diff options
Diffstat (limited to 'third_party/heimdal/kcm/kcm.8')
| -rw-r--r-- | third_party/heimdal/kcm/kcm.8 | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/third_party/heimdal/kcm/kcm.8 b/third_party/heimdal/kcm/kcm.8 new file mode 100644 index 0000000..744ab0f --- /dev/null +++ b/third_party/heimdal/kcm/kcm.8 @@ -0,0 +1,168 @@ +.\" Copyright (c) 2005 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id$ +.\" +.Dd May 29, 2005 +.Dt KCM 8 +.Os +.Sh NAME +.Nm kcm +.Nd process-based credential cache for Kerberos tickets. +.Sh SYNOPSIS +.Nm +.Op Fl Fl cache-name= Ns Ar cachename +.Oo Fl c Ar file \*(Ba Xo +.Fl Fl config-file= Ns Ar file +.Xc +.Oc +.Oo Fl g Ar group \*(Ba Xo +.Fl Fl group= Ns Ar group +.Xc +.Oc +.Op Fl Fl max-request= Ns Ar size +.Op Fl Fl disallow-getting-krbtgt +.Op Fl Fl detach +.Op Fl h | Fl Fl help +.Oo Fl k Ar principal \*(Ba Xo +.Fl Fl system-principal= Ns Ar principal +.Xc +.Oc +.Oo Fl l Ar time \*(Ba Xo +.Fl Fl lifetime= Ns Ar time +.Xc +.Oc +.Oo Fl m Ar mode \*(Ba Xo +.Fl Fl mode= Ns Ar mode +.Xc +.Oc +.Op Fl n | Fl Fl no-name-constraints +.Oo Fl r Ar time \*(Ba Xo +.Fl Fl renewable-life= Ns Ar time +.Xc +.Oc +.Oo Fl s Ar path \*(Ba Xo +.Fl Fl socket-path= Ns Ar path +.Xc +.Oc +.Oo Fl S Ar principal \*(Ba Xo +.Fl Fl server= Ns Ar principal +.Xc +.Oc +.Oo Fl t Ar keytab \*(Ba Xo +.Fl Fl keytab= Ns Ar keytab +.Xc +.Oc +.Oo Fl u Ar user \*(Ba Xo +.Fl Fl user= Ns Ar user +.Xc +.Oc +.Op Fl v | Fl Fl version +.Sh DESCRIPTION +.Nm +is a process based credential cache. +To use it, set the +.Ev KRB5CCNAME +environment variable to +.Ql KCM: Ns Ar uid +or add the stanza +.Bd -literal + +[libdefaults] + default_cc_name = KCM:%{uid} + +.Ed +to the +.Pa /etc/krb5.conf +configuration file and make sure +.Nm kcm +is started in the system startup files. +.Pp +The +.Nm +daemon can hold the credentials for all users in the system. Access +control is done with Unix-like permissions. The daemon checks the +access on all operations based on the uid and gid of the user. The +tickets are renewed as long as is permitted by the KDC's policy. +.Pp +The +.Nm +daemon can also keep a SYSTEM credential that server processes can +use to access services. One example of usage might be an nss_ldap +module that quickly needs to get credentials and doesn't want to renew +the ticket itself. +.Pp +Supported options: +.Bl -tag -width Ds +.It Fl Fl cache-name= Ns Ar cachename +system cache name +.It Fl c Ar file , Fl Fl config-file= Ns Ar file +location of config file +.It Fl g Ar group , Fl Fl group= Ns Ar group +system cache group +.It Fl Fl max-request= Ns Ar size +max size for a kcm-request +.It Fl Fl disallow-getting-krbtgt +disallow extracting any krbtgt from the +.Nm kcm +daemon. +.It Fl Fl detach +detach from console +.It Fl h , Fl Fl help +.It Fl k Ar principal , Fl Fl system-principal= Ns Ar principal +system principal name +.It Fl l Ar time , Fl Fl lifetime= Ns Ar time +lifetime of system tickets +.It Fl m Ar mode , Fl Fl mode= Ns Ar mode +octal mode of system cache +.It Fl n , Fl Fl no-name-constraints +disable credentials cache name constraints +.It Fl r Ar time , Fl Fl renewable-life= Ns Ar time +renewable lifetime of system tickets +.It Fl s Ar path , Fl Fl socket-path= Ns Ar path +path to kcm domain socket +.It Fl S Ar principal , Fl Fl server= Ns Ar principal +server to get system ticket for +.It Fl t Ar keytab , Fl Fl keytab= Ns Ar keytab +system keytab name +.It Fl u Ar user , Fl Fl user= Ns Ar user +system cache owner +.It Fl v , Fl Fl version +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.\".Sh DIAGNOSTICS +.\".Sh SEE ALSO +.\".Sh STANDARDS +.\".Sh HISTORY +.\".Sh AUTHORS +.\".Sh BUGS |