mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
Resolve conflicts after import of Heimdal 0.6.1.
This commit is contained in:
parent
090bc474c9
commit
a0c37ec326
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=127811
|
@ -1,85 +0,0 @@
|
|||
-*- indented-text -*-
|
||||
|
||||
$Id: TODO,v 1.66 2001/08/09 08:43:42 assar Exp $
|
||||
|
||||
* configure
|
||||
|
||||
handle readline hiding in readline/readline.h
|
||||
|
||||
* appl
|
||||
|
||||
** appl/popper
|
||||
|
||||
Implement RFC1731 and 1734, pop over GSS-API
|
||||
|
||||
* doc
|
||||
|
||||
* kdc
|
||||
|
||||
* kadmin
|
||||
|
||||
make it happy with reading and parsing kdc.conf
|
||||
|
||||
is in need of a major cleanup
|
||||
|
||||
* kpasswdd
|
||||
|
||||
figure out what's the deal with do_sequence and the MIT client
|
||||
|
||||
* lib
|
||||
|
||||
** lib/asn1
|
||||
|
||||
prepend a prefix on all generated symbols
|
||||
|
||||
** lib/auth
|
||||
|
||||
** lib/auth/sia
|
||||
|
||||
PAM
|
||||
|
||||
** lib/com_err
|
||||
|
||||
write a man-page
|
||||
|
||||
** lib/des
|
||||
|
||||
make everything work with openssl and make prototypes compatible
|
||||
|
||||
** lib/gssapi
|
||||
|
||||
process_context_token, add_cred, inquire_cred_by_mech,
|
||||
inquire_names_for_mech, and
|
||||
inquire_mechs_for_name not implemented.
|
||||
|
||||
set minor_status in all functions
|
||||
|
||||
anonymous credentials not implemented
|
||||
|
||||
add rc4
|
||||
|
||||
** lib/hdb
|
||||
|
||||
** lib/kadm5
|
||||
|
||||
add policies?
|
||||
|
||||
fix to use rpc?
|
||||
|
||||
** lib/krb5
|
||||
|
||||
the replay cache is, in its current state, not very useful
|
||||
|
||||
OTP?
|
||||
|
||||
make checksum/encryption type configuration more realm-specific. make
|
||||
some simple way of handling the w2k situtation
|
||||
|
||||
crypto: allow scatter/gather creation of checksums
|
||||
|
||||
verify_user: handle non-secure verification failing because of
|
||||
host->realm mapping
|
||||
|
||||
config_file: do it in case-sensitive and/or insensitive
|
||||
|
||||
** lib/roken
|
|
@ -1,9 +0,0 @@
|
|||
dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $
|
||||
dnl
|
||||
dnl Only put things that for some reason can't live in the `cf'
|
||||
dnl directory in this file.
|
||||
dnl
|
||||
|
||||
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
|
||||
dnl
|
||||
define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
|
|
@ -1,81 +0,0 @@
|
|||
KTUTIL(8) NetBSD System Manager's Manual KTUTIL(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkttuuttiill - manage Kerberos keytabs
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
|
||||
----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol-
|
||||
lowing:
|
||||
|
||||
add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
|
||||
_e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d]
|
||||
[----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
|
||||
Adds a key to the keytab. Options that are not specified will
|
||||
be prompted for. This requires that you know the password of
|
||||
the principal to add; if what you really want is to add a new
|
||||
principal to the keytab, you should consider the _g_e_t command,
|
||||
which talks to the kadmin server.
|
||||
|
||||
change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
|
||||
_p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
|
||||
Update one or several keys to new versions. By default, use
|
||||
the admin server for the realm of an keytab entry. Otherwise
|
||||
it will use the values specified by the options.
|
||||
|
||||
If no principals are given, all the ones in the keytab are
|
||||
updated.
|
||||
|
||||
copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
|
||||
Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
|
||||
|
||||
get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e]
|
||||
[----eennccttyyppeess==_e_n_c_t_y_p_e] [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n
|
||||
_s_e_r_v_e_r] [----aaddmmiinn--sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t]
|
||||
[----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t] _p_r_i_n_c_i_p_a_l _._._.
|
||||
For each _p_r_i_n_c_i_p_a_l, generate a new key for it (creating it if
|
||||
it doesn't already exist), and put that key in the keytab.
|
||||
|
||||
If no _r_e_a_l_m is specified, the realm to operate on is taken
|
||||
from the first principal.
|
||||
|
||||
list [----kkeeyyss] [----ttiimmeessttaammpp]
|
||||
List the keys stored in the keytab.
|
||||
|
||||
remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
|
||||
[--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
|
||||
Removes the specified key or keys. Not specifying a _k_v_n_o re-
|
||||
moves keys with any version number. Not specifying a _e_n_c_t_y_p_e
|
||||
removes keys of any type.
|
||||
|
||||
rename _f_r_o_m_-_p_r_i_n_c_i_p_a_l _t_o_-_p_r_i_n_c_i_p_a_l
|
||||
Renames all entries in the keytab that match the _f_r_o_m_-
|
||||
_p_r_i_n_c_i_p_a_l to _t_o_-_p_r_i_n_c_i_p_a_l.
|
||||
|
||||
purge [----aaggee==_a_g_e]
|
||||
Removes all old entries (for which there is a newer version)
|
||||
that are older than _a_g_e (default one week).
|
||||
|
||||
srvconvert
|
||||
|
||||
srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
|
||||
Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab
|
||||
and stores it in _k_e_y_t_a_b. Identical to:
|
||||
|
||||
ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
|
||||
|
||||
srvcreate
|
||||
|
||||
key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
|
||||
Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab
|
||||
and stores it in _s_r_v_t_a_b. Identical to:
|
||||
|
||||
ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kadmin(8)
|
||||
|
||||
HEIMDAL December 16, 2000 2
|
|
@ -1,644 +0,0 @@
|
|||
FTP(1) NetBSD Reference Manual FTP(1)
|
||||
|
||||
NNAAMMEE
|
||||
ffttpp - ARPANET file transfer program
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
|
||||
The program allows a user to transfer files to and from a remote network
|
||||
site.
|
||||
|
||||
Modifications has been made so that it almost follows the ftpsec Internet
|
||||
draft.
|
||||
|
||||
Options may be specified at the command line, or to the command inter-
|
||||
preter.
|
||||
|
||||
--tt Enables packet tracing.
|
||||
|
||||
--vv Verbose option forces ffttpp to show all responses from the remote
|
||||
server, as well as report on data transfer statistics.
|
||||
|
||||
--nn Restrains ffttpp from attempting ``auto-login'' upon initial connec-
|
||||
tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
|
||||
low) file in the user's home directory for an entry describing an
|
||||
account on the remote machine. If no entry exists, ffttpp will prompt
|
||||
for the remote machine login name (default is the user identity on
|
||||
the local machine), and, if necessary, prompt for a password and an
|
||||
account with which to login.
|
||||
|
||||
--ii Turns off interactive prompting during multiple file transfers.
|
||||
|
||||
--pp Turn on passive mode.
|
||||
|
||||
--dd Enables debugging.
|
||||
|
||||
--gg Disables file name globbing.
|
||||
|
||||
--ll Disables command line editing.
|
||||
|
||||
The client host with which ffttpp is to communicate may be specified on the
|
||||
command line. If this is done, ffttpp will immediately attempt to establish
|
||||
a connection to an FTP server on that host; otherwise, ffttpp will enter its
|
||||
command interpreter and await instructions from the user. When ffttpp is
|
||||
awaiting commands from the user the prompt `ftp>' is provided to the us-
|
||||
er. The following commands are recognized by ffttpp:
|
||||
|
||||
!! [_c_o_m_m_a_n_d [_a_r_g_s]]
|
||||
Invoke an interactive shell on the local machine. If there
|
||||
are arguments, the first is taken to be a command to execute
|
||||
directly, with the rest of the arguments as its arguments.
|
||||
|
||||
$$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
|
||||
Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
|
||||
command. Arguments are passed to the macro unglobbed.
|
||||
|
||||
aaccccoouunntt [_p_a_s_s_w_d]
|
||||
Supply a supplemental password required by a remote system
|
||||
for access to resources once a login has been successfully
|
||||
completed. If no argument is included, the user will be
|
||||
prompted for an account password in a non-echoing input mode.
|
||||
|
||||
aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
|
||||
Append a local file to a file on the remote machine. If
|
||||
_r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
|
||||
in naming the remote file after being altered by any nnttrraannss
|
||||
or nnmmaapp setting. File transfer uses the current settings for
|
||||
ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
|
||||
|
||||
aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de-
|
||||
fault type.
|
||||
|
||||
bbeellll Arrange that a bell be sounded after each file transfer com-
|
||||
mand is completed.
|
||||
|
||||
bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer.
|
||||
|
||||
bbyyee Terminate the FTP session with the remote server and exit
|
||||
ffttpp. An end of file will also terminate the session and ex-
|
||||
it.
|
||||
|
||||
ccaassee Toggle remote computer file name case mapping during mmggeett
|
||||
commands. When ccaassee is on (default is off), remote computer
|
||||
file names with all letters in upper case are written in the
|
||||
local directory with the letters mapped to lower case.
|
||||
|
||||
ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
|
||||
Change the working directory on the remote machine to _r_e_m_o_t_e_-
|
||||
_d_i_r_e_c_t_o_r_y.
|
||||
|
||||
ccdduupp Change the remote machine working directory to the parent of
|
||||
the current remote machine working directory.
|
||||
|
||||
cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
|
||||
Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
|
||||
mote sytem to _m_o_d_e.
|
||||
|
||||
cclloossee Terminate the FTP session with the remote server, and return
|
||||
to the command interpreter. Any defined macros are erased.
|
||||
|
||||
ccrr Toggle carriage return stripping during ascii type file re-
|
||||
trieval. Records are denoted by a carriage return/linefeed
|
||||
sequence during ascii type file transfer. When ccrr is on (the
|
||||
default), carriage returns are stripped from this sequence to
|
||||
conform with the UNIX single linefeed record delimiter.
|
||||
Records on non-UNIX remote systems may contain single line-
|
||||
feeds; when an ascii type transfer is made, these linefeeds
|
||||
may be distinguished from a record delimiter only when ccrr is
|
||||
off.
|
||||
|
||||
ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
|
||||
Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
|
||||
|
||||
ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
|
||||
Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
|
||||
fied it is used to set the debugging level. When debugging
|
||||
is on, ffttpp prints each command sent to the remote machine,
|
||||
preceded by the string `-->'
|
||||
|
||||
ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
|
||||
Print a listing of the directory contents in the directory,
|
||||
_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
|
||||
_l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt
|
||||
the user to verify that the last argument is indeed the tar-
|
||||
get local file for receiving ddiirr output. If no directory is
|
||||
specified, the current working directory on the remote ma-
|
||||
chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
|
||||
is --, output comes to the terminal.
|
||||
|
||||
ddiissccoonnnneecctt A synonym for _c_l_o_s_e.
|
||||
|
||||
ffoorrmm _f_o_r_m_a_t
|
||||
Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is
|
||||
``file''.
|
||||
|
||||
ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
|
||||
Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
|
||||
If the local file name is not specified, it is given the same
|
||||
name it has on the remote machine, subject to alteration by
|
||||
the current ccaassee, nnttrraannss, and nnmmaapp settings. The current
|
||||
settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
|
||||
transferring the file.
|
||||
|
||||
gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If
|
||||
globbing is turned off with gglloobb, the file name arguments are
|
||||
taken literally and not expanded. Globbing for mmppuutt is done
|
||||
as in csh(1). For mmddeelleettee and mmggeett, each remote file name is
|
||||
expanded separately on the remote machine and the lists are
|
||||
not merged. Expansion of a directory name is likely to be
|
||||
different from expansion of the name of an ordinary file: the
|
||||
exact result depends on the foreign operating system and ftp
|
||||
server, and can be previewed by doing `mls remote-files -'.
|
||||
As a security measure, remotely globbed files that starts
|
||||
with `/' or contains `../', will not be automatically re-
|
||||
ceived. If you have interactive prompting turned off, these
|
||||
filenames will be ignored. Note: mmggeett and mmppuutt are not meant
|
||||
to transfer entire directory subtrees of files. That can be
|
||||
done by transferring a tar(1) archive of the subtree (in bi-
|
||||
nary mode).
|
||||
|
||||
hhaasshh Toggle hash-sign (``#'') printing for each data block trans-
|
||||
ferred. The size of a data block is 1024 bytes.
|
||||
|
||||
hheellpp [_c_o_m_m_a_n_d]
|
||||
Print an informative message about the meaning of _c_o_m_m_a_n_d.
|
||||
If no argument is given, ffttpp prints a list of the known com-
|
||||
mands.
|
||||
|
||||
iiddllee [_s_e_c_o_n_d_s]
|
||||
Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
|
||||
onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
|
||||
printed.
|
||||
|
||||
llccdd [_d_i_r_e_c_t_o_r_y]
|
||||
Change the working directory on the local machine. If no
|
||||
_d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
|
||||
|
||||
llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
|
||||
Print a listing of the contents of a directory on the remote
|
||||
machine. The listing includes any system-dependent informa-
|
||||
tion that the server chooses to include; for example, most
|
||||
UNIX systems will produce output from the command `ls -l'.
|
||||
(See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
|
||||
the current working directory is used. If interactive
|
||||
prompting is on, ffttpp will prompt the user to verify that the
|
||||
last argument is indeed the target local file for receiving
|
||||
llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
|
||||
is `--', the output is sent to the terminal.
|
||||
|
||||
mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
|
||||
Define a macro. Subsequent lines are stored as the macro
|
||||
_m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
|
||||
file or carriage returns from the terminal) terminates macro
|
||||
input mode. There is a limit of 16 macros and 4096 total
|
||||
characters in all defined macros. Macros remain defined un-
|
||||
til a cclloossee command is executed. The macro processor inter-
|
||||
prets `$' and `\' as special characters. A `$' followed by a
|
||||
number (or numbers) is replaced by the corresponding argument
|
||||
on the macro invocation command line. A `$' followed by an
|
||||
`i' signals that macro processor that the executing macro is
|
||||
to be looped. On the first pass `$i' is replaced by the
|
||||
first argument on the macro invocation command line, on the
|
||||
second pass it is replaced by the second argument, and so on.
|
||||
A `\' followed by any character is replaced by that charac-
|
||||
ter. Use the `\' to prevent special treatment of the `$'.
|
||||
|
||||
mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
|
||||
Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
|
||||
|
||||
mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
|
||||
Like ddiirr, except multiple remote files may be specified. If
|
||||
interactive prompting is on, ffttpp will prompt the user to ver-
|
||||
ify that the last argument is indeed the target local file
|
||||
for receiving mmddiirr output.
|
||||
|
||||
mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
|
||||
Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
|
||||
for each file name thus produced. See gglloobb for details on
|
||||
the filename expansion. Resulting file names will then be
|
||||
processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
|
||||
Files are transferred into the local working directory, which
|
||||
can be changed with `lcd directory'; new local directories
|
||||
can be created with `! mkdir directory'.
|
||||
|
||||
mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
|
||||
Make a directory on the remote machine.
|
||||
|
||||
mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
|
||||
Like nnlliisstt, except multiple remote files may be specified,
|
||||
and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt-
|
||||
ing is on, ffttpp will prompt the user to verify that the last
|
||||
argument is indeed the target local file for receiving mmllss
|
||||
output.
|
||||
|
||||
mmooddee [_m_o_d_e_-_n_a_m_e]
|
||||
Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is
|
||||
``stream'' mode.
|
||||
|
||||
mmooddttiimmee _f_i_l_e_-_n_a_m_e
|
||||
Show the last modification time of the file on the remote ma-
|
||||
chine.
|
||||
|
||||
mmppuutt _l_o_c_a_l_-_f_i_l_e_s
|
||||
Expand wild cards in the list of local files given as argu-
|
||||
ments and do a ppuutt for each file in the resulting list. See
|
||||
gglloobb for details of filename expansion. Resulting file names
|
||||
will then be processed according to nnttrraannss and nnmmaapp settings.
|
||||
|
||||
nneewweerr _f_i_l_e_-_n_a_m_e
|
||||
Get the file only if the modification time of the remote file
|
||||
is more recent that the file on the current system. If the
|
||||
file does not exist on the current system, the remote file is
|
||||
considered nneewweerr. Otherwise, this command is identical to
|
||||
_g_e_t.
|
||||
|
||||
nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
|
||||
Print a list of the files in a directory on the remote ma-
|
||||
chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
|
||||
working directory is used. If interactive prompting is on,
|
||||
ffttpp will prompt the user to verify that the last argument is
|
||||
indeed the target local file for receiving nnlliisstt output. If
|
||||
no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
|
||||
is sent to the terminal.
