on behalf of <em>for_user</em>. If constrained -delegation is not requested, the service name must match the -credentials cache client principal.</dd> -</dl> -</div> -<div class="section" id="environment"> -<h2>ENVIRONMENT<a class="headerlink" href="#environment" title="Permalink to this headline">¶</a></h2> -<p>kvno uses the following environment variable:</p> -<dl class="docutils"> -<dt><strong>KRB5CCNAME</strong></dt> -<dd>Location of the credentials (ticket) cache.</dd> -</dl> -</div> -<div class="section" id="files"> -<h2>FILES<a class="headerlink" href="#files" title="Permalink to this headline">¶</a></h2> -<dl class="docutils"> -<dt><a class="reference internal" href="../../mitK5defaults.html#paths"><em>DEFCCNAME</em></a></dt> -<dd>Default location of the credentials cache</dd> -</dl> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="kdestroy.html#kdestroy-1"><em>kdestroy</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">kvno</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#options">OPTIONS</a></li> -<li><a class="reference internal" href="#environment">ENVIRONMENT</a></li> -<li><a class="reference internal" href="#files">FILES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">kvno</a></li> -<li class="toctree-l3"><a class="reference internal" href="sclient.html">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kswitch.html" title="kswitch" - >previous</a> | - <a href="sclient.html" title="sclient" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__kvno">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_commands/sclient.html b/doc/html/user/user_commands/sclient.html deleted file mode 100644 index 141ff0aaef1d..000000000000 --- a/doc/html/user/user_commands/sclient.html +++ /dev/null @@ -1,171 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>sclient — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User commands" href="index.html" /> - <link rel="next" title="For administrators" href="../../admin/index.html" /> - <link rel="prev" title="kvno" href="kvno.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="kvno.html" title="kvno" - accesskey="P">previous</a> | - <a href="../../admin/index.html" title="For administrators" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="sclient"> -<span id="sclient-1"></span><h1>sclient<a class="headerlink" href="#sclient" title="Permalink to this headline">¶</a></h1> -<div class="section" id="synopsis"> -<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Permalink to this headline">¶</a></h2> -<p><strong>sclient</strong> <em>remotehost</em></p> -</div> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><em>sserver</em></a> and -authenticates to it using Kerberos version 5 tickets, then displays -the server’s response.</p> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p><a class="reference internal" href="kinit.html#kinit-1"><em>kinit</em></a>, <a class="reference internal" href="../../admin/admin_commands/sserver.html#sserver-8"><em>sserver</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">sclient</a><ul> -<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../user_config/index.html">User config files</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User commands</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="kdestroy.html">kdestroy</a></li> -<li class="toctree-l3"><a class="reference internal" href="kinit.html">kinit</a></li> -<li class="toctree-l3"><a class="reference internal" href="klist.html">klist</a></li> -<li class="toctree-l3"><a class="reference internal" href="kpasswd.html">kpasswd</a></li> -<li class="toctree-l3"><a class="reference internal" href="krb5-config.html">krb5-config</a></li> -<li class="toctree-l3"><a class="reference internal" href="ksu.html">ksu</a></li> -<li class="toctree-l3"><a class="reference internal" href="kswitch.html">kswitch</a></li> -<li class="toctree-l3"><a class="reference internal" href="kvno.html">kvno</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">sclient</a></li> -</ul> -</li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="kvno.html" title="kvno" - >previous</a> | - <a href="../../admin/index.html" title="For administrators" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__sclient">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_config/index.html b/doc/html/user/user_config/index.html deleted file mode 100644 index 2d3bdd742bbc..000000000000 --- a/doc/html/user/user_config/index.html +++ /dev/null @@ -1,153 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>User config files — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="For users" href="../index.html" /> - <link rel="next" title=".k5login" href="k5login.html" /> - <link rel="prev" title="Ticket management" href="../tkt_mgmt.