|
||||
|
||||
nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
|
||||
Set or unset the filename mapping mechanism. If no arguments
|
||||
are specified, the filename mapping mechanism is unset. If
|
||||
arguments are specified, remote filenames are mapped during
|
||||
mmppuutt commands and ppuutt commands issued without a specified re-
|
||||
mote target filename. If arguments are specified, local
|
||||
filenames are mapped during mmggeett commands and ggeett commands
|
||||
issued without a specified local target filename. This com-
|
||||
mand is useful when connecting to a non-UNIX remote computer
|
||||
with different file naming conventions or practices. The
|
||||
mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
|
||||
[_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
|
||||
have already been processed according to the nnttrraannss and ccaassee
|
||||
settings). Variable templating is accomplished by including
|
||||
the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to
|
||||
prevent this special treatment of the `$' character. All
|
||||
other characters are treated literally, and are used to de-
|
||||
termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example,
|
||||
given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
|
||||
$1 would have the value "mydata", and $2 would have the value
|
||||
"data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
|
||||
name. The sequences `$1', `$2', ...., `$9' are replaced by
|
||||
any value resulting from the _i_n_p_a_t_t_e_r_n template. The se-
|
||||
quence `$0' is replace by the original filename. Additional-
|
||||
ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
|
||||
is not a null string; otherwise it is replaced by _s_e_q_2. For
|
||||
example, the command
|
||||
|
||||
nmap $1.$2.$3 [$1,$2].[$2,file]
|
||||
|
||||
would yield the output filename "myfile.data" for input file-
|
||||
names "myfile.data" and "myfile.data.old", "myfile.file" for
|
||||
the input filename "myfile", and "myfile.myfile" for the in-
|
||||
put filename ".myfile". Spaces may be included in
|
||||
_o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1'
|
||||
. Use the `\' character to prevent special treatment of the
|
||||
`$','[','[', and `,' characters.
|
||||
|
||||
nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
|
||||
Set or unset the filename character translation mechanism.
|
||||
If no arguments are specified, the filename character trans-
|
||||
lation mechanism is unset. If arguments are specified, char-
|
||||
acters in remote filenames are translated during mmppuutt com-
|
||||
mands and ppuutt commands issued without a specified remote tar-
|
||||
get filename. If arguments are specified, characters in lo-
|
||||
cal filenames are translated during mmggeett commands and ggeett
|
||||
commands issued without a specified local target filename.
|
||||
This command is useful when connecting to a non-UNIX remote
|
||||
computer with different file naming conventions or practices.
|
||||
Characters in a filename matching a character in _i_n_c_h_a_r_s are
|
||||
replaced with the corresponding character in _o_u_t_c_h_a_r_s. If
|
||||
the character's position in _i_n_c_h_a_r_s is longer than the length
|
||||
of _o_u_t_c_h_a_r_s, the character is deleted from the file name.
|
||||
|
||||
ooppeenn _h_o_s_t [_p_o_r_t]
|
||||
Establish a connection to the specified _h_o_s_t FTP server. An
|
||||
optional port number may be supplied, in which case, ffttpp will
|
||||
attempt to contact an FTP server at that port. If the aauuttoo--
|
||||
llooggiinn option is on (default), ffttpp will also attempt to auto-
|
||||
matically log the user in to the FTP server (see below).
|
||||
|
||||
ppaassssiivvee Toggle passive mode. If passive mode is turned on (default
|
||||
is off), the ftp client will send a PASV command for all data
|
||||
connections instead of the usual PORT command. The PASV com-
|
||||
mand requests that the remote server open a port for the data
|
||||
connection and return the address of that port. The remote
|
||||
server listens on that port and the client connects to it.
|
||||
When using the more traditional PORT command, the client lis-
|
||||
tens on a port and sends that address to the remote server,
|
||||
who connects back to it. Passive mode is useful when using
|
||||
ffttpp through a gateway router or host that controls the direc-
|
||||
tionality of traffic. (Note that though ftp servers are re-
|
||||
quired to support the PASV command by RFC 1123, some do not.)
|
||||
|
||||
pprroommpptt Toggle interactive prompting. Interactive prompting occurs
|
||||
during multiple file transfers to allow the user to selec-
|
||||
tively retrieve or store files. If prompting is turned off
|
||||
(default is on), any mmggeett or mmppuutt will transfer all files,
|
||||
and any mmddeelleettee will delete all files.
|
||||
|
||||
pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
|
||||
Execute an ftp command on a secondary control connection.
|
||||
This command allows simultaneous connection to two remote ftp
|
||||
servers for transferring files between the two servers. The
|
||||
first pprrooxxyy command should be an ooppeenn, to establish the sec-
|
||||
ondary control connection. Enter the command "proxy ?" to
|
||||
see other ftp commands executable on the secondary connec-
|
||||
tion. The following commands behave differently when pref-
|
||||
aced by pprrooxxyy: ooppeenn will not define new macros during the au-
|
||||
to-login process, cclloossee will not erase existing macro defini-
|
||||
tions, ggeett and mmggeett transfer files from the host on the pri-
|
||||
mary control connection to the host on the secondary control
|
||||
connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
|
||||
host on the secondary control connection to the host on the
|
||||
primary control connection. Third party file transfers de-
|
||||
pend upon support of the ftp protocol PASV command by the
|
||||
server on the secondary control connection.
|
||||
|
||||
ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
|
||||
Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is
|
||||
left unspecified, the local file name is used after process-
|
||||
ing according to any nnttrraannss or nnmmaapp settings in naming the
|
||||
remote file. File transfer uses the current settings for
|
||||
ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
|
||||
|
||||
ppwwdd Print the name of the current working directory on the remote
|
||||
machine.
|
||||
|
||||
qquuiitt A synonym for bbyyee.
|
||||
|
||||
qquuoottee _a_r_g_1 _a_r_g_2 _._._.
|
||||
The arguments specified are sent, verbatim, to the remote FTP
|
||||
server.
|
||||
|
||||
rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
|
||||
A synonym for get.
|
||||
|
||||
rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
|
||||
Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
|
||||
smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
|
||||
tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
|
||||
continued from the apparent point of failure. This command
|
||||
is useful when transferring very large files over networks
|
||||
that are prone to dropping connections.
|
||||
|
||||
rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
|
||||
Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e
|
||||
is specified it is supplied to the server as well.
|
||||
|
||||
rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
|
||||
With no arguments, show status of remote machine. If _f_i_l_e_-
|
||||
_n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
|
||||
chine.
|
||||
|
||||
rreennaammee [_f_r_o_m] [_t_o]
|
||||
Rename the file _f_r_o_m on the remote machine, to the file _t_o.
|
||||
|
||||
rreesseett Clear reply queue. This command re-synchronizes command/re-
|
||||
ply sequencing with the remote ftp server. Resynchronization
|
||||
may be necessary following a violation of the ftp protocol by
|
||||
the remote server.
|
||||
|
||||
rreessttaarrtt _m_a_r_k_e_r
|
||||
Restart the immediately following ggeett or ppuutt at the indicated
|
||||
_m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset in-
|
||||
to the file.
|
||||
|
||||
rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
|
||||
Delete a directory on the remote machine.
|
||||
|
||||
rruunniiqquuee Toggle storing of files on the local system with unique file-
|
||||
names. If a file already exists with a name equal to the
|
||||
target local filename for a ggeett or mmggeett command, a ".1" is
|
||||
appended to the name. If the resulting name matches another
|
||||
existing file, a ".2" is appended to the original name. If
|
||||
this process continues up to ".99", an error message is
|
||||
printed, and the transfer does not take place. The generated
|
||||
unique filename will be reported. Note that rruunniiqquuee will not
|
||||
affect local files generated from a shell command (see be-
|
||||
low). The default value is off.
|
||||
|
||||
sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
|
||||
A synonym for put.
|
||||
|
||||
sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at-
|
||||
tempt to use a PORT command when establishing a connection
|
||||
for each data transfer. The use of PORT commands can prevent
|
||||
delays when performing multiple file transfers. If the PORT
|
||||
command fails, ffttpp will use the default data port. When the
|
||||
use of PORT commands is disabled, no attempt will be made to
|
||||
use PORT commands for each data transfer. This is useful for
|
||||
certain FTP implementations which do ignore PORT commands
|
||||
but, incorrectly, indicate they've been accepted.
|
||||
|
||||
ssiittee _a_r_g_1 _a_r_g_2 _._._.
|
||||
The arguments specified are sent, verbatim, to the remote FTP
|
||||
server as a SITE command.
|
||||
|
||||
ssiizzee _f_i_l_e_-_n_a_m_e
|
||||
Return size of _f_i_l_e_-_n_a_m_e on remote machine.
|
||||
|
||||
ssttaattuuss Show the current status of ffttpp.
|
||||
|
||||
ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
|
||||
Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default
|
||||
``stream'' structure is used.
|
||||
|
||||
ssuunniiqquuee Toggle storing of files on remote machine under unique file
|
||||
names. Remote ftp server must support ftp protocol STOU com-
|
||||
mand for successful completion. The remote server will re-
|
||||
port unique name. Default value is off.
|
||||
|
||||
ssyysstteemm Show the type of operating system running on the remote ma-
|
||||
chine.
|
||||
|
||||
tteenneexx Set the file transfer type to that needed to talk to TENEX
|
||||
machines.
|
||||
|
||||
ttrraaccee Toggle packet tracing.
|
||||
|
||||
ttyyppee [_t_y_p_e_-_n_a_m_e]
|
||||
Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is spec-
|
||||
ified, the current type is printed. The default type is net-
|
||||
work ASCII.
|
||||
|
||||
uummaasskk [_n_e_w_m_a_s_k]
|
||||
Set the default umask on the remote server to _n_e_w_m_a_s_k. If
|
||||
_n_e_w_m_a_s_k is omitted, the current umask is printed.
|
||||
|
||||
uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
|
||||
Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d
|
||||
is not specified and the server requires it, ffttpp will prompt
|
||||
the user for it (after disabling local echo). If an _a_c_c_o_u_n_t
|
||||
field is not specified, and the FTP server requires it, the
|
||||
user will be prompted for it. If an _a_c_c_o_u_n_t field is speci-
|
||||
fied, an account command will be relayed to the remote server
|
||||
after the login sequence is completed if the remote server
|
||||
did not require it for logging in. Unless ffttpp is invoked
|
||||
with ``auto-login'' disabled, this process is done automati-
|
||||
cally on initial connection to the FTP server.
|
||||
|
||||
vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the
|
||||
FTP server are displayed to the user. In addition, if ver-
|
||||
bose is on, when a file transfer completes, statistics re-
|
||||
garding the efficiency of the transfer are reported. By de-
|
||||
fault, verbose is on.
|
||||
|
||||
?? [_c_o_m_m_a_n_d]
|
||||
A synonym for help.
|
||||
|
||||
The following command can be used with ftpsec-aware servers.
|
||||
|
||||
pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
|
||||
Set the data protection level to the requested level.
|
||||
|
||||
The following command can be used with ftp servers that has implemented
|
||||
the KAUTH site command.
|
||||
|
||||
kkaauutthh [_p_r_i_n_c_i_p_a_l]
|
||||
Obtain remote tickets.
|
||||
|
||||
Command arguments which have embedded spaces may be quoted with quote `"'
|
||||
marks.
|
||||
|
||||
AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
|
||||
To abort a file transfer, use the terminal interrupt key (usually Ctrl-
|
||||
C). Sending transfers will be immediately halted. Receiving transfers
|
||||
will be halted by sending a ftp protocol ABOR command to the remote serv-
|
||||
er, and discarding any further data received. The speed at which this is
|
||||
accomplished depends upon the remote server's support for ABOR process-
|
||||
ing. If the remote server does not support the ABOR command, an `ftp>'
|
||||
prompt will not appear until the remote server has completed sending the
|
||||
requested file.
|
||||
|
||||
The terminal interrupt key sequence will be ignored when ffttpp has complet-
|
||||
ed any local processing and is awaiting a reply from the remote server.
|
||||
A long delay in this mode may result from the ABOR processing described
|
||||
above, or from unexpected behavior by the remote server, including viola-
|
||||
tions of the ftp protocol. If the delay results from unexpected remote
|
||||
server behavior, the local ffttpp program must be killed by hand.
|
||||
|
||||
FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
|
||||
Files specified as arguments to ffttpp commands are processed according to
|
||||
the following rules.
|
||||
|
||||
1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
|
||||
(for writing) is used.
|
||||
|
||||
2. If the first character of the file name is `|', the remainder of the
|
||||
argument is interpreted as a shell command. FFttpp then forks a shell,
|
||||
using popen(3) with the argument supplied, and reads (writes) from
|
||||
the stdout (stdin). If the shell command includes spaces, the argu-
|
||||
ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex-
|
||||
ample of this mechanism is: ``dir more''.
|
||||
|
||||
3. Failing the above checks, if ``globbing'' is enabled, local file
|
||||
names are expanded according to the rules used in the csh(1); c.f.
|
||||
the gglloobb command. If the ffttpp command expects a single local file
|
||||
(.e.g. ppuutt), only the first filename generated by the "globbing"
|
||||
operation is used.
|
||||
|
||||
4. For mmggeett commands and ggeett commands with unspecified local file
|
||||
names, the local filename is the remote filename, which may be al-
|
||||
tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename
|
||||
may then be altered if rruunniiqquuee is on.
|
||||
|
||||
5. For mmppuutt commands and ppuutt commands with unspecified remote file
|
||||
names, the remote filename is the local filename, which may be al-
|
||||
tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then
|
||||
be altered by the remote server if ssuunniiqquuee is on.
|
||||
|
||||
FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
|
||||
The FTP specification specifies many parameters which may affect a file
|
||||
transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary),
|
||||
``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
|
||||
FFttpp supports the ascii and image types of file transfer, plus local byte
|
||||
size 8 for tteenneexx mode transfers.
|
||||
|
||||
FFttpp supports only the default values for the remaining file transfer pa-
|
||||
rameters: mmooddee, ffoorrmm, and ssttrruucctt.
|
||||
|
||||
TTHHEE ..nneettrrcc FFIILLEE
|
||||
The _._n_e_t_r_c file contains login and initialization information used by the
|
||||
auto-login process. It resides in the user's home directory. The fol-
|
||||
lowing tokens are recognized; they may be separated by spaces, tabs, or
|
||||
new-lines:
|
||||
|
||||
mmaacchhiinnee _n_a_m_e
|
||||
Identify a remote machine _n_a_m_e. The auto-login process search-
|
||||
es the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote
|
||||
machine specified on the ffttpp command line or as an ooppeenn command
|
||||
argument. Once a match is made, the subsequent _._n_e_t_r_c tokens
|
||||
are processed, stopping when the end of file is reached or an-
|
||||
other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
|
||||
|
||||
ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
|
||||
any name. There can be only one ddeeffaauulltt token, and it must be
|
||||
after all mmaacchhiinnee tokens. This is normally used as:
|
||||
|
||||
default login anonymous password user@site
|
||||
|
||||
thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
|
||||
chines not specified in _._n_e_t_r_c. This can be overridden by us-
|
||||
ing the --nn flag to disable auto-login.
|
||||
|
||||
llooggiinn _n_a_m_e
|
||||
Identify a user on the remote machine. If this token is pre-
|
||||
sent, the auto-login process will initiate a login using the
|
||||
specified _n_a_m_e.
|
||||
|
||||
ppaasssswwoorrdd _s_t_r_i_n_g
|
||||
Supply a password. If this token is present, the auto-login
|
||||
process will supply the specified string if the remote server
|
||||
requires a password as part of the login process. Note that if
|
||||
this token is present in the _._n_e_t_r_c file for any user other
|
||||
than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
|
||||
_._n_e_t_r_c is readable by anyone besides the user.
|
||||
|
||||
aaccccoouunntt _s_t_r_i_n_g
|
||||
Supply an additional account password. If this token is pre-
|
||||
sent, the auto-login process will supply the specified string
|
||||
if the remote server requires an additional account password,
|
||||
or the auto-login process will initiate an ACCT command if it
|
||||
does not.
|
||||
|
||||
mmaaccddeeff _n_a_m_e
|
||||
Define a macro. This token functions like the ffttpp mmaaccddeeff com-
|
||||
mand functions. A macro is defined with the specified name;
|
||||
its contents begin with the next _._n_e_t_r_c line and continue until
|
||||
a null line (consecutive new-line characters) is encountered.
|
||||
If a macro named iinniitt is defined, it is automatically executed
|
||||
as the last step in the auto-login process.
|
||||
|
||||
EENNVVIIRROONNMMEENNTT
|
||||
FFttpp utilizes the following environment variables.
|
||||
|
||||
HOME For default location of a _._n_e_t_r_c file, if one exists.
|
||||
|
||||
SHELL For default shell.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ftpd(8)
|
||||
|
||||
_R_F_C_2_2_2_8.
|
||||
|
||||
HHIISSTTOORRYY
|
||||
The ffttpp command appeared in 4.2BSD.
|
||||
|
||||
BBUUGGSS
|
||||
Correct execution of many commands depends upon proper behavior by the
|
||||
remote server.
|
||||
|
||||
An error in the treatment of carriage returns in the 4.2BSD ascii-mode
|
||||
transfer code has been corrected. This correction may result in incor-
|
||||
rect transfers of binary files to and from 4.2BSD servers using the ascii
|
||||
type. Avoid this problem by using the binary image type.
|
||||
|
||||
4.2 Berkeley Distribution April 27, 1996 10
|
|
@ -1,297 +0,0 @@
|
|||
FTPD(8) NetBSD System Manager's Manual FTPD(8)
|
||||
|
||||
NNAAMMEE
|
||||
ffttppdd - Internet File Transfer Protocol server
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
|
||||
_t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
FFttppdd is the Internet File Transfer Protocol server process. The server
|
||||
uses the TCP protocol and listens at the port specified in the ``ftp''
|
||||
service specification; see services(5).
|
||||
|
||||
Available options:
|
||||
|
||||
--aa Select the level of authentication required. Kerberised login
|
||||
can not be turned off. The default is to only allow kerberised
|
||||
login. Other possibilities can be turned on by giving a string
|
||||
of comma separated flags as argument to --aa. Recognised flags are:
|
||||
|
||||
_p_l_a_i_n Allow logging in with plaintext password. The password can
|
||||
be a(n) OTP or an ordinary password.
|
||||
|
||||
_o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
|
||||
|
||||
_f_t_p Allow anonymous login.
|
||||
|
||||
The following combination modes exists for backwards compatibili-
|
||||
ty:
|
||||
|
||||
_n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
|
||||
|
||||
_s_a_f_e Same as _f_t_p.
|
||||
|
||||
_u_s_e_r Ignored.
|
||||
|
||||
--dd Debugging information is written to the syslog using LOG_FTP.
|
||||
|
||||
--gg Anonymous users will get a umask of _u_m_a_s_k.
|
||||
|
||||
--ii Open a socket and wait for a connection. This is mainly used for
|
||||
debugging when ftpd isn't started by inetd.
|
||||
|
||||
--ll Each successful and failed ftp(1) session is logged using syslog
|
||||
with a facility of LOG_FTP. If this option is specified twice,
|
||||
the retrieve (get), store (put), append, delete, make directory,
|
||||
remove directory and rename operations and their filename argu-
|
||||
ments are also logged.
|
||||
|
||||
--pp Use _p_o_r_t (a service name or number) instead of the default
|
||||
_f_t_p_/_t_c_p.
|
||||
|
||||
--TT A client may also request a different timeout period; the maximum
|
||||
period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
|
||||
The default limit is 2 hours.
|
||||
|
||||
--tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
|
||||
fault is 15 minutes).
|
||||
|
||||
--uu Set the initial umask to something else than the default 027.
|
||||
|
||||
--UU In previous versions of ffttppdd, when a passive mode client request-
|
||||
ed a data connection to the server, the server would use data
|
||||
ports in the range 1024..4999. Now, by default, if the system
|
||||
supports the IP_PORTRANGE socket option, the server will use data
|
||||
ports in the range 49152..65535. Specifying this option will re-
|
||||
vert to the old behavior.
|
||||
|
||||
--vv Verbose mode.
|
||||
|
||||
--BB, ----bbuuiillttiinn--llss
|
||||
use built-in ls to list files
|
||||
|
||||
----ggoooodd--cchhaarrss==_s_t_r_i_n_g
|
||||
allowed anonymous upload filename chars
|
||||
|
||||
The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
|
||||
ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
|
||||
ffttppdd prints it before issuing the ``ready'' message. If the file
|
||||
_/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
|
||||
|
||||
The ftp server currently supports the following ftp requests. The case
|
||||
of the requests is ignored.
|
||||
|
||||
Request Description
|
||||
ABOR abort previous command
|
||||
ACCT specify account (ignored)
|
||||
ALLO allocate storage (vacuously)
|
||||
APPE append to a file
|
||||
CDUP change to parent of current working directory
|
||||
CWD change working directory
|
||||
DELE delete a file
|
||||
HELP give help information
|
||||
LIST give list files in a directory (``ls -lgA'')
|
||||
MKD make a directory
|
||||
MDTM show last modification time of file
|
||||
MODE specify data transfer _m_o_d_e
|
||||
NLST give name list of files in directory
|
||||
NOOP do nothing
|
||||
PASS specify password
|
||||
PASV prepare for server-to-server transfer
|
||||
PORT specify data connection port
|
||||
PWD print the current working directory
|
||||
QUIT terminate session
|
||||
REST restart incomplete transfer
|
||||
RETR retrieve a file
|
||||
RMD remove a directory
|
||||
RNFR specify rename-from file name
|
||||
RNTO specify rename-to file name
|
||||
SITE non-standard commands (see next section)
|
||||
SIZE return size of file
|
||||
STAT return status of server
|
||||
STOR store a file
|
||||
STOU store a file with a unique name
|
||||
STRU specify data transfer _s_t_r_u_c_t_u_r_e
|
||||
SYST show operating system type of server system
|
||||
TYPE specify data transfer _t_y_p_e
|
||||
USER specify user name
|
||||
XCUP change to parent of current working directory
|
||||
(deprecated)
|
||||
XCWD change working directory (deprecated)
|
||||
XMKD make a directory (deprecated)
|
||||
XPWD print the current working directory (deprecated)
|
||||
XRMD remove a directory (deprecated)
|
||||
|
||||
The following commands are specified by RFC2228.
|
||||
|
||||
AUTH authentication/security mechanism
|
||||
ADAT authentication/security data
|
||||
PROT data channel protection level
|
||||
PBSZ protection buffer size
|
||||
MIC integrity protected command
|
||||
CONF confidentiality protected command
|
||||
ENC privacy protected command
|
||||
CCC clear command channel
|
||||
|
||||
The following non-standard or UNIX specific commands are supported by the
|
||||
SITE request.
|
||||
|
||||
UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
|
||||
IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
|
||||
CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
|
||||
FIND quickly find a specific file with GNU locate(1).
|
||||
HELP give help information.
|
||||
|
||||
The following Kerberos related site commands are understood.
|
||||
|
||||
KAUTH obtain remote tickets.
|
||||
KLIST show remote tickets
|
||||
|
||||
The remaining ftp requests specified in Internet RFC 959 are recognized,
|
||||
but not implemented. MDTM and SIZE are not specified in RFC 959, but
|
||||
will appear in the next updated FTP RFC.
|
||||
|
||||
The ftp server will abort an active file transfer only when the ABOR com-
|
||||
mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
|
||||
"Synch" signal in the command Telnet stream, as described in Internet RFC
|
||||
959. If a STAT command is received during a data transfer, preceded by a
|
||||
Telnet IP and Synch, transfer status will be returned.
|
||||
|
||||
FFttppdd interprets file names according to the ``globbing'' conventions used
|
||||
by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
|
||||
|
||||
FFttppdd authenticates users according to these rules.
|
||||
|
||||
1. If Kerberos authentication is used, the user must pass valid
|
||||
tickets and the principal must be allowed to login as the re-
|
||||
mote user.
|
||||
|
||||
2. The login name must be in the password data base, and not have
|
||||
a null password (if kerberos is used the password field is not
|
||||
checked). In this case a password must be provided by the
|
||||
client before any file operations may be performed. If the
|
||||
user has an OTP key, the response from a successful USER com-
|
||||
mand will include an OTP challenge. The client may choose to
|
||||
respond with a PASS command giving either a standard password
|
||||
or an OTP one-time password. The server will automatically de-
|
||||
termine which type of password it has been given and attempt
|
||||
to authenticate accordingly. See otp(1) for more information
|
||||
on OTP authentication.
|
||||
|
||||
3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
|
||||
|
||||
4. The user must have a standard shell returned by
|
||||
getusershell(3).
|
||||
|
||||
5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
|
||||
sion's root will be changed to the user's login directory by
|
||||
chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
|
||||
item). However, the user must still supply a password. This
|
||||
feature is intended as a compromise between a fully anonymous
|
||||
account and a fully privileged account. The account should
|
||||
also be set up as for an anonymous account.
|
||||
|
||||
6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
|
||||
account must be present in the password file (user ``ftp'').
|
||||
In this case the user is allowed to log in by specifying any
|
||||
password (by convention an email address for the user should
|
||||
be used as the password).
|
||||
|
||||
In the last case, ffttppdd takes special measures to restrict the client's
|
||||
access privileges. The server performs a chroot(2) to the home directory
|
||||
of the ``ftp'' user. In order that system security is not breached, it
|
||||
is recommended that the ``ftp'' subtree be constructed with care, consid-
|
||||
er following these guidelines for anonymous ftp.
|
||||
|
||||
In general all files should be owned by ``root'', and have non-write per-
|
||||
missions (644 or 755 depending on the kind of file). No files should be
|
||||
owned or writable by ``ftp'' (possibly with exception for the
|
||||
_~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
|
||||
|
||||
_~_f_t_p The ``ftp'' homedirectory should be owned by root.
|
||||
|
||||
_~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
|
||||
These programs must either be statically linked, or you
|
||||
must setup an environment for dynamic linking when run-
|
||||
ning chrooted. These programs will be used if present:
|
||||
|
||||
ls Used when listing files.
|
||||
|
||||
compress
|
||||
When retrieving a filename that ends in _._Z,
|
||||
and that file isn't present, ffttppdd will try
|
||||
to find the filename without _._Z and com-
|
||||
press it on the fly.
|
||||
|
||||
gzip Same as compress, just with files ending in
|
||||
_._g_z.
|
||||
|
||||
gtar Enables retrieval of whole directories as
|
||||
files ending in _._t_a_r. Can also be combined
|
||||
with compression. You must use GNU Tar (or
|
||||
some other that supports the --zz and --ZZ
|
||||
flags).
|
||||
|
||||
locate Will enable ``fast find'' with the SSIITTEE
|
||||
FFIINNDD command. You must also create a
|
||||
_l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
|
||||
|
||||
_~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
|
||||
here, ls will be able to produce owner names rather than
|
||||
numbers. Remember to remove any passwords from these
|
||||
files.
|
||||
|
||||
The file _m_o_t_d, if present, will be printed after a suc-
|
||||
cessful login.
|
||||
|
||||
_~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
|
||||
|
||||
_~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
|
||||
lic.
|
||||
|
||||
If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
|
||||
rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
|
||||
``ftp'' is member of group ``ftp''). The following restrictions apply to
|
||||
anonymous users:
|
||||
|
||||
++oo Directories created will have mode 700.
|
||||
|
||||
++oo Uploaded files will be created with an umask of 777, if not changed
|
||||
with the --gg option.
|
||||
|
||||
++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
|
||||
and SSIITTEE CCHHMMOODD.
|
||||
|
||||
++oo Filenames must start with an alpha-numeric character, and consist of
|
||||
alpha-numeric characters or any of the following: + (plus), - (mi-
|
||||
nus), = (equal), _ (underscore), . (period), and , (comma).
|
||||
|
||||
FFIILLEESS
|
||||
/etc/ftpusers Access list for users.
|
||||
/etc/ftpchroot List of normal users who should be chroot'd.
|
||||
/etc/ftpwelcome Welcome notice.
|
||||
/etc/motd Welcome notice after login.
|
||||
/etc/nologin Displayed and access refused.
|
||||
~/.klogin Login access for Kerberos.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8)
|
||||
|
||||
SSTTAANNDDAARRDDSS
|
||||
RRFFCC 995599 FTP PROTOCOL SPECIFICATION
|
||||
RRFFCC 11993388 OTP Specification
|
||||
RRFFCC 22222288 FTP Security Extensions.
|
||||
|
||||
BBUUGGSS
|
||||
The server must run as the super-user to create sockets with privileged
|
||||
port numbers. It maintains an effective user id of the logged in user,
|
||||
reverting to the super-user only when binding addresses to sockets. The
|
||||
possible security holes have been extensively scrutinized, but are possi-
|
||||
bly incomplete.
|
||||
|
||||
HHIISSTTOORRYY
|
||||
The ffttppdd command appeared in 4.2BSD.
|
||||
|
||||
4.2 Berkeley Distribution April 19, 1997 5
|
|
@ -1,26 +0,0 @@
|
|||
FTPUSERS(5) NetBSD Programmer's Manual FTPUSERS(5)
|
||||
|
||||
NNAAMMEE
|
||||
_/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
_/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
|
||||
FTP access. Each line contains a user, optionally followed by ``allow''
|
||||
(anything but ``allow'' is ignored). The semi-user ``*'' matches any us-
|
||||
er. Users that has an explicit ``allow'', or that does not match any
|
||||
line, are allowed access. Anyone else is denied access.
|
||||
|
||||
Note that this is compatible with the old format, where this file con-
|
||||
tained a list of users that should be denied access.
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
This will deny anyone but ``foo'' and ``bar'' to use FTP:
|
||||
|
||||
foo allow
|
||||
bar allow
|
||||
*
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
ftpd(8)
|
||||
|
||||
KTH-KRB May 7, 1997 1
|
|
@ -1,45 +0,0 @@
|
|||
KF(1) NetBSD Reference Manual KF(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkff - securly forward tickets
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e |
|
||||
----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh |
|
||||
----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._.
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
The kkff program forwards tickets to a remove host through an authenticated
|
||||
and encrypted stream. Options supported are:
|
||||
|
||||
--pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
|
||||
port to connect to
|
||||
|
||||
--ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n
|
||||
remote login name
|
||||
|
||||
--cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e
|
||||
remote cred cache
|
||||
|
||||
--FF, ----ffoorrwwaarrddaabbllee
|
||||
forward forwardable credentials
|
||||
|
||||
--GG, ----nnoo--ffoorrwwaarrddaabbllee
|
||||
do not forward forwardable credentials
|
||||
|
||||
--hh, ----hheellpp
|
||||
|
||||
----vveerrssiioonn
|
||||
|
||||
kkff is useful when you do not want to enter your password on a remote host
|
||||
but want to have your tickets one for example afs.
|
||||
|
||||
In order for kkff to work you will need to acquire your initial ticket with
|
||||
forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee.
|
||||
|
||||
tteellnneett is able to forward ticket by itself.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kinit(1), telnet(1), kfd(8)
|
||||
|
||||
Heimdal July 2, 2000 1
|
|
@ -1,30 +0,0 @@
|
|||
KFD(8) NetBSD System Manager's Manual KFD(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkffdd - receive forwarded tickets
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g]
|
||||
[--hh | ----hheellpp] [----vveerrssiioonn]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
This is the daemon for kf(1). Supported options:
|
||||
|
||||
--pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
|
||||
port to listen to
|
||||
|
||||
--ii, ----iinneettdd
|
||||
not started from inetd
|
||||
|
||||
--RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g
|
||||
path to regpag binary
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
|
||||
|
||||
kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kf(1)
|
||||
|
||||
Heimdal July 2, 2000 1
|
|
@ -1,16 +0,0 @@
|
|||
PFROM(1) NetBSD Reference Manual PFROM(1)
|
||||
|
||||
NNAAMMEE
|
||||
ppffrroomm - fetch a list of the current mail via POP
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt]
|
||||
[----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ppffrroomm is a script that does push --from.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
push(8)
|
||||
|
||||
HEIMDAL March 4, 2000 1
|
|
@ -1,76 +0,0 @@
|
|||
PUSH(8) NetBSD System Manager's Manual PUSH(8)
|
||||
|
||||
NNAAMMEE
|
||||
ppuusshh - fetch mail via POP
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
|
||||
----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c |
|
||||
----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
|
||||
in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following
|
||||
formats:
|
||||
`hostname:username'
|
||||
`po:hostname:username'
|
||||
`username@hostname'
|
||||
`po:username@hostname'
|
||||
`hostname'
|
||||
`po:username'
|
||||
|
||||
If no username is specified, ppuusshh assumes that it's the same as on the
|
||||
local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
|
||||
variable.
|
||||
|
||||
Supported options:
|
||||
|
||||
--44, ----kkrrbb44
|
||||
use Kerberos 4 (if compiled with support for Kerberos 4)
|
||||
|
||||
--55, ----kkrrbb55
|
||||
use Kerberos 5 (if compiled with support for Kerberos 5)
|
||||
|
||||
--ff, ----ffoorrkk
|
||||
fork before starting to delete messages
|
||||
|
||||
--ll, ----lleeaavvee
|
||||
don't delete fetched mail
|
||||
|
||||
----ffrroomm behave like from.
|
||||
|
||||
--cc, ----ccoouunntt
|
||||
first print how many messages and bytes there are.
|
||||
|
||||
----hheeaaddeerrss=_h_e_a_d_e_r_s
|
||||
a list of comma-separated headers that should get printed.
|
||||
|
||||
--pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c
|
||||
use this port instead of the default `kpop' or `1109'.
|
||||
|
||||
The default is to first try Kerberos 5 authentication and then, if that
|
||||
fails, Kerberos 4.
|
||||
|
||||
EENNVVIIRROONNMMEENNTT
|
||||
MAILHOST
|
||||
points to the post office, if no other hostname is specified.