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="../tkt_mgmt.html" title="Ticket management" - accesskey="P">previous</a> | - <a href="k5login.html" title=".k5login" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="user-config-files"> -<h1>User config files<a class="headerlink" href="#user-config-files" title="Permalink to this headline">¶</a></h1> -<p>The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host’s configuration):</p> -<div class="toctree-wrapper compound"> -<ul> -<li class="toctree-l1"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l1"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">User config files</a></li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="current reference internal" href="">User config files</a><ul> -<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="../tkt_mgmt.html" title="Ticket management" - >previous</a> | - <a href="k5login.html" title=".k5login" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__User config files">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_config/k5identity.html b/doc/html/user/user_config/k5identity.html deleted file mode 100644 index d1155590d7bc..000000000000 --- a/doc/html/user/user_config/k5identity.html +++ /dev/null @@ -1,202 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>.k5identity — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User config files" href="index.html" /> - <link rel="next" title="User commands" href="../user_commands/index.html" /> - <link rel="prev" title=".k5login" href="k5login.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="k5login.html" title=".k5login" - accesskey="P">previous</a> | - <a href="../user_commands/index.html" title="User commands" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="k5identity"> -<span id="k5identity-5"></span><h1>.k5identity<a class="headerlink" href="#k5identity" title="Permalink to this headline">¶</a></h1> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>The .k5identity file, which resides in a user’s home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible.</p> -<p>Blank lines and lines beginning with <tt class="docutils literal"><span class="pre">#</span></tt> are ignored. Each line has -the form:</p> -<blockquote> -<div><em>principal</em> <em>field</em>=<em>value</em> ...</div></blockquote> -<p>If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized:</p> -<dl class="docutils"> -<dt><strong>realm</strong></dt> -<dd>If the realm of the server principal is known, it is matched -against <em>value</em>, which may be a pattern using shell wildcards. -For host-based server principals, the realm will generally only be -known if there is a <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#domain-realm"><em>[domain_realm]</em></a> section in -<a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a> with a mapping for the hostname.</dd> -<dt><strong>service</strong></dt> -<dd>If the server principal is a host-based principal, its service -component is matched against <em>value</em>, which may be a pattern using -shell wildcards.</dd> -<dt><strong>host</strong></dt> -<dd><p class="first">If the server principal is a host-based principal, its hostname -component is converted to lower case and matched against <em>value</em>, -which may be a pattern using shell wildcards.</p> -<p class="last">If the server principal matches the constraints of multiple lines -in the .k5identity file, the principal from the first matching -line is used. If no line matches, credentials will be selected -some other way, such as the realm heuristic or the current primary -cache.</p> -</dd> -</dl> -</div> -<div class="section" id="example"> -<h2>EXAMPLE<a class="headerlink" href="#example" title="Permalink to this headline">¶</a></h2> -<p>The following example .k5identity file selects the client principal -<tt class="docutils literal"><span class="pre">alice@KRBTEST.COM</span></tt> if the server principal is within that realm, -the principal <tt class="docutils literal"><span class="pre">alice/root@EXAMPLE.COM</span></tt> if the server host is within -a servers subdomain, and the principal <tt class="docutils literal"><span class="pre">alice/mail@EXAMPLE.COM</span></tt> when -accessing the IMAP service on <tt class="docutils literal"><span class="pre">mail.example.com</span></tt>:</p> -<div class="highlight-python"><div class="highlight"><pre>alice@KRBTEST.COM realm=KRBTEST.COM -alice/root@EXAMPLE.COM host=*.servers.example.com -alice/mail@EXAMPLE.COM host=mail.example.com service=imap -</pre></div> -</div> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p>kerberos(1), <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a></p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">.k5identity</a><ul> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#example">EXAMPLE</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current"> -<li class="toctree-l3"><a class="reference internal" href="k5login.html">.k5login</a></li> -<li class="toctree-l3 current"><a class="current reference internal" href="">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="k5login.html" title=".k5login" - >previous</a> | - <a href="../user_commands/index.html" title="User commands" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5identity">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file diff --git a/doc/html/user/user_config/k5login.html b/doc/html/user/user_config/k5login.html deleted file mode 100644 index f46db5c5f513..000000000000 --- a/doc/html/user/user_config/k5login.html +++ /dev/null @@ -1,193 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - - <title>.k5login — MIT Kerberos Documentation</title> - - <link rel="stylesheet" href="../../_static/agogo.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> - <link rel="stylesheet" href="../../_static/kerb.css" type="text/css" /> - - <script type="text/javascript"> - var DOCUMENTATION_OPTIONS = { - URL_ROOT: '../../', - VERSION: '1.16', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true - }; - </script> - <script type="text/javascript" src="../../_static/jquery.js"></script> - <script type="text/javascript" src="../../_static/underscore.js"></script> - <script type="text/javascript" src="../../_static/doctools.js"></script> - <link rel="author" title="About these documents" href="../../about.html" /> - <link rel="copyright" title="Copyright" href="../../copyright.html" /> - <link rel="top" title="MIT Kerberos Documentation" href="../../index.html" /> - <link rel="up" title="User config files" href="index.html" /> - <link rel="next" title=".k5identity" href="k5identity.html" /> - <link rel="prev" title="User config files" href="index.html" /> - </head> - <body> - <div class="header-wrapper"> - <div class="header"> - - - <h1><a href="../../index.html">MIT Kerberos Documentation</a></h1> - - <div class="rel"> - - <a href="../../index.html" title="Full Table of Contents" - accesskey="C">Contents</a> | - <a href="index.html" title="User config files" - accesskey="P">previous</a> | - <a href="k5identity.html" title=".k5identity" - accesskey="N">next</a> | - <a href="../../genindex.html" title="General Index" - accesskey="I">index</a> | - <a href="../../search.html" title="Enter search criteria" - accesskey="S">Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a> - </div> - </div> - </div> - - <div class="content-wrapper"> - <div class="content"> - <div class="document"> - - <div class="documentwrapper"> - <div class="bodywrapper"> - <div class="body"> - - <div class="section" id="k5login"> -<span id="k5login-5"></span><h1>.k5login<a class="headerlink" href="#k5login" title="Permalink to this headline">¶</a></h1> -<div class="section" id="description"> -<h2>DESCRIPTION<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> -<p>The .k5login file, which resides in a user’s home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root’s home directory, thereby granting system -administrators remote root access to the host via Kerberos.</p> -</div> -<div class="section" id="examples"> -<h2>EXAMPLES<a class="headerlink" href="#examples" title="Permalink to this headline">¶</a></h2> -<p>Suppose the user <tt class="docutils literal"><span class="pre">alice</span></tt> had a .k5login file in her home directory -containing just the following line:</p> -<div class="highlight-python"><div class="highlight"><pre>bob@FOOBAR.ORG -</pre></div> -</div> -<p>This would allow <tt class="docutils literal"><span class="pre">bob</span></tt> to use Kerberos network applications, such as -ssh(1), to access <tt class="docutils literal"><span class="pre">alice</span></tt>‘s account, using <tt class="docutils literal"><span class="pre">bob</span></tt>‘s Kerberos -tickets. In a default configuration (with <strong>k5login_authoritative</strong> set -to true in <a class="reference internal" href="../../admin/conf_files/krb5_conf.html#krb5-conf-5"><em>krb5.conf</em></a>), this .k5login file would not let -<tt class="docutils literal"><span class="pre">alice</span></tt> use those network applications to access her account, since -she is not listed! With no .k5login file, or with <strong>k5login_authoritative</strong> -set to false, a default rule would permit the principal <tt class="docutils literal"><span class="pre">alice</span></tt> in the -machine’s default realm to access the <tt class="docutils literal"><span class="pre">alice</span></tt> account.