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
$ push cornfield:roosta ~/.emacs-mail-crash-box
|
||||
|
||||
tries to fetch mail for the user _r_o_o_s_t_a from the post office at
|
||||
``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are
|
||||
using Gnus, aren't you?)
|
||||
|
||||
$ push --from -5 havregryn
|
||||
|
||||
tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
|
||||
using Kerberos 5.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
from(1), pfrom(1), movemail(8), popper(8)
|
||||
|
||||
HHIISSTTOORRYY
|
||||
ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
|
||||
|
||||
HEIMDAL May 31, 1998 2
|
|
@ -1,714 +0,0 @@
|
|||
TELNET(1) NetBSD Reference Manual TELNET(1)
|
||||
|
||||
NNAAMMEE
|
||||
tteellnneett - user interface to the TELNET protocol
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m]
|
||||
[--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
The tteellnneett command is used to communicate with another host using the
|
||||
TELNET protocol. If tteellnneett is invoked without the _h_o_s_t argument, it en-
|
||||
ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it
|
||||
accepts and executes the commands listed below. If it is invoked with
|
||||
arguments, it performs an ooppeenn command with those arguments.
|
||||
|
||||
Options:
|
||||
|
||||
--88 Specifies an 8-bit data path. This causes an attempt to negoti-
|
||||
ate the TELNET BINARY option on both input and output.
|
||||
|
||||
--77 Do not try to negotiate TELNET BINARY option.
|
||||
|
||||
--EE Stops any character from being recognized as an escape character.
|
||||
|
||||
--FF If Kerberos V5 authentication is being used, the --FF option allows
|
||||
the local credentials to be forwarded to the remote system, in-
|
||||
cluding any credentials that have already been forwarded into the
|
||||
local environment.
|
||||
|
||||
--KK Specifies no automatic login to the remote system.
|
||||
|
||||
--LL Specifies an 8-bit data path on output. This causes the BINARY
|
||||
option to be negotiated on output.
|
||||
|
||||
--SS _t_o_s Sets the IP type-of-service (TOS) option for the telnet connec-
|
||||
tion to the value _t_o_s, which can be a numeric TOS value or, on
|
||||
systems that support it, a symbolic TOS name found in the
|
||||
/etc/iptos file.
|
||||
|
||||
--XX _a_t_y_p_e
|
||||
Disables the _a_t_y_p_e type of authentication.
|
||||
|
||||
--aa Attempt automatic login. Currently, this sends the user name via
|
||||
the USER variable of the ENVIRON option if supported by the re-
|
||||
mote system. The name used is that of the current user as re-
|
||||
turned by getlogin(2) if it agrees with the current user ID, oth-
|
||||
erwise it is the name associated with the user ID.
|
||||
|
||||
--cc Disables the reading of the user's _._t_e_l_n_e_t_r_c file. (See the
|
||||
ttooggggllee sskkiipprrcc command on this man page.)
|
||||
|
||||
--dd Sets the initial value of the ddeebbuugg toggle to TRUE
|
||||
|
||||
--ee _e_s_c_a_p_e _c_h_a_r
|
||||
Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r.
|
||||
If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
|
||||
ter.
|
||||
|
||||
--ff If Kerberos V5 authentication is being used, the --ff option allows
|
||||
the local credentials to be forwarded to the remote system.
|
||||
|
||||
--kk _r_e_a_l_m
|
||||
If Kerberos authentication is being used, the --kk option requests
|
||||
that telnet obtain tickets for the remote host in realm realm in-
|
||||
stead of the remote host's realm, as determined by
|
||||
krb_realmofhost(3).
|
||||
|
||||
--ll _u_s_e_r
|
||||
When connecting to the remote system, if the remote system under-
|
||||
stands the ENVIRON option, then _u_s_e_r will be sent to the remote
|
||||
system as the value for the variable USER. This option implies
|
||||
the --aa option. This option may also be used with the ooppeenn com-
|
||||
mand.
|
||||
|
||||
--nn _t_r_a_c_e_f_i_l_e
|
||||
Opens _t_r_a_c_e_f_i_l_e for recording trace information. See the sseett
|
||||
ttrraacceeffiillee command below.
|
||||
|
||||
--rr Specifies a user interface similar to rlogin(1). In this mode,
|
||||
the escape character is set to the tilde (~) character, unless
|
||||
modified by the -e option.
|
||||
|
||||
--xx Turn on encryption of the data stream. When this option is
|
||||
turned on, will exit with an error if authentication cannot be
|
||||
negotiated or if encryption cannot be turned on.
|
||||
|
||||
_h_o_s_t Indicates the official name, an alias, or the Internet address of
|
||||
a remote host.
|
||||
|
||||
_p_o_r_t Indicates a port number (address of an application). If a number
|
||||
is not specified, the default tteellnneett port is used.
|
||||
|
||||
When in rlogin mode, a line of the form ~. disconnects from the remote
|
||||
host; ~ is the telnet escape character. Similarly, the line ~^Z suspends
|
||||
the telnet session. The line ~^] escapes to the normal telnet escape
|
||||
prompt.
|
||||
|
||||
Once a connection has been opened, tteellnneett will attempt to enable the
|
||||
TELNET LINEMODE option. If this fails, then tteellnneett will revert to one of
|
||||
two input modes: either ``character at a time'' or ``old line by line''
|
||||
depending on what the remote system supports.
|
||||
|
||||
When LINEMODE is enabled, character processing is done on the local sys-
|
||||
tem, under the control of the remote system. When input editing or char-
|
||||
acter echoing is to be disabled, the remote system will relay that infor-
|
||||
mation. The remote system will also relay changes to any special charac-
|
||||
ters that happen on the remote system, so that they can take effect on
|
||||
the local system.
|
||||
|
||||
In ``character at a time'' mode, most text typed is immediately sent to
|
||||
the remote host for processing.
|
||||
|
||||
In ``old line by line'' mode, all text is echoed locally, and (normally)
|
||||
only completed lines are sent to the remote host. The ``local echo char-
|
||||
acter'' (initially ``^E'') may be used to turn off and on the local echo
|
||||
(this would mostly be used to enter passwords without the password being
|
||||
echoed).
|
||||
|
||||
If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
|
||||
(the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
|
||||
and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
|
||||
quences to the remote side. If LINEMODE has ever been enabled, then the
|
||||
user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
|
||||
is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
|
||||
aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
|
||||
subsequent output to the terminal (until the remote host acknowledges the
|
||||
TELNET sequence) and flush previous terminal input (in the case of qquuiitt
|
||||
and iinnttrr).
|
||||
|
||||
While connected to a remote host, tteellnneett command mode may be entered by
|
||||
typing the tteellnneett ``escape character'' (initially ``^]''). When in com-
|
||||
mand mode, the normal terminal editing conventions are available.
|
||||
|
||||
The following tteellnneett commands are available. Only enough of each command
|
||||
to uniquely identify it need be typed (this is also true for arguments to
|
||||
the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
|
||||
|
||||
aauutthh _a_r_g_u_m_e_n_t _._._.
|
||||
The auth command manipulates the information sent through the
|
||||
TELNET AUTHENTICATE option. Valid arguments for the auth com-
|
||||
mand are as follows:
|
||||
|
||||
ddiissaabbllee _t_y_p_e Disables the specified type of authentication.
|
||||
To obtain a list of available types, use the
|
||||
aauutthh ddiissaabbllee ?? command.
|
||||
|
||||
eennaabbllee _t_y_p_e Enables the specified type of authentication.
|
||||
To obtain a list of available types, use the
|
||||
aauutthh eennaabbllee ?? command.
|
||||
|
||||
ssttaattuuss Lists the current status of the various types of
|
||||
authentication.
|
||||
|
||||
cclloossee Close a TELNET session and return to command mode.
|
||||
|
||||
ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
|
||||
Displays all, or some, of the sseett and ttooggggllee values (see be-
|
||||
low).
|
||||
|
||||
eennccrryypptt _a_r_g_u_m_e_n_t _._._.
|
||||
The encrypt command manipulates the information sent through
|
||||
the TELNET ENCRYPT option.
|
||||
|
||||
Note: Because of export controls, the TELNET ENCRYPT option
|
||||
is not supported outside of the United States and Canada.
|
||||
|
||||
Valid arguments for the encrypt command are as follows:
|
||||
|
||||
ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
|
||||
Disables the specified type of encryption. If
|
||||
you omit the input and output, both input and
|
||||
output are disabled. To obtain a list of avail-
|
||||
able types, use the eennccrryypptt ddiissaabbllee ?? command.
|
||||
|
||||
eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
|
||||
Enables the specified type of encryption. If
|
||||
you omit input and output, both input and output
|
||||
are enabled. To obtain a list of available
|
||||
types, use the eennccrryypptt eennaabbllee ?? command.
|
||||
|
||||
iinnppuutt This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
|
||||
mand.
|
||||
|
||||
--iinnppuutt This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
|
||||
mand.
|
||||
|
||||
oouuttppuutt This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
|
||||
command.
|
||||
|
||||
--oouuttppuutt This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
|
||||
mand.
|
||||
|
||||
ssttaarrtt [iinnppuutt | oouuttppuutt]
|
||||
Attempts to start encryption. If you omit iinnppuutt
|
||||
and oouuttppuutt, both input and output are enabled.
|
||||
To obtain a list of available types, use the
|
||||
eennccrryypptt eennaabbllee ?? command.
|
||||
|
||||
ssttaattuuss Lists the current status of encryption.
|
||||
|
||||
ssttoopp [iinnppuutt | oouuttppuutt]
|
||||
Stops encryption. If you omit input and output,
|
||||
encryption is on both input and output.
|
||||
|
||||
ttyyppee _t_y_p_e Sets the default type of encryption to be used
|
||||
with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
|
||||
mands.
|
||||
|
||||
eennvviirroonn _a_r_g_u_m_e_n_t_s _._._.
|
||||
The eennvviirroonn command is used to manipulate the the variables
|
||||
that my be sent through the TELNET ENVIRON option. The ini-
|
||||
tial set of variables is taken from the users environment,
|
||||
with only the DISPLAY and PRINTER variables being exported by
|
||||
default. The USER variable is also exported if the --aa or --ll
|
||||
options are used.
|
||||
|
||||
Valid arguments for the eennvviirroonn command are:
|
||||
|
||||
ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
|
||||
Define the variable _v_a_r_i_a_b_l_e to have a value of
|
||||
_v_a_l_u_e. Any variables defined by this command are
|
||||
automatically exported. The _v_a_l_u_e may be enclosed
|
||||
in single or double quotes so that tabs and spaces
|
||||
may be included.
|
||||
|
||||
uunnddeeffiinnee _v_a_r_i_a_b_l_e
|
||||
Remove _v_a_r_i_a_b_l_e from the list of environment vari-
|
||||
ables.
|
||||
|
||||
eexxppoorrtt _v_a_r_i_a_b_l_e
|
||||
Mark the variable _v_a_r_i_a_b_l_e to be exported to the
|
||||
remote side.
|
||||
|
||||
uunneexxppoorrtt _v_a_r_i_a_b_l_e
|
||||
Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
|
||||
less explicitly asked for by the remote side.
|
||||
|
||||
lliisstt List the current set of environment variables.
|
||||
Those marked with a ** will be sent automatically,
|
||||
other variables will only be sent if explicitly
|
||||
requested.
|
||||
|
||||
?? Prints out help information for the eennvviirroonn com-
|
||||
mand.
|
||||
|
||||
llooggoouutt Sends the TELNET LOGOUT option to the remote side. This com-
|
||||
mand is similar to a cclloossee command; however, if the remote
|
||||
side does not support the LOGOUT option, nothing happens. If,
|
||||
however, the remote side does support the LOGOUT option, this
|
||||
command should cause the remote side to close the TELNET con-
|
||||
nection. If the remote side also supports the concept of sus-
|
||||
pending a user's session for later reattachment, the logout
|
||||
argument indicates that you should terminate the session imme-
|
||||
diately.
|
||||
|
||||
mmooddee _t_y_p_e _T_y_p_e is one of several options, depending on the state of the
|
||||
TELNET session. The remote host is asked for permission to go
|
||||
into the requested mode. If the remote host is capable of en-
|
||||
tering that mode, the requested mode will be entered.
|
||||
|
||||
cchhaarraacctteerr Disable the TELNET LINEMODE option, or, if the
|
||||
remote side does not understand the LINEMODE op-
|
||||
tion, then enter ``character at a time`` mode.
|
||||
|
||||
lliinnee Enable the TELNET LINEMODE option, or, if the
|
||||
remote side does not understand the LINEMODE op-
|
||||
tion, then attempt to enter ``old-line-by-line``
|
||||
mode.
|
||||
|
||||
iissiigg (--iissiigg) Attempt to enable (disable) the TRAPSIG mode of
|
||||
the LINEMODE option. This requires that the
|
||||
LINEMODE option be enabled.
|
||||
|
||||
eeddiitt (--eeddiitt) Attempt to enable (disable) the EDIT mode of the
|
||||
LINEMODE option. This requires that the
|
||||
LINEMODE option be enabled.
|
||||
|
||||
ssooffttttaabbss (--ssooffttttaabbss)
|
||||
Attempt to enable (disable) the SOFT_TAB mode of
|
||||
the LINEMODE option. This requires that the
|
||||
LINEMODE option be enabled.
|
||||
|
||||
lliitteecchhoo (--lliitteecchhoo)
|
||||
Attempt to enable (disable) the LIT_ECHO mode of
|
||||
the LINEMODE option. This requires that the
|
||||
LINEMODE option be enabled.
|
||||
|
||||
?? Prints out help information for the mmooddee com-
|
||||
mand.
|
||||
|
||||
ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t]
|
||||
Open a connection to the named host. If no port number is
|
||||
specified, tteellnneett will attempt to contact a TELNET server at
|
||||
the default port. The host specification may be either a host
|
||||
name (see hosts(5)) or an Internet address specified in the
|
||||
``dot notation'' (see inet(3)). The [--ll] option may be used
|
||||
to specify the user name to be passed to the remote system via
|
||||
the ENVIRON option. When connecting to a non-standard port,
|
||||
tteellnneett omits any automatic initiation of TELNET options. When
|
||||
the port number is preceded by a minus sign, the initial op-
|
||||
tion negotiation is done. After establishing a connection,
|
||||
the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
|
||||
Lines beginning with a # are comment lines. Blank lines are
|
||||
ignored. Lines that begin without white space are the start
|
||||
of a machine entry. The first thing on the line is the name
|
||||
of the machine that is being connected to. The rest of the
|
||||
line, and successive lines that begin with white space are as-
|
||||
sumed to be tteellnneett commands and are processed as if they had
|
||||
been typed in manually to the tteellnneett command prompt.
|
||||
|
||||
qquuiitt Close any open TELNET session and exit tteellnneett. An end of file
|
||||
(in command mode) will also close a session and exit.
|
||||
|
||||
sseenndd _a_r_g_u_m_e_n_t_s
|
||||
Sends one or more special character sequences to the remote
|
||||
host. The following are the arguments which may be specified
|
||||
(more than one argument may be specified at a time):
|
||||
|
||||
aabboorrtt Sends the TELNET ABORT (Abort processes) sequence.
|
||||
|
||||
aaoo Sends the TELNET AO (Abort Output) sequence, which
|
||||
should cause the remote system to flush all output
|
||||
_f_r_o_m the remote system _t_o the user's terminal.
|
||||
|
||||
aayytt Sends the TELNET AYT (Are You There) sequence, to
|
||||
which the remote system may or may not choose to re-
|
||||
spond.
|
||||
|
||||
bbrrkk Sends the TELNET BRK (Break) sequence, which may have
|
||||
significance to the remote system.
|
||||
|
||||
eecc Sends the TELNET EC (Erase Character) sequence, which
|
||||
should cause the remote system to erase the last char-
|
||||
acter entered.
|
||||
|
||||
eell Sends the TELNET EL (Erase Line) sequence, which
|
||||
should cause the remote system to erase the line cur-
|
||||
rently being entered.
|
||||
|
||||
eeooff Sends the TELNET EOF (End Of File) sequence.
|
||||
|
||||
eeoorr Sends the TELNET EOR (End of Record) sequence.
|
||||
|
||||
eessccaappee Sends the current tteellnneett escape character (initially
|
||||
``^'').
|
||||
|
||||
ggaa Sends the TELNET GA (Go Ahead) sequence, which likely
|
||||
has no significance to the remote system.
|
||||
|
||||
ggeettssttaattuuss
|
||||
If the remote side supports the TELNET STATUS command,
|
||||
ggeettssttaattuuss will send the subnegotiation to request that
|
||||
the server send its current option status.
|
||||
|
||||
iipp Sends the TELNET IP (Interrupt Process) sequence,
|
||||
which should cause the remote system to abort the cur-
|
||||
rently running process.
|
||||
|
||||
nnoopp Sends the TELNET NOP (No OPeration) sequence.
|
||||
|
||||
ssuusspp Sends the TELNET SUSP (SUSPend process) sequence.
|
||||
|
||||
ssyynncchh Sends the TELNET SYNCH sequence. This sequence causes
|
||||
the remote system to discard all previously typed (but
|
||||
not yet read) input. This sequence is sent as TCP ur-
|
||||
gent data (and may not work if the remote system is a
|
||||
4.2BSD system -- if it doesn't work, a lower case
|
||||
``r'' may be echoed on the terminal).
|
||||
|
||||
ddoo _c_m_d
|
||||
|
||||
ddoonntt _c_m_d
|
||||
|
||||
wwiillll _c_m_d
|
||||
|
||||
wwoonntt _c_m_d
|
||||
Sends the TELNET DO _c_m_d sequence. _C_m_d can be either a
|
||||
decimal number between 0 and 255, or a symbolic name
|
||||
for a specific TELNET command. _C_m_d can also be either
|
||||
hheellpp or ?? to print out help information, including a
|
||||
list of known symbolic names.
|
||||
|
||||
?? Prints out help information for the sseenndd command.
|
||||
|
||||
sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
|
||||
|
||||
uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
|
||||
The sseett command will set any one of a number of tteellnneett vari-
|
||||
ables to a specific value or to TRUE. The special value ooffff
|
||||
turns off the function associated with the variable, this is
|
||||
equivalent to using the uunnsseett command. The uunnsseett command will
|
||||
disable or set to FALSE any of the specified functions. The
|
||||
values of variables may be interrogated with the ddiissppllaayy com-
|
||||
mand. The variables which may be set or unset, but not tog-
|
||||
gled, are listed here. In addition, any of the variables for
|
||||
the ttooggggllee command may be explicitly set or unset using the
|
||||
sseett and uunnsseett commands.
|
||||
|
||||
aayytt If TELNET is in localchars mode, or LINEMODE is en-
|
||||
abled, and the status character is typed, a TELNET AYT
|
||||
sequence (see sseenndd aayytt preceding) is sent to the re-
|
||||
mote host. The initial value for the "Are You There"
|
||||
character is the terminal's status character.
|
||||
|
||||
eecchhoo This is the value (initially ``^E'') which, when in
|
||||
``line by line'' mode, toggles between doing local
|
||||
echoing of entered characters (for normal processing),
|
||||
and suppressing echoing of entered characters (for en-
|
||||
tering, say, a password).
|
||||
|
||||
eeooff If tteellnneett is operating in LINEMODE or ``old line by
|
||||
line'' mode, entering this character as the first
|
||||
character on a line will cause this character to be
|
||||
sent to the remote system. The initial value of the
|
||||
eof character is taken to be the terminal's eeooff char-
|
||||
acter.
|
||||
|
||||
eerraassee If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
|
||||
below), aanndd if tteellnneett is operating in ``character at a
|
||||
time'' mode, then when this character is typed, a
|
||||
TELNET EC sequence (see sseenndd eecc above) is sent to the
|
||||
remote system. The initial value for the erase char-
|
||||
acter is taken to be the terminal's eerraassee character.
|
||||
|
||||
eessccaappee This is the tteellnneett escape character (initially ``^['')
|
||||
which causes entry into tteellnneett command mode (when con-
|
||||
nected to a remote system).
|
||||
|
||||
fflluusshhoouuttppuutt
|
||||
If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
|
||||
below) and the fflluusshhoouuttppuutt character is typed, a
|
||||
TELNET AO sequence (see sseenndd aaoo above) is sent to the
|
||||
remote host. The initial value for the flush charac-
|
||||
ter is taken to be the terminal's fflluusshh character.
|
||||
|
||||
ffoorrww11
|
||||
|
||||
ffoorrww22 If TELNET is operating in LINEMODE, these are the
|
||||
characters that, when typed, cause partial lines to be
|
||||
forwarded to the remote system. The initial value for
|
||||
the forwarding characters are taken from the termi-
|
||||
nal's eol and eol2 characters.
|
||||
|
||||
iinntteerrrruupptt
|
||||
If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
|
||||
below) and the iinntteerrrruupptt character is typed, a TELNET
|
||||
IP sequence (see sseenndd iipp above) is sent to the remote
|
||||
host. The initial value for the interrupt character
|
||||
is taken to be the terminal's iinnttrr character.
|
||||
|
||||
kkiillll If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
|
||||
below), aanndd if tteellnneett is operating in ``character at a
|
||||
time'' mode, then when this character is typed, a
|
||||
TELNET EL sequence (see sseenndd eell above) is sent to the
|
||||
remote system. The initial value for the kill charac-
|
||||
ter is taken to be the terminal's kkiillll character.
|
||||
|
||||
llnneexxtt If tteellnneett is operating in LINEMODE or ``old line by
|
||||
line`` mode, then this character is taken to be the
|
||||
terminal's llnneexxtt character. The initial value for the
|
||||
lnext character is taken to be the terminal's llnneexxtt
|
||||
character.
|
||||
|
||||
qquuiitt If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
|
||||
below) and the qquuiitt character is typed, a TELNET BRK
|
||||
sequence (see sseenndd bbrrkk above) is sent to the remote
|
||||
host. The initial value for the quit character is
|
||||
taken to be the terminal's qquuiitt character.
|
||||
|
||||
rreepprriinntt
|
||||
If tteellnneett is operating in LINEMODE or ``old line by
|
||||
line`` mode, then this character is taken to be the
|
||||
terminal's rreepprriinntt character. The initial value for
|
||||
the reprint character is taken to be the terminal's
|
||||
rreepprriinntt character.
|
||||
|
||||
rrllooggiinn This is the rlogin escape character. If set, the nor-
|
||||
mal TELNET escape character is ignored unless it is
|
||||
preceded by this character at the beginning of a line.
|
||||
This character, at the beginning of a line followed by
|
||||
a "." closes the connection; when followed by a ^Z it
|
||||
suspends the telnet command. The initial state is to
|
||||
disable the rlogin escape character.
|
||||
|
||||
ssttaarrtt If the TELNET TOGGLE-FLOW-CONTROL option has been en-
|
||||
abled, then this character is taken to be the termi-
|
||||
nal's ssttaarrtt character. The initial value for the kill
|
||||
character is taken to be the terminal's ssttaarrtt charac-
|
||||
ter.
|
||||
|
||||
ssttoopp If the TELNET TOGGLE-FLOW-CONTROL option has been en-
|
||||
abled, then this character is taken to be the termi-
|
||||
nal's ssttoopp character. The initial value for the kill
|
||||
character is taken to be the terminal's ssttoopp charac-
|
||||
ter.
|
||||
|
||||
ssuusspp If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
|
||||
abled, and the ssuussppeenndd character is typed, a TELNET
|
||||
SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
|
||||
mote host. The initial value for the suspend charac-
|
||||
ter is taken to be the terminal's ssuussppeenndd character.
|
||||
|
||||
ttrraacceeffiillee
|
||||
This is the file to which the output, caused by
|
||||
nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
|
||||
If it is set to ``--'', then tracing information will
|
||||
be written to standard output (the default).
|
||||
|
||||
wwoorrddeerraassee
|
||||
If tteellnneett is operating in LINEMODE or ``old line by
|
||||
line`` mode, then this character is taken to be the
|
||||
terminal's wwoorrddeerraassee character. The initial value for
|
||||
the worderase character is taken to be the terminal's
|
||||
wwoorrddeerraassee character.
|
||||
|
||||
?? Displays the legal sseett (uunnsseett) commands.
|
||||
|
||||
ssllcc _s_t_a_t_e The ssllcc command (Set Local Characters) is used to set or
|
||||
change the state of the the special characters when the TELNET
|
||||
LINEMODE option has been enabled. Special characters are
|
||||
characters that get mapped to TELNET commands sequences (like
|
||||
iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
|
||||
By default, the local special characters are exported.
|
||||
|
||||
cchheecckk Verify the current settings for the current spe-
|
||||
cial characters. The remote side is requested to
|
||||
send all the current special character settings,
|
||||
and if there are any discrepancies with the local
|
||||
side, the local side will switch to the remote
|
||||
value.
|
||||
|
||||
eexxppoorrtt Switch to the local defaults for the special char-
|
||||
acters. The local default characters are those of
|
||||
the local terminal at the time when tteellnneett was
|
||||
started.
|
||||
|
||||
iimmppoorrtt Switch to the remote defaults for the special
|
||||
characters. The remote default characters are
|
||||
those of the remote system at the time when the
|
||||
TELNET connection was established.
|
||||
|
||||
?? Prints out help information for the ssllcc command.
|
||||
|
||||
ssttaattuuss Show the current status of tteellnneett. This includes the peer one
|
||||
is connected to, as well as the current mode.
|
||||
|
||||
ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
|
||||
Toggle (between TRUE and FALSE) various flags that control how
|
||||
tteellnneett responds to events. These flags may be set explicitly
|
||||
to TRUE or FALSE using the sseett and uunnsseett commands listed
|
||||
above. More than one argument may be specified. The state of
|
||||
these flags may be interrogated with the ddiissppllaayy command.
|
||||
Valid arguments are:
|
||||
|
||||
aauutthhddeebbuugg Turns on debugging information for the authenti-
|
||||
cation code.
|
||||
|
||||
aauuttoofflluusshh If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
|
||||
when the aaoo, or qquuiitt characters are recognized
|
||||
(and transformed into TELNET sequences; see sseett
|
||||
above for details), tteellnneett refuses to display
|
||||
any data on the user's terminal until the remote
|
||||
system acknowledges (via a TELNET TIMING MARK
|
||||
option) that it has processed those TELNET se-
|
||||
quences. The initial value for this toggle is
|
||||
TRUE if the terminal user had not done an "stty
|
||||
noflsh", otherwise FALSE (see stty(1)).
|
||||
|
||||
aauuttooddeeccrryypptt When the TELNET ENCRYPT option is negotiated, by
|
||||
default the actual encryption (decryption) of
|
||||
the data stream does not start automatically.
|
||||
The autoencrypt (autodecrypt) command states
|
||||
that encryption of the output (input) stream
|
||||
should be enabled as soon as possible.
|
||||
|
||||
Note: Because of export controls, the TELNET
|
||||
ENCRYPT option is not supported outside the
|
||||
United States and Canada.
|
||||
|
||||
aauuttoollooggiinn If the remote side supports the TELNET
|
||||
AUTHENTICATION option TELNET attempts to use it
|
||||
to perform automatic authentication. If the
|
||||
AUTHENTICATION option is not supported, the us-
|
||||
er's login name are propagated through the
|
||||
TELNET ENVIRON option. This command is the same
|
||||
as specifying _a option on the ooppeenn command.
|
||||
|
||||
aauuttoossyynncchh If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
|
||||
when either the iinnttrr or qquuiitt characters is typed
|
||||
(see sseett above for descriptions of the iinnttrr and
|
||||
qquuiitt characters), the resulting TELNET sequence
|
||||
sent is followed by the TELNET SYNCH sequence.
|
||||
This procedure sshhoouulldd cause the remote system to
|
||||
begin throwing away all previously typed input
|
||||
until both of the TELNET sequences have been
|
||||
read and acted upon. The initial value of this
|
||||
toggle is FALSE.
|
||||
|
||||
bbiinnaarryy Enable or disable the TELNET BINARY option on
|
||||
both input and output.
|
||||
|
||||
iinnbbiinnaarryy Enable or disable the TELNET BINARY option on
|
||||
input.
|
||||
|
||||
oouuttbbiinnaarryy Enable or disable the TELNET BINARY option on
|
||||
output.
|
||||
|
||||
ccrrllff If this is TRUE, then carriage returns will be
|
||||
sent as <CR><LF>. If this is FALSE, then car-
|
||||
riage returns will be send as <CR><NUL>. The
|
||||
initial value for this toggle is FALSE.
|
||||
|
||||
ccrrmmoodd Toggle carriage return mode. When this mode is
|
||||
enabled, most carriage return characters re-
|
||||
ceived from the remote host will be mapped into
|
||||
a carriage return followed by a line feed. This
|
||||
mode does not affect those characters typed by
|
||||
the user, only those received from the remote
|
||||
host. This mode is not very useful unless the
|
||||
remote host only sends carriage return, but nev-
|
||||
er line feed. The initial value for this toggle
|
||||
is FALSE.
|
||||
|
||||
ddeebbuugg Toggles socket level debugging (useful only to
|
||||
the ssuuppeerr uusseerr). The initial value for this
|
||||
toggle is FALSE.
|
||||
|
||||
eennccddeebbuugg Turns on debugging information for the encryp-
|
||||
tion code.
|
||||
|
||||
llooccaallcchhaarrss If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
|
||||
qquuiitt, eerraassee, and kkiillll characters (see sseett above)
|
||||
are recognized locally, and transformed into
|
||||
(hopefully) appropriate TELNET control sequences
|
||||
(respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
|
||||
above). The initial value for this toggle is
|
||||
TRUE in ``old line by line'' mode, and FALSE in
|
||||
``character at a time'' mode. When the LINEMODE
|
||||
option is enabled, the value of llooccaallcchhaarrss is
|
||||
ignored, and assumed to always be TRUE. If
|
||||
LINEMODE has ever been enabled, then qquuiitt is
|
||||
sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as
|
||||
eeooff and ssuusspp, see sseenndd above).
|
||||
|
||||
nneettddaattaa Toggles the display of all network data (in hex-
|
||||
adecimal format). The initial value for this
|
||||
toggle is FALSE.
|
||||
|
||||
ooppttiioonnss Toggles the display of some internal tteellnneett pro-
|
||||
tocol processing (having to do with TELNET op-
|
||||
tions). The initial value for this toggle is
|
||||
FALSE.
|
||||
|
||||
pprreettttyydduummpp When the nneettddaattaa toggle is enabled, if
|
||||
pprreettttyydduummpp is enabled the output from the
|
||||
nneettddaattaa command will be formatted in a more user
|
||||
readable format. Spaces are put between each
|
||||
character in the output, and the beginning of
|
||||
any TELNET escape sequence is preceded by a '*'
|
||||
to aid in locating them.
|
||||
|
||||
sskkiipprrcc When the skiprc toggle is TRUE, TELNET skips the
|
||||
reading of the _._t_e_l_n_e_t_r_c file in the users home
|
||||
directory when connections are opened. The ini-
|
||||
tial value for this toggle is FALSE.
|
||||
|
||||
tteerrmmddaattaa Toggles the display of all terminal data (in
|
||||
hexadecimal format). The initial value for this
|
||||
toggle is FALSE.
|
||||
|
||||
vveerrbboossee__eennccrryypptt
|
||||
When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
|
||||
prints out a message each time encryption is en-
|
||||
abled or disabled. The initial value for this
|
||||
toggle is FALSE. Note: Because of export con-
|
||||
trols, data encryption is not supported outside
|
||||
of the United States and Canada.
|
||||
|
||||
?? Displays the legal ttooggggllee commands.
|
||||
|
||||
zz Suspend tteellnneett. This command only works when the user is us-
|
||||
ing the csh(1).
|
||||
|
||||
!! [_c_o_m_m_a_n_d]
|
||||
Execute a single command in a subshell on the local system.
|
||||
If ccoommmmaanndd is omitted, then an interactive subshell is in-
|
||||
voked.
|
||||
|
||||
?? [_c_o_m_m_a_n_d]
|
||||
Get help. With no arguments, tteellnneett prints a help summary.
|
||||
If a command is specified, tteellnneett will print the help informa-
|
||||
tion for just that command.
|
||||
|
||||
EENNVVIIRROONNMMEENNTT
|
||||
TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
|
||||
ables. Other environment variables may be propagated to the other side
|
||||
via the TELNET ENVIRON option.
|
||||
|
||||
FFIILLEESS
|
||||
~/.telnetrc user customized telnet startup values
|
||||
|
||||
HHIISSTTOORRYY
|
||||
The TTeellnneett command appeared in 4.2BSD.
|
||||
|
||||
NNOOTTEESS
|
||||
On some remote systems, echo has to be turned off manually when in ``old
|
||||
line by line'' mode.
|
||||
|
||||
In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
|
||||
only recognized (and sent to the remote system) when it is the first
|
||||
character on a line.
|
||||
|
||||
4.2 Berkeley Distribution June 1, 1994 11
|
|
@ -1,293 +0,0 @@
|
|||
TELNETD(8) NetBSD System Manager's Manual TELNETD(8)
|
||||
|
||||
NNAAMMEE
|
||||
tteellnneettdd - DARPA TELNET protocol server
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e]
|
||||
[--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [--yy] [_p_o_r_t]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
The tteellnneettdd command is a server which supports the DARPA standard TELNET
|
||||
virtual terminal protocol. TTeellnneettdd is normally invoked by the internet
|
||||
server (see inetd(8)) for requests to connect to the TELNET port as indi-
|
||||
cated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)). The --ddeebbuugg option may
|
||||
be used to start up tteellnneettdd manually, instead of through inetd(8). If
|
||||
started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alternate
|
||||
TCP port number.
|
||||
|
||||
The tteellnneettdd command accepts the following options:
|
||||
|
||||
--aa _a_u_t_h_m_o_d_e This option may be used for specifying what mode should be
|
||||
used for authentication. Note that this option is only use-
|
||||
ful if tteellnneettdd has been compiled with support for the
|
||||
AUTHENTICATION option. There are several valid values for
|
||||
_a_u_t_h_m_o_d_e:
|
||||
|
||||
debug Turns on authentication debugging code.
|
||||
|
||||
user Only allow connections when the remote user can pro-
|
||||
vide valid authentication information to identify the
|
||||
remote user, and is allowed access to the specified
|
||||
account without providing a password.
|
||||
|
||||
valid Only allow connections when the remote user can pro-
|
||||
vide valid authentication information to identify the
|
||||
remote user. The login(1) command will provide any
|
||||
additional user verification needed if the remote us-
|
||||
er is not allowed automatic access to the specified
|
||||
account.
|
||||
|
||||
other Only allow connections that supply some authentica-
|
||||
tion information. This option is currently not sup-
|
||||
ported by any of the existing authentication mecha-
|
||||
nisms, and is thus the same as specifying --aa vvaalliidd.
|
||||
|
||||
otp Only allow authenticated connections (as with --aa
|
||||
uusseerr) and also logins with one-time passwords (OTPs).
|
||||
This option will call login with an option so that
|
||||
only OTPs are accepted. The user can of course still
|
||||
type secret information at the prompt.
|
||||
|
||||
none This is the default state. Authentication informa-
|
||||
tion is not required. If no or insufficient authen-
|
||||
tication information is provided, then the login(1)
|
||||
program will provide the necessary user verification.
|
||||
|
||||
off This disables the authentication code. All user ver-
|
||||
ification will happen through the login(1) program.
|
||||
|
||||
--BB Ignored.
|
||||
|
||||
--DD _d_e_b_u_g_m_o_d_e
|
||||
This option may be used for debugging purposes. This allows
|
||||
tteellnneettdd to print out debugging information to the connec-
|
||||
tion, allowing the user to see what tteellnneettdd is doing. There
|
||||
are several possible values for _d_e_b_u_g_m_o_d_e:
|
||||
|
||||
ooppttiioonnss Prints information about the negotiation of TELNET
|
||||
options.
|
||||
|
||||
rreeppoorrtt Prints the ooppttiioonnss information, plus some addi-
|
||||
tional information about what processing is going
|
||||
on.
|
||||
|
||||
nneettddaattaa Displays the data stream received by tteellnneettdd.
|
||||
|
||||
ppttyyddaattaa Displays data written to the pty.
|
||||
|
||||
eexxeerrcciissee Has not been implemented yet.
|
||||
|
||||
--hh Disables the printing of host-specific information before
|
||||
login has been completed.
|
||||
|
||||
--kk
|
||||
|
||||
--ll Ignored.