</p> -<p>Let us further suppose that <tt class="docutils literal"><span class="pre">alice</span></tt> is a system administrator. -Alice and the other system administrators would have their principals -in root’s .k5login file on each host:</p> -<div class="highlight-python"><div class="highlight"><pre>alice@BLEEP.COM - -joeadmin/root@BLEEP.COM -</pre></div> -</div> -<p>This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because <tt class="docutils literal"><span class="pre">bob</span></tt> retains the Kerberos tickets for -his own principal, <tt class="docutils literal"><span class="pre">bob@FOOBAR.ORG</span></tt>, he would not have any of the -privileges that require <tt class="docutils literal"><span class="pre">alice</span></tt>‘s tickets, such as root access to -any of the site’s hosts, or the ability to change <tt class="docutils literal"><span class="pre">alice</span></tt>‘s -password.</p> -</div> -<div class="section" id="see-also"> -<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> -<p>kerberos(1)</p> -</div> -</div> - - - </div> - </div> - </div> - </div> - <div class="sidebar"> - <h2>On this page</h2> - <ul> -<li><a class="reference internal" href="#">.k5login</a><ul> -<li><a class="reference internal" href="#description">DESCRIPTION</a></li> -<li><a class="reference internal" href="#examples">EXAMPLES</a></li> -<li><a class="reference internal" href="#see-also">SEE ALSO</a></li> -</ul> -</li> -</ul> - - <br/> - <h2>Table of contents</h2> - <ul class="current"> -<li class="toctree-l1 current"><a class="reference internal" href="../index.html">For users</a><ul class="current"> -<li class="toctree-l2"><a class="reference internal" href="../pwd_mgmt.html">Password management</a></li> -<li class="toctree-l2"><a class="reference internal" href="../tkt_mgmt.html">Ticket management</a></li> -<li class="toctree-l2 current"><a class="reference internal" href="index.html">User config files</a><ul class="current"> -<li class="toctree-l3 current"><a class="current reference internal" href="">.k5login</a></li> -<li class="toctree-l3"><a class="reference internal" href="k5identity.html">.k5identity</a></li> -</ul> -</li> -<li class="toctree-l2"><a class="reference internal" href="../user_commands/index.html">User commands</a></li> -</ul> -</li> -<li class="toctree-l1"><a class="reference internal" href="../../admin/index.html">For administrators</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../appdev/index.html">For application developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../plugindev/index.html">For plugin module developers</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build/index.html">Building Kerberos V5</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../basic/index.html">Kerberos V5 concepts</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../formats/index.html">Protocols and file formats</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../mitK5features.html">MIT Kerberos features</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../build_this.html">How to build this documentation from the source</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../about.html">Contributing to the MIT Kerberos Documentation</a></li> -<li class="toctree-l1"><a class="reference internal" href="../../resources.html">Resources</a></li> -</ul> - - <br/> - <h4><a href="../../index.html">Full Table of Contents</a></h4> - <h4>Search</h4> - <form class="search" action="../../search.html" method="get"> - <input type="text" name="q" size="18" /> - <input type="submit" value="Go" /> - <input type="hidden" name="check_keywords" value="yes" /> - <input type="hidden" name="area" value="default" /> - </form> - </div> - <div class="clearer"></div> - </div> - </div> - - <div class="footer-wrapper"> - <div class="footer" > - <div class="right" ><i>Release: 1.16</i><br /> - © <a href="../../copyright.html">Copyright</a> 1985-2017, MIT. - </div> - <div class="left"> - - <a href="../../index.html" title="Full Table of Contents" - >Contents</a> | - <a href="index.html" title="User config files" - >previous</a> | - <a href="k5identity.html" title=".k5identity" - >next</a> | - <a href="../../genindex.html" title="General Index" - >index</a> | - <a href="../../search.html" title="Enter search criteria" - >Search</a> | - <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__.k5login">feedback</a> - </div> - </div> - </div> - - </body> -</html>
\ No newline at end of file |