|
||||
|
||||
--nn Disable TCP keep-alives. Normally tteellnneettdd enables the TCP
|
||||
keep-alive mechanism to probe connections that have been
|
||||
idle for some period of time to determine if the client is
|
||||
still there, so that idle connections from machines that
|
||||
have crashed or can no longer be reached may be cleaned up.
|
||||
|
||||
--rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
|
||||
This option is only enabled when tteellnneettdd is compiled for
|
||||
UNICOS. It specifies an inclusive range of pseudo-terminal
|
||||
devices to use. If the system has sysconf variable
|
||||
_SC_CRAY_NPTY configured, the default pty search range is 0
|
||||
to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
|
||||
Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
|
||||
either end of the search range. If _l_o_w_p_t_y is omitted, the -
|
||||
character is still required so that tteellnneettdd can differenti-
|
||||
ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
|
||||
|
||||
--SS _t_o_s
|
||||
|
||||
--uu _l_e_n This option is used to specify the size of the field in the
|
||||
utmp structure that holds the remote host name. If the re-
|
||||
solved host name is longer than _l_e_n, the dotted decimal val-
|
||||
ue will be used instead. This allows hosts with very long
|
||||
host names that overflow this field to still be uniquely
|
||||
identified. Specifying --uu00 indicates that only dotted deci-
|
||||
mal addresses should be put into the _u_t_m_p file.
|
||||
|
||||
--UU This option causes tteellnneettdd to refuse connections from ad-
|
||||
dresses that cannot be mapped back into a symbolic name via
|
||||
the gethostbyaddr(3) routine.
|
||||
|
||||
--XX _a_u_t_h_t_y_p_e This option is only valid if tteellnneettdd has been built with
|
||||
support for the authentication option. It disables the use
|
||||
of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
|
||||
disable a specific authentication type without having to re-
|
||||
compile tteellnneettdd.
|
||||
|
||||
--LL _p_a_t_h_n_a_m_e Specify pathname to an alternative login program.
|
||||
|
||||
--yy Makes tteellnneettdd not warn when a user is trying to login with a
|
||||
cleartext password.
|
||||
|
||||
TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for
|
||||
a client, then creating a login process which has the slave side of the
|
||||
pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the
|
||||
master side of the pseudo-terminal, implementing the TELNET protocol and
|
||||
passing characters between the remote client and the login process.
|
||||
|
||||
When a TELNET session is started up, tteellnneettdd sends TELNET options to the
|
||||
client side indicating a willingness to do the following TELNET options,
|
||||
which are described in more detail below:
|
||||
|
||||
DO AUTHENTICATION
|
||||
WILL ENCRYPT
|
||||
DO TERMINAL TYPE
|
||||
DO TSPEED
|
||||
DO XDISPLOC
|
||||
DO NEW-ENVIRON
|
||||
DO ENVIRON
|
||||
WILL SUPPRESS GO AHEAD
|
||||
DO ECHO
|
||||
DO LINEMODE
|
||||
DO NAWS
|
||||
WILL STATUS
|
||||
DO LFLOW
|
||||
DO TIMING-MARK
|
||||
|
||||
The pseudo-terminal allocated to the client is configured to operate in
|
||||
``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)).
|
||||
|
||||
TTeellnneettdd has support for enabling locally the following TELNET options:
|
||||
|
||||
WILL ECHO When the LINEMODE option is enabled, a WILL ECHO or
|
||||
WONT ECHO will be sent to the client to indicate the
|
||||
current state of terminal echoing. When terminal echo
|
||||
is not desired, a WILL ECHO is sent to indicate that
|
||||
telnetd will take care of echoing any data that needs
|
||||
to be echoed to the terminal, and then nothing is
|
||||
echoed. When terminal echo is desired, a WONT ECHO is
|
||||
sent to indicate that telnetd will not be doing any
|
||||
terminal echoing, so the client should do any terminal
|
||||
echoing that is needed.
|
||||
|
||||
WILL BINARY Indicates that the client is willing to send a 8 bits
|
||||
of data, rather than the normal 7 bits of the Network
|
||||
Virtual Terminal.
|
||||
|
||||
WILL SGA Indicates that it will not be sending IAC GA, go
|
||||
ahead, commands.
|
||||
|
||||
WILL STATUS Indicates a willingness to send the client, upon re-
|
||||
quest, of the current status of all TELNET options.
|
||||
|
||||
WILL TIMING-MARK Whenever a DO TIMING-MARK command is received, it is
|
||||
always responded to with a WILL TIMING-MARK
|
||||
|
||||
WILL LOGOUT When a DO LOGOUT is received, a WILL LOGOUT is sent in
|
||||
response, and the TELNET session is shut down.
|
||||
|
||||
WILL ENCRYPT Only sent if tteellnneettdd is compiled with support for data
|
||||
encryption, and indicates a willingness to decrypt the
|
||||
data stream.
|
||||
|
||||
TTeellnneettdd has support for enabling remotely the following TELNET options:
|
||||
|
||||
DO BINARY Sent to indicate that telnetd is willing to receive an
|
||||
8 bit data stream.
|
||||
|
||||
DO LFLOW Requests that the client handle flow control charac-
|
||||
ters remotely.
|
||||
|
||||
DO ECHO This is not really supported, but is sent to identify
|
||||
a 4.2BSD telnet(1) client, which will improperly re-
|
||||
spond with WILL ECHO. If a WILL ECHO is received, a
|
||||
DONT ECHO will be sent in response.
|
||||
|
||||
DO TERMINAL-TYPE Indicates a desire to be able to request the name of
|
||||
the type of terminal that is attached to the client
|
||||
side of the connection.
|
||||
|
||||
DO SGA Indicates that it does not need to receive IAC GA, the
|
||||
go ahead command.
|
||||
|
||||
DO NAWS Requests that the client inform the server when the
|
||||
window (display) size changes.
|
||||
|
||||
DO TERMINAL-SPEED Indicates a desire to be able to request information
|
||||
about the speed of the serial line to which the client
|
||||
is attached.
|
||||
|
||||
DO XDISPLOC Indicates a desire to be able to request the name of
|
||||
the X windows display that is associated with the tel-
|
||||
net client.
|
||||
|
||||
DO NEW-ENVIRON Indicates a desire to be able to request environment
|
||||
variable information, as described in RFC 1572.
|
||||
|
||||
DO ENVIRON Indicates a desire to be able to request environment
|
||||
variable information, as described in RFC 1408.
|
||||
|
||||
DO LINEMODE Only sent if tteellnneettdd is compiled with support for
|
||||
linemode, and requests that the client do line by line
|
||||
processing.
|
||||
|
||||
DO TIMING-MARK Only sent if tteellnneettdd is compiled with support for both
|
||||
linemode and kludge linemode, and the client responded
|
||||
with WONT LINEMODE. If the client responds with WILL
|
||||
TM, the it is assumed that the client supports kludge
|
||||
linemode. Note that the [--kk] option can be used to
|
||||
disable this.
|
||||
|
||||
DO AUTHENTICATION Only sent if tteellnneettdd is compiled with support for au-
|
||||
thentication, and indicates a willingness to receive
|
||||
authentication information for automatic login.
|
||||
|
||||
DO ENCRYPT Only sent if tteellnneettdd is compiled with support for data
|
||||
encryption, and indicates a willingness to decrypt the
|
||||
data stream.
|
||||
|
||||
FFIILLEESS
|
||||
/etc/services
|
||||
/etc/inittab (UNICOS systems only)
|
||||
/etc/iptos (if supported)
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
telnet(1), login(1)
|
||||
|
||||
SSTTAANNDDAARRDDSS
|
||||
RRFFCC--885544 TELNET PROTOCOL SPECIFICATION
|
||||
RRFFCC--885555 TELNET OPTION SPECIFICATIONS
|
||||
RRFFCC--885566 TELNET BINARY TRANSMISSION
|
||||
RRFFCC--885577 TELNET ECHO OPTION
|
||||
RRFFCC--885588 TELNET SUPPRESS GO AHEAD OPTION
|
||||
RRFFCC--885599 TELNET STATUS OPTION
|
||||
RRFFCC--886600 TELNET TIMING MARK OPTION
|
||||
RRFFCC--886611 TELNET EXTENDED OPTIONS - LIST OPTION
|
||||
RRFFCC--888855 TELNET END OF RECORD OPTION
|
||||
RRFFCC--11007733 Telnet Window Size Option
|
||||
RRFFCC--11007799 Telnet Terminal Speed Option
|
||||
RRFFCC--11009911 Telnet Terminal-Type Option
|
||||
RRFFCC--11009966 Telnet X Display Location Option
|
||||
RRFFCC--11112233 Requirements for Internet Hosts -- Application and Support
|
||||
RRFFCC--11118844 Telnet Linemode Option
|
||||
RRFFCC--11337722 Telnet Remote Flow Control Option
|
||||
RRFFCC--11441166 Telnet Authentication Option
|
||||
RRFFCC--11441111 Telnet Authentication: Kerberos Version 4
|
||||
RRFFCC--11441122 Telnet Authentication: SPX
|
||||
RRFFCC--11557711 Telnet Environment Option Interoperability Issues
|
||||
RRFFCC--11557722 Telnet Environment Option
|
||||
|
||||
BBUUGGSS
|
||||
Some TELNET commands are only partially implemented.
|
||||
|
||||
Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some
|
||||
dubious protocol exchanges to try to discover if the remote client is, in
|
||||
fact, a 4.2 BSD telnet(1).
|
||||
|
||||
Binary mode has no common interpretation except between similar operating
|
||||
systems (Unix in this case).
|
||||
|
||||
The terminal type name received from the remote client is converted to
|
||||
lower case.
|
||||
|
||||
TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
|
||||
|
||||
4.2 Berkeley Distribution June 1, 1994 5
|
|
@ -1,121 +0,0 @@
|
|||
KADMIN(8) NetBSD System Manager's Manual KADMIN(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkaaddmmiinn - Kerberos administration utility
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
|
||||
_f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
|
||||
----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
|
||||
----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
|
||||
[_c_o_m_m_a_n_d]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
The kkaaddmmiinn program is used to make modification to the Kerberos database,
|
||||
either remotely via the kadmind(8) daemon, or locally (with the --ll op-
|
||||
tion).
|
||||
|
||||
Supported options:
|
||||
|
||||
--pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
|
||||
principal to authenticate as
|
||||
|
||||
--KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
|
||||
keytab for authentication pricipal
|
||||
|
||||
--cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
|
||||
location of config file
|
||||
|
||||
--kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
|
||||
location of master key file
|
||||
|
||||
--rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
|
||||
realm to use
|
||||
|
||||
--aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
|
||||
server to contact
|
||||
|
||||
--ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
|
||||
port to use
|
||||
|
||||
--ll, ----llooccaall
|
||||
local admin mode
|
||||
|
||||
If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
|
||||
mands to process. Commands include:
|
||||
|
||||
aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
|
||||
----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
|
||||
[----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
|
||||
[----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.
|
||||
|
||||
creates a new principal
|
||||
|
||||
ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
|
||||
----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
|
||||
|
||||
changes the password of an existing principal
|
||||
|
||||
ddeelleettee _p_r_i_n_c_i_p_a_l_._._.
|
||||
|
||||
removes a principal
|
||||
|
||||
ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.
|
||||
|
||||
removes some enctypes from a principal, this can be useful
|
||||
the service belonging to the principal is known to not handle
|
||||
certain enctypes
|
||||
|
||||
eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.
|
||||
|
||||
creates a keytab with the keys of the specified principals
|
||||
|
||||
ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.
|
||||
|
||||
lists the principals that match the expressions (which are
|
||||
shell glob like), long format gives more information, and
|
||||
terse just prints the names
|
||||
|
||||
rreennaammee _f_r_o_m _t_o
|
||||
|
||||
renames a principal
|
||||
|
||||
mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
|
||||
[----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
|
||||
[----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
|
||||
[----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l
|
||||
|
||||
modifies certain attributes of a principal
|
||||
|
||||
pprriivviilleeggeess
|
||||
|
||||
lists the operations you are allowd to perform
|
||||
|
||||
When running in local mode, the following commands can also be used.
|
||||
|
||||
dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]
|
||||
|
||||
writes the database in ``human readable'' form to the speci-
|
||||
fied file, or standard out
|
||||
|
||||
iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
|
||||
[----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m
|
||||
|
||||
initialises the Kerberos database with entries for a new
|
||||
realm, it's possible to have more than one realm served by
|
||||
one server
|
||||
|
||||
llooaadd _f_i_l_e
|
||||
|
||||
reads a previously dumped database, and re-creates that
|
||||
database from scratch
|
||||
|
||||
mmeerrggee _f_i_l_e
|
||||
|
||||
similar to lliisstt but just modifies the database with the en-
|
||||
tries in the dump file
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kadmind(8), kdc(8)
|
||||
|
||||
HEIMDAL September 10, 2000 2
|
|
@ -1,93 +0,0 @@
|
|||
KADMIND(8) NetBSD System Manager's Manual KADMIND(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkaaddmmiinndd - server for administrative access to kerberos database
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
|
||||
[----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t |
|
||||
----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkaaddmmiinndd listens for requests for changes to the Kerberos database and
|
||||
performs these, subject to permissions. When starting, if stdin is a
|
||||
socket it assumes that it has been started by inetd(8), otherwise it be-
|
||||
haves as a daemon, forking processes for each new connection. The ----ddeebbuugg
|
||||
option causes kkaaddmmiinndd to accept exactly one connection, which is useful
|
||||
for debugging.
|
||||
|
||||
If built with krb4 support, it implements both the Heimdal Kerberos 5 ad-
|
||||
ministrative protocol and the Kerberos 4 protocol. Password changes via
|
||||
the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the
|
||||
kpasswdd(8) daemon is responsible for the Kerberos 5 password changing
|
||||
protocol (used by kpasswd(1))
|
||||
|
||||
This daemon should only be run on ther master server, and not on any
|
||||
slaves.
|
||||
|
||||
Principals are always allowed to change their own password and list their
|
||||
own principal. Apart from that, doing any operation requires permission
|
||||
explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
|
||||
this file is:
|
||||
|
||||
_p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
|
||||
|
||||
Where rights is any (comma separated) combination of:
|
||||
++oo change-password or cpw
|
||||
++oo list
|
||||
++oo delete
|
||||
++oo modify
|
||||
++oo add
|
||||
++oo get
|
||||
++oo all
|
||||
|
||||
And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
|
||||
principals that match the glob-style pattern.
|
||||
|
||||
Supported options:
|
||||
|
||||
--cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
|
||||
location of config file
|
||||
|
||||
--kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
|
||||
location of master key file
|
||||
|
||||
----kkeeyyttaabb==_k_e_y_t_a_b
|
||||
what keytab to use
|
||||
|
||||
--rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
|
||||
realm to use
|
||||
|
||||
--dd, ----ddeebbuugg
|
||||
enable debugging
|
||||
|
||||
--pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
|
||||
ports to listen to. By default, if run as a daemon, it listen to
|
||||
ports 749, and 751 (if Kerberos 4 support is built and enabled),
|
||||
but you can add any number of ports with this option. The port
|
||||
string is a whitespace separated list of port specifications,
|
||||
with the special string ``+'' representing the default set of
|
||||
ports.
|
||||
|
||||
----nnoo--kkeerrbbeerrooss44
|
||||
make kkaaddmmiinndd ignore Kerberos 4 kadmin requests.
|
||||
|
||||
FFIILLEESS
|
||||
_/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
|
||||
piled in defaults:
|
||||
|
||||
kkaaddmmiinndd----ppoorrttss="+ 4711" &
|
||||
|
||||
This acl file will grant Joe all rights, and allow Mallory to view and
|
||||
add host principals.
|
||||
|
||||
joe/admin@EXAMPLE.COM all
|
||||
mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
|
||||
|
||||
HEIMDAL March 5, 2002 2
|
|
@ -1,98 +0,0 @@
|
|||
HPROP(8) NetBSD System Manager's Manual HPROP(8)
|
||||
|
||||
NNAAMMEE
|
||||
hhpprroopp - propagate the KDC database
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
|
||||
[----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r] [--rr _s_t_r_i_n_g |
|
||||
----vv44--rreeaallmm==_s_t_r_i_n_g] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--kk _k_e_y_t_a_b
|
||||
| ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g | ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE |
|
||||
----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp]
|
||||
[_h_o_s_t[:_p_o_r_t]] _._._.
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
hhpprroopp takes a principal database in a specified format and converts it
|
||||
into a stream of Heimdal database records. This stream can either be
|
||||
written to standard out, or (more commonly) be propagated to a hpropd(8)
|
||||
server running on a different machine.
|
||||
|
||||
If propagating, it connects to all _h_o_s_t_s specified on the command by
|
||||
opening a TCP connection to port 754 (service hprop) and sends the
|
||||
database in encrypted form.
|
||||
|
||||
Supported options:
|
||||
|
||||
--mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
|
||||
Where to find the master key to encrypt or decrypt keys with.
|
||||
|
||||
--dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
|
||||
The database to be propagated.
|
||||
|
||||
----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r
|
||||
Specifies the type of the source database. Alternatives include:
|
||||
|
||||
heimdal a Heimdal database
|
||||
mit-dump a MIT Kerberos 5 dump file
|
||||
krb4-db a Kerberos 4 database
|
||||
krb4-dump a Kerberos 4 dump file
|
||||
kaserver an AFS kaserver database
|
||||
|
||||
--kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
|
||||
The keytab to use for fetching the key to be used for authenti-
|
||||
cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
|
||||
from this keytab. The default is to fetch the key from the KDC
|
||||
database.
|
||||
|
||||
--RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
|
||||
Local realm override.
|
||||
|
||||
--DD, ----ddeeccrryypptt
|
||||
The encryption keys in the database can either be in clear, or
|
||||
encrypted with a master key. This option transmits the database
|
||||
with unencrypted keys.
|
||||
|
||||
--EE, ----eennccrryypptt
|
||||
This option transmits the database with encrypted keys.
|
||||
|
||||
--nn, ----ssttddoouutt
|
||||
Dump the database on stdout, in a format that can be fed to
|
||||
hpropd.
|
||||
|
||||
The following options are only valid if hhpprroopp is compiled with support
|
||||
for Kerberos 4 (kaserver).
|
||||
|
||||
--rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
|
||||
v4 realm to use
|
||||
|
||||
--cc _c_e_l_l, ----cceellll==_c_e_l_l
|
||||
The AFS cell name, used if reading a kaserver database.
|
||||
|
||||
--SS, ----kkaassppeecciiaallss
|
||||
Also dump the principals marked as special in the kaserver
|
||||
database.
|
||||
|
||||
--44, ----vv44--ddbb
|
||||
Deprecated, identical to `--source=krb4-db'.
|
||||
|
||||
--KK, ----kkaa--ddbb
|
||||
Deprecated, identical to `--source=kaserver'.
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
The following will propagate a database to another machine (which should
|
||||
run hpropd(8):)
|
||||
|
||||
$ hprop slave-1 slave-2
|
||||
|
||||
Copy a Kerberos 4 database to a Kerberos 5 slave:
|
||||
|
||||
$ hprop --source=krb4-db -E krb5-slave
|
||||
|
||||
Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
|
||||
|
||||
$ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
hpropd(8)
|
||||
|
||||
HEIMDAL June 19, 2000 2
|
|
@ -1,42 +0,0 @@
|
|||
HPROPD(8) NetBSD System Manager's Manual HPROPD(8)
|
||||
|
||||
NNAAMMEE
|
||||
hhpprrooppdd - receive a propagated database
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
|
||||
----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local
|
||||
database.
|
||||
|
||||
By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
|
||||
and expects to receive the dumped database over stdin otherwise. If the
|
||||
database is sent over the network, it is authenticated and encrypted.
|
||||
Only connections from kkaaddmmiinn/hhpprroopp are accepted.
|
||||
|
||||
Options supported:
|
||||
|
||||
--dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
|
||||
database
|
||||
|
||||
--nn, ----ssttddiinn
|
||||
read from stdin
|
||||
|
||||
----pprriinntt
|
||||
print dump to stdout
|
||||
|
||||
--ii, ----nnoo--iinneettdd
|
||||
Not started from inetd
|
||||
|
||||
--kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
|
||||
keytab to use for authentication
|
||||
|
||||
--44, ----vv44dduummpp
|
||||
create v4 type DB
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
hprop(8)
|
||||
|
||||
HEIMDAL August 27, 1997 1
|
|
@ -1,126 +0,0 @@
|
|||
KDC(8) NetBSD System Manager's Manual KDC(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkddcc - Kerberos 5 server
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
|
||||
[----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
|
||||
[--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
|
||||
----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkddcc serves requests for tickets. When it starts, it first checks the
|
||||
flags passed, any options that are not specified with a command line flag
|
||||
is taken from a config file, or from a default compiled-in value.
|
||||
|
||||
Options supported:
|
||||
|
||||
--cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
|
||||
Specifies the location of the config file, the default is
|
||||
_/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be
|
||||
specified in the config file.
|
||||
|
||||
--pp, ----nnoo--rreeqquuiirree--pprreeaauutthh
|
||||
Turn off the requirement for pre-autentication in the initial AS-
|
||||
REQ for all principals. The use of pre-authentication makes it
|
||||
more difficult to do offline password attacks. You might want to
|
||||
turn it off if you have clients that doesn't do pre-authentica-
|
||||
tion. Since the version 4 protocol doesn't support any pre-au-
|
||||
thentication, so serving version 4 clients is just about the same
|
||||
as not requiring pre-athentication. The default is to require
|
||||
pre-authentication. Adding the require-preauth per principal is a
|
||||
more flexible way of handling this.
|
||||
|
||||
----mmaaxx--rreeqquueesstt==_s_i_z_e
|
||||
Gives an upper limit on the size of the requests that the kdc is
|
||||
willing to handle.
|
||||
|
||||
--HH, ----eennaabbllee--hhttttpp
|
||||
Makes the kdc listen on port 80 and handle requests encapsulated
|
||||
in HTTP.
|
||||
|
||||
--KK, ----nnoo--kkaasseerrvveerr
|
||||
Disables kaserver emulation (in case it's compiled in).
|
||||
|
||||
--rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m
|
||||
What realm this server should act as when dealing with version 4
|
||||
requests. The database can contain any number of realms, but
|
||||
since the version 4 protocol doesn't contain a realm for the
|
||||
server, it must be explicitly specified. The default is whatever
|
||||
is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if
|
||||
the KDC has been compiled with version 4 support.
|
||||
|
||||
--PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
|
||||
Specifies the set of ports the KDC should listen on. It is given
|
||||
as a white-space separated list of services or port numbers.
|
||||
|
||||
----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
|
||||
The list of addresses to listen for requests on. By default, the
|
||||
kdc will listen on all the locally configured addresses. If only
|
||||
a subset is desired, or the automatic detection fails, this op-
|
||||
tion might be used.
|
||||
|
||||
All activities , are logged to one or more destinations, see
|
||||
krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc.
|
||||
|
||||
CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
|
||||
The configuration file has the same syntax as krb5.conf(5), but will be
|
||||
read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op-
|
||||
tions specific to the KDC only are found in the ``[kdc]'' section. All
|
||||
the command-line options can preferably be added in the configuration
|
||||
file. The only difference is the pre-authentication flag, that has to be
|
||||
specified as:
|
||||
|
||||
require-preauth = no
|
||||
|
||||
(in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
|
||||
|
||||
And there are some configuration options which do not have command-line
|
||||
equivalents:
|
||||
|
||||
check-ticket-addresses = _b_o_o_l_e_a_n
|
||||
Check the addresses in the ticket when processing TGS re-
|
||||
quests. The default is FALSE.
|
||||
|
||||
allow-null-ticket-addresses = _b_o_o_l_e_a_n
|
||||
Permit tickets with no addresses. This option is only rele-
|
||||
vant when check-ticket-addresses is TRUE.
|
||||
|
||||
allow-anonymous = _b_o_o_l_e_a_n
|
||||
Permit anonymous tickets with no addresses.
|
||||
|
||||
encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
|
||||
Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
|
||||
code. The Heimdal clients allow both.
|
||||
|
||||
kdc_warn_pwexpire = _t_i_m_e
|
||||
How long before password/principal expiration the KDC should
|
||||
start sending out warning messages.
|
||||
|
||||
An example of a config file:
|
||||
|
||||
[kdc]
|
||||
require-preauth = no
|
||||
v4-realm = FOO.SE
|
||||
key-file = /key-file
|
||||
|
||||
BBUUGGSS
|
||||
If the machine running the KDC has new addresses added to it, the KDC
|
||||
will have to be restarted to listen to them. The reason it doesn't just
|
||||
listen to wildcarded (like INADDR_ANY) addresses, is that the replies has
|
||||
to come from the same address they were sent to, and most OS:es doesn't
|
||||
pass this information to the application. If your normal mode of opera-
|
||||
tion require that you add and remove addresses, the best option is proba-
|
||||
bly to listen to a wildcarded TCP socket, and make sure your clients use
|
||||
TCP to connect. For instance, this will listen to IPv4 TCP port 88 only:
|
||||
|
||||
kdc --addresses=0.0.0.0 --ports="88/tcp"
|
||||
|
||||
There should be a way to specify protocol, port, and address triplets,
|
||||
not just addresses and protocol, port tuples.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kinit(1), krb5.conf(5)
|
||||
|
||||
HEIMDAL August 22, 2002 2
|
|
@ -1,33 +0,0 @@
|
|||
KSTASH(8) NetBSD System Manager's Manual KSTASH(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkssttaasshh - store the KDC master password in a file
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
|
||||
[----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkssttaasshh reads the Kerberos master key and stores it in a file that will be
|
||||
used by the KDC.
|
||||
|
||||
Supported options:
|
||||
|
||||
--ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
|
||||
the encryption type to use, defaults to DES3-CBC-SHA1
|
||||
|
||||
--kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
|
||||
the name of the master key file
|
||||
|
||||
----ccoonnvveerrtt--ffiillee
|
||||
don't ask for a new master key, just read an old master key file,
|
||||
and write it back in the new keyfile format
|
||||
|
||||
----mmaasstteerr--kkeeyy--ffdd==_f_d
|
||||
filedescriptor to read passphrase from, if not specified the
|
||||
passphrase will be read from the terminal
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kdc(8)
|
||||
|
||||
HEIMDAL September 1, 2000 1
|
|
@ -1,41 +0,0 @@
|
|||
STRING2KEY(8) NetBSD System Manager's Manual STRING2KEY(8)
|
||||
|
||||
NNAAMMEE
|
||||
ssttrriinngg22kkeeyy - map a password into a key
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
|
||||
----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
|
||||
----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you
|
||||
want to handle the raw key instead of the password. Supported options:
|
||||
|
||||
--55, ----vveerrssiioonn55
|
||||
Output Kerberos v5 string-to-key
|
||||
|
||||
--44, ----vveerrssiioonn44
|
||||
Output Kerberos v4 string-to-key
|
||||
|
||||
--aa, ----aaffss
|
||||
Output AFS string-to-key
|
||||
|
||||
--cc _c_e_l_l, ----cceellll==_c_e_l_l
|
||||
AFS cell to use
|
||||
|
||||
--ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
|
||||
Password to use
|
||||
|
||||
--pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
|
||||
Kerberos v5 principal to use
|
||||
|
||||
--kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
|
||||
Keytype
|
||||
|
||||
----vveerrssiioonn
|
||||
print version
|
||||
|
||||
----hheellpp
|
||||
|
||||
HEIMDAL March 4, 2000 1
|
|
@ -1,19 +0,0 @@
|
|||
KPASSWD(1) NetBSD Reference Manual KPASSWD(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkppaasssswwdd - Kerberos 5 password changing program
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkppaasssswwdd [_p_r_i_n_c_i_p_a_l]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkppaasssswwdd is the client for changing passwords.
|
||||
|
||||
DDIIAAGGNNOOSSTTIICCSS
|
||||
If the password quality check fails or some other error occurs, an expla-
|
||||
nation is printed.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kpasswdd(8)
|
||||
|
||||
HEIMDAL August 27, 1997 1
|
|
@ -1,53 +0,0 @@
|
|||
KPASSWDD(8) NetBSD System Manager's Manual KPASSWDD(8)
|
||||
|
||||
NNAAMMEE
|
||||
kkppaasssswwdddd - Kerberos 5 password changing server
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkppaasssswwdddd [----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y] [----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n] [--kk _k_s_p_e_c
|
||||
| ----kkeeyyttaabb==_k_s_p_e_c] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--pp _s_t_r_i_n_g | ----ppoorrtt==_s_t_r_i_n_g]
|
||||
[----vveerrssiioonn] [----hheellpp]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkppaasssswwdddd serves request for password changes. It listens on UDP port 464
|
||||
(service kpasswd) and processes requests when they arrive. It changes the
|
||||
database directly and should thus only run on the master KDC.
|
||||
|
||||
Supported options:
|
||||
|
||||
----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y
|
||||
If your system has support for dynamic loading of shared li-
|
||||
braries, you can use an external function to check password qual-
|
||||
ity. This option specifies which library to load.
|
||||
|
||||
----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n
|
||||
This is the function to call in the loaded library. The function
|
||||
should look like this:
|
||||
|
||||
_c_o_n_s_t _c_h_a_r _* ppaasssswwdd__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l
|
||||
_p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d)
|
||||
|
||||
_c_o_n_t_e_x_t is an initialized context; _p_r_i_n_c_i_p_a_l is the one who tries
|
||||
to change passwords, and _p_a_s_s_w_o_r_d is the new password. Note that
|
||||
the password (in _p_a_s_s_w_o_r_d_-_>_d_a_t_a) is not zero terminated.
|
||||
|
||||
--kk _k_s_p_e_c, ----kkeeyyttaabb==_k_s_p_e_c
|
||||
keytab to get authentication key from
|
||||
|
||||
--rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
|
||||
default realm
|
||||
|
||||
--pp _s_t_r_i_n_g, ----ppoorrtt==_s_t_r_i_n_g
|
||||
port to listen on (default service kpasswd - 464).
|
||||
|
||||
DDIIAAGGNNOOSSTTIICCSS
|
||||
If an error occurs, the error message is returned to the user and/or
|
||||
logged to syslog.
|
||||
|
||||
BBUUGGSS
|
||||
The default password quality checks are too basic.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kpasswd(1), kdc(8)
|
||||
|
||||
HEIMDAL April 19, 1999 1
|
|
@ -1,29 +0,0 @@
|
|||
KDESTROY(1) NetBSD Reference Manual KDESTROY(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkddeessttrrooyy - destroy the current ticket file
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkddeessttrrooyy [--cc _c_a_c_h_e_f_i_l_e] [----ccaacchhee==_c_a_c_h_e_f_i_l_e] [----nnoo--uunnlloogg] [----nnoo--ddeelleettee--vv44]
|
||||
[----vveerrssiioonn] [----hheellpp]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkddeessttrrooyy remove the current set of tickets.
|
||||
|
||||
Supported options:
|
||||
|
||||
--cc _c_a_c_h_e_f_i_l_e
|
||||
|
||||
--ccaacchhee==_c_a_c_h_e_f_i_l_e
|
||||
The cache file to remove.
|
||||
|
||||
----nnoo--uunnlloogg
|
||||
Do not remove AFS tokens.
|
||||
|
||||
----nnoo--ddeelleettee--vv44
|
||||
Do not remove v4 tickets.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kinit(1), klist(1)
|
||||
|
||||
HEIMDAL August 27, 1997 1
|
|
@ -1,26 +0,0 @@
|
|||
KGETCRED(1) NetBSD Reference Manual KGETCRED(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkggeettccrreedd - get a ticket for a particular service
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkggeettccrreedd [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [----vveerrssiioonn] [----hheellpp] _s_e_r_v_i_c_e
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkggeettccrreedd obtains a ticket for a service. Usually tickets for services
|
||||
are obtained automatically when needed but sometimes for some odd reason
|
||||
you want to obtain a particular ticket or of a special type.
|
||||
|
||||
Supported options:
|
||||
|
||||
--ee _e_n_c_t_y_p_e, ----eennccttyyppee==_e_n_c_t_y_p_e
|
||||
encryption type to use
|
||||
|
||||
----vveerrssiioonn
|
||||
|
||||
----hheellpp
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kinit(1), klist(1)
|
||||
|
||||
HEIMDAL May 14, 1999 1
|
|
@ -1,127 +0,0 @@
|
|||
KINIT(1) NetBSD Reference Manual KINIT(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkiinniitt kkaauutthh - acquire initial tickets
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkiinniitt [--44 | ----552244iinniitt] [--99 | ----552244ccoonnvveerrtt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e |
|
||||
----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e |
|
||||
----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e | ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee]
|
||||
[--RR | ----rreenneeww] [----rreenneewwaabbllee] [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS
|
||||
_p_r_i_n_c_i_p_a_l | ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk |
|
||||
----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e_s | ----eennccttyyppeess==_e_n_c_t_y_p_e_s]
|
||||
[--aa _a_d_d_r_e_s_s_e_s | ----eexxttrraa--aaddddrreesssseess==_a_d_d_r_e_s_s_e_s]
|
||||
[----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss]
|
||||
[----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if
|
||||
none is given, a system generated default (typically your login name at
|
||||
the default realm), and acquire a ticket granting ticket that can later
|
||||
be used to obtain tickets for other services.
|
||||
|
||||
If you have compiled kkiinniitt with Kerberos 4 support and you have a Ker-
|
||||
beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets.
|
||||
|
||||
Supported options:
|
||||
|
||||
--cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e
|
||||
The credentials cache to put the acquired ticket in, if other
|
||||
than default.
|
||||
|
||||
--ff, ----ffoorrwwaarrddaabbllee
|
||||
Get ticket that can be forwarded to another host.
|
||||
|
||||
--tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e
|
||||
Don't ask for a password, but instead get the key from the speci-
|
||||
fied keytab.
|
||||
|
||||
--ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e
|
||||
Specifies the lifetime of the ticket. The argument can either be
|
||||
in seconds, or a more human readable string like `1h'.
|
||||
|
||||
--pp, ----pprrooxxiiaabbllee
|
||||
Request tickets with the proxiable flag set.
|
||||
|
||||
--RR, ----rreenneeww
|
||||
Try to renew ticket. The ticket must have the `renewable' flag
|
||||
set, and must not be expired.
|
||||
|
||||
----rreenneewwaabbllee
|
||||
The same as ----rreenneewwaabbllee--lliiffee, with an infinite time.
|
||||
|
||||
--rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e
|
||||
The max renewable ticket life.
|
||||
|
||||
--SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l
|
||||
Get a ticket for a service other than krbtgt/LOCAL.REALM.
|
||||
|
||||
--ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e
|
||||
Obtain a ticket that starts to be valid _t_i_m_e (which can really be
|
||||
a generic time specification, like `1h') seconds into the future.
|
||||
|
||||
--kk, ----uussee--kkeeyyttaabb
|
||||
The same as ----kkeeyyttaabb, but with the default keytab name (normally
|
||||
_F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b).
|
||||
|
||||
--vv, ----vvaalliiddaattee
|
||||
Try to validate an invalid ticket.
|
||||
|
||||
--ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s
|
||||
Request tickets with this particular enctype.
|
||||
|
||||
----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n
|
||||
Create a credentials cache of version vveerrssiioonn.
|
||||
|
||||
--aa, ----eexxttrraa--aaddddrreesssseess==_e_n_c_t_y_p_e_s
|
||||
Adds a set of addresses that will, in addition to the systems lo-
|
||||
cal addresses, be put in the ticket. This can be useful if all
|
||||
addresses a client can use can't be automatically figured out.
|
||||
One such example is if the client is behind a firewall. Also set-
|
||||
table via libdefaults/extra_addresses in krb5.conf(5).
|
||||
|
||||
----nnoo--aaddddrreesssseess
|
||||
Request a ticket with no addresses.
|
||||
|
||||
----aannoonnyymmoouuss
|
||||
Request an anonymous ticket (which means that the ticket will be
|
||||
issued to an anonymous principal, typically ``anonymous@REALM'').
|
||||
|
||||
The following options are only available if kkiinniitt has been compiled with
|
||||
support for Kerberos 4.
|
||||
|
||||
--44, ----552244iinniitt
|
||||
Try to convert the obtained Kerberos 5 krbtgt to a version 4 com-
|
||||
patible ticket. It will store this ticket in the default Kerberos
|
||||
4 ticket file.
|
||||
|
||||
--99, ----552244ccoonnvveerrtt
|
||||
only convert ticket to version 4
|
||||
|
||||
----aaffsslloogg
|
||||
Gets AFS tickets, converts them to version 4 format, and stores
|
||||
them in the kernel. Only useful if you have AFS.
|
||||
|
||||
The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can
|
||||
be set to a default value from the appdefaults section in krb5.conf, see
|
||||
krb5_appdefault(3).
|
||||
|
||||
If a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS
|
||||
PAG, and then run the given command. When it finishes the credentials
|
||||
will be removed.
|
||||
|
||||
EENNVVIIRROONNMMEENNTT
|
||||
KRB5CCNAME
|
||||
Specifies the default credentials cache.
|
||||
|
||||
KRB5_CONFIG
|
||||
The file name of _k_r_b_5_._c_o_n_f , the default being _/_e_t_c_/_k_r_b_5_._c_o_n_f.
|
||||
|
||||
KRBTKFILE
|
||||
Specifies the Kerberos 4 ticket file to store version 4 tickets
|
||||
in.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5)
|
||||
|
||||
HEIMDAL May 29, 1998 2
|
|
@ -1,87 +0,0 @@
|
|||
KLIST(1) NetBSD Reference Manual KLIST(1)
|
||||
|
||||
NNAAMMEE
|
||||
kklliisstt - list Kerberos credentials
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kklliisstt [--cc _c_a_c_h_e | ----ccaacchhee==_c_a_c_h_e] [--ss | --tt | ----tteesstt] [--44 | ----vv44] [--TT |
|
||||
----ttookkeennss] [--55 | ----vv55] [--vv | ----vveerrbboossee] [--ff] [----vveerrssiioonn] [----hheellpp]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kklliisstt reads and displays the current tickets in the crential cache (also
|
||||
known as the ticket file).
|
||||
|
||||
Options supported:
|
||||
|
||||
--cc _c_a_c_h_e, ----ccaacchhee==_c_a_c_h_e
|
||||
credentials cache to list
|
||||
|
||||
--ss, --tt, ----tteesstt
|
||||
Test for there being an active and valid TGT for the local realm
|
||||
of the user in the credential cache.
|
||||
|
||||
--44, ----vv44
|
||||
display v4 tickets
|
||||
|
||||
--TT, ----ttookkeennss
|
||||
display AFS tokens
|
||||
|
||||
--55, ----vv55
|
||||
display v5 cred cache (this is the default)
|
||||
|
||||
--ff Include ticket flags in short form, each charcted stands for a
|
||||
specific flag, as follows:
|
||||
F forwardable
|
||||
f forwarded
|
||||
P proxiable
|
||||
p proxied
|
||||
D postdate-able
|
||||
d postdated
|
||||
R renewable
|
||||
I initial
|
||||
i invalid
|
||||
A pre-authenticated
|
||||
H hardware authenticated
|
||||
|
||||
This information is also output with the ----vveerrbboossee option, but in
|
||||
a more verbose way.
|
||||
|
||||
--vv, ----vveerrbboossee
|
||||
Verbose output. Include all possible information:
|
||||
|
||||
Server
|
||||
the princial the ticket is for
|
||||
|
||||
Ticket etype
|
||||
the encryption type use in the ticket, followed by
|
||||
the key version of the ticket, if it is available
|
||||
|
||||
Session key
|
||||
the encryption type of the session key, if it's dif-
|
||||
ferent from the encryption type of the ticket
|
||||
|
||||
Auth time
|
||||
the time the authentication exchange took place
|
||||
|
||||
Start time
|
||||
the time that this tickets is valid from (only print-
|
||||
ed if it's different from the auth time)
|
||||
|
||||
End time
|
||||
when the ticket expires, if it has already expired
|
||||
this is also noted
|
||||
|
||||
Renew till
|
||||
the maximum possible end time of any ticket derived
|
||||
from this one
|
||||
|
||||
Ticket flags
|
||||
the flags set on the ticket
|
||||
|
||||
Addresses
|
||||
the set of addresses from which this ticket is valid
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
kdestroy(1), kinit(1)
|
||||
|
||||
HEIMDAL July 8, 2000 2
|
|
@ -31,7 +31,7 @@
|
|||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: hdb_locl.h,v 1.18 2002/09/10 20:03:48 joda Exp $ */
|
||||
/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef __HDB_LOCL_H__
|
||||
|
@ -55,6 +55,9 @@
|
|||
#ifdef HAVE_SYS_FILE_H
|
||||
#include <sys/file.h>
|
||||
#endif
|
||||
#ifdef HAVE_LIMITS_H
|
||||
#include <limits.h>
|
||||
#endif
|
||||
#include <roken.h>
|
||||
|
||||
#include "crypto-headers.h"
|
||||
|
|
|
@ -1,97 +0,0 @@
|
|||
KAFS(3) NetBSD Programmer's Manual KAFS(3)
|
||||
|
||||
NNAAMMEE
|
||||
kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg,
|
||||
kkrrbb__aaffsslloogg__uuiidd - AFS library
|
||||
|
||||
LLIIBBRRAARRYY
|
||||
AFS cache manager access library (libkafs, -lkafs)
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
##iinncclluuddee <<kkaaffss..hh>>
|
||||
|
||||
_i_n_t
|
||||
kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n);
|
||||
|
||||
_i_n_t
|
||||
kk__hhaassaaffss();
|
||||
|
||||
_i_n_t
|
||||
kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P,
|
||||
_i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s);
|
||||
|
||||
_i_n_t
|
||||
kk__sseettppaagg();
|
||||
|
||||
_i_n_t
|
||||
kk__uunnlloogg();
|
||||
|
||||
_i_n_t
|
||||
kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m);
|
||||
|
||||
_i_n_t
|
||||
kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d);
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kk__hhaassaaffss() initializes some library internal structures, and tests for
|
||||
the presence of AFS in the kernel, none of the other functions should be
|
||||
called before kk__hhaassaaffss() is called, or if it fails.
|
||||
|
||||
kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick-
|
||||
ets) for the specified _c_e_l_l and _r_e_a_l_m. If _c_e_l_l is NULL, the local cell
|
||||
is used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use.
|
||||
Unless you have some good knowledge of what cell or realm to use, you
|
||||
should pass NULL. kkrrbb__aaffsslloogg() will use the real user-id for the ViceId
|
||||
field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d.
|
||||
|
||||
kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no
|
||||
more than _l_e_n characters is put in _c_e_l_l.
|
||||
|
||||
kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This
|
||||
function is equivalent to llppiiooccttll().
|
||||
|
||||
kk__sseettppaagg() initializes a new PAG.
|
||||
|
||||
kk__uunnlloogg() removes destroys all tokens in the current PAG.
|
||||
|
||||
RREETTUURRNN VVAALLUUEESS
|
||||
kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise.
|
||||
kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er-
|
||||
ror number on failure. kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and
|
||||
kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc-
|
||||
cess.
|
||||
|
||||
EENNVVIIRROONNMMEENNTT
|
||||
The following environment variable affect the mode of operation of kkaaffss:
|
||||
|
||||
AFS_SYSCALL Normally, kkaaffss will try to figure out the correct system
|
||||
call(s) that are used by AFS by itself. If it does not man-
|
||||
age to do that, or does it incorrectly, you can set this
|
||||
variable to the system call number or list of system call
|
||||
numbers that should be used.
|
||||
|
||||
EEXXAAMMPPLLEESS
|
||||
The following code from llooggiinn will obtain a new PAG and tokens for the
|
||||
local cell and the cell of the users home directory.
|
||||
|
||||
if (k_hasafs()) {
|
||||
char cell[64];
|
||||
k_setpag();
|
||||
if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
|
||||
krb_afslog(cell, NULL);
|
||||
krb_afslog(NULL, NULL);
|
||||
}
|
||||
|
||||
EERRRROORRSS
|
||||
If any of these functions (apart from kk__hhaassaaffss()) is called without AFS
|
||||
beeing present in the kernel, the process will usually (depending on the
|
||||
operating system) receive a SIGSYS signal.
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3
|
||||
_P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991.
|
||||
|
||||
BBUUGGSS
|
||||
AFS_SYSCALL has no effect under AIX.
|
||||
|
||||
KTH-KRB May 7, 1997 2
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
|
@ -32,7 +32,7 @@
|
|||
*/
|
||||
|
||||
#include "krb5_locl.h"
|
||||
RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $");
|
||||
RCSID("$Id: crypto.c,v 1.73.2.4 2004/03/06 16:38:00 lha Exp $");
|
||||
/* RCSID("$FreeBSD$"); */
|
||||
|
||||
#undef CRYPTO_DEBUG
|
||||
|
@ -140,14 +140,15 @@ static krb5_error_code derive_key(krb5_context context,
|
|||
struct key_data *key,
|
||||
const void *constant,
|
||||
size_t len);
|
||||
static void hmac(krb5_context context,
|
||||
struct checksum_type *cm,
|
||||
const void *data,
|
||||
size_t len,
|
||||
unsigned usage,
|
||||
struct key_data *keyblock,
|
||||
Checksum *result);
|
||||
static krb5_error_code hmac(krb5_context context,
|
||||
struct checksum_type *cm,
|
||||
const void *data,
|
||||
size_t len,
|
||||
unsigned usage,
|
||||
struct key_data *keyblock,
|
||||
Checksum *result);
|
||||
static void free_key_data(krb5_context context, struct key_data *key);
|
||||
static krb5_error_code usage2arcfour (krb5_context, int *);
|
||||
|
||||
/************************************************************
|
||||
* *
|
||||
|
@ -594,12 +595,16 @@ krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype,
|
|||
|
||||
_krb5_put_int(data + datalen - 4, keypart, 4);
|
||||
|
||||
hmac(context, c, data, datalen, 0, &ksign, &result);
|
||||
ret = hmac(context, c, data, datalen, 0, &ksign, &result);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
memcpy(p, result.checksum.data, len);
|
||||
memcpy(tmpcksum, result.checksum.data, result.checksum.length);
|
||||
for (i = 0; i < iter; i++) {
|
||||
hmac(context, c, tmpcksum, result.checksum.length,
|
||||
0, &ksign, &result);
|
||||
ret = hmac(context, c, tmpcksum, result.checksum.length,
|
||||
0, &ksign, &result);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
memcpy(tmpcksum, result.checksum.data, result.checksum.length);
|
||||
for (j = 0; j < len; j++)
|
||||
p[j] ^= tmpcksum[j];
|
||||
|
@ -1385,7 +1390,7 @@ SHA1_checksum(krb5_context context,
|
|||
}
|
||||
|
||||
/* HMAC according to RFC2104 */
|
||||
static void
|
||||
static krb5_error_code
|
||||
hmac(krb5_context context,
|
||||
struct checksum_type *cm,
|
||||
const void *data,
|
||||
|
@ -1399,6 +1404,17 @@ hmac(krb5_context context,
|
|||
size_t key_len;
|
||||
int i;
|
||||
|
||||
ipad = malloc(cm->blocksize + len);
|
||||
if (ipad == NULL)
|
||||
return ENOMEM;
|
||||
opad = malloc(cm->blocksize + cm->checksumsize);
|
||||
if (opad == NULL) {
|
||||
free(ipad);
|
||||
return ENOMEM;
|
||||
}
|
||||
memset(ipad, 0x36, cm->blocksize);
|
||||
memset(opad, 0x5c, cm->blocksize);
|
||||
|
||||
if(keyblock->key->keyvalue.length > cm->blocksize){
|
||||
(*cm->checksum)(context,
|
||||
keyblock,
|
||||
|
@ -1412,10 +1428,6 @@ hmac(krb5_context context,
|
|||
key = keyblock->key->keyvalue.data;
|
||||
key_len = keyblock->key->keyvalue.length;
|
||||
}
|
||||
ipad = malloc(cm->blocksize + len);
|
||||
opad = malloc(cm->blocksize + cm->checksumsize);
|
||||
memset(ipad, 0x36, cm->blocksize);
|
||||
memset(opad, 0x5c, cm->blocksize);
|
||||
for(i = 0; i < key_len; i++){
|
||||
ipad[i] ^= key[i];
|
||||
opad[i] ^= key[i];
|
||||
|
@ -1431,8 +1443,40 @@ hmac(krb5_context context,
|
|||
free(ipad);
|
||||
memset(opad, 0, cm->blocksize + cm->checksumsize);
|
||||
free(opad);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_hmac(krb5_context context,
|
||||
krb5_cksumtype cktype,
|
||||
const void *data,
|
||||
size_t len,
|
||||
unsigned usage,
|
||||
krb5_keyblock *key,
|
||||
Checksum *result)
|
||||
{
|
||||
struct checksum_type *c = _find_checksum(cktype);
|
||||
struct key_data kd;
|
||||
krb5_error_code ret;
|
||||
|
||||
if (c == NULL) {
|
||||
krb5_set_error_string (context, "checksum type %d not supported",
|
||||
cktype);
|
||||
return KRB5_PROG_SUMTYPE_NOSUPP;
|
||||
}
|
||||
|
||||
kd.key = key;
|
||||
kd.schedule = NULL;
|
||||
|
||||
ret = hmac(context, c, data, len, usage, &kd, result);
|
||||
|
||||
if (kd.schedule)
|
||||
krb5_free_data(context, kd.schedule);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
SP_HMAC_SHA1_checksum(krb5_context context,
|
||||
struct key_data *key,
|
||||
|
@ -1444,11 +1488,14 @@ SP_HMAC_SHA1_checksum(krb5_context context,
|
|||
struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
|
||||
Checksum res;
|
||||
char sha1_data[20];
|
||||
krb5_error_code ret;
|
||||
|
||||
res.checksum.data = sha1_data;
|
||||
res.checksum.length = sizeof(sha1_data);
|
||||
|
||||
hmac(context, c, data, len, usage, key, &res);
|
||||
ret = hmac(context, c, data, len, usage, key, &res);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
memcpy(result->checksum.data, res.checksum.data, result->checksum.length);
|
||||
}
|
||||
|
||||
|
@ -1473,10 +1520,13 @@ HMAC_MD5_checksum(krb5_context context,
|
|||
unsigned char t[4];
|
||||
unsigned char tmp[16];
|
||||
unsigned char ksign_c_data[16];
|
||||
krb5_error_code ret;
|
||||
|
||||
ksign_c.checksum.length = sizeof(ksign_c_data);
|
||||
ksign_c.checksum.data = ksign_c_data;
|
||||
hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
|
||||
ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
ksign.key = &kb;
|
||||
kb.keyvalue = ksign_c.checksum;
|
||||
MD5_Init (&md5);
|
||||
|
@ -1487,7 +1537,9 @@ HMAC_MD5_checksum(krb5_context context,
|
|||
MD5_Update (&md5, t, 4);
|
||||
MD5_Update (&md5, data, len);
|
||||
MD5_Final (tmp, &md5);
|
||||
hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
|
||||
ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1508,6 +1560,7 @@ HMAC_MD5_checksum_enc(krb5_context context,
|
|||
krb5_keyblock kb;
|
||||
unsigned char t[4];
|
||||
unsigned char ksign_c_data[16];
|
||||
krb5_error_code ret;
|
||||
|
||||
t[0] = (usage >> 0) & 0xFF;
|
||||
t[1] = (usage >> 8) & 0xFF;
|
||||
|
@ -1516,10 +1569,14 @@ HMAC_MD5_checksum_enc(krb5_context context,
|
|||
|
||||
ksign_c.checksum.length = sizeof(ksign_c_data);
|
||||
ksign_c.checksum.data = ksign_c_data;
|
||||
hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
|
||||
ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
ksign.key = &kb;
|
||||
kb.keyvalue = ksign_c.checksum;
|
||||
hmac(context, c, data, len, 0, &ksign, result);
|
||||
ret = hmac(context, c, data, len, 0, &ksign, result);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
}
|
||||
|
||||
struct checksum_type checksum_none = {
|
||||
|
@ -1741,18 +1798,18 @@ get_checksum_key(krb5_context context,
|
|||
}
|
||||
|
||||
static krb5_error_code
|
||||
do_checksum (krb5_context context,
|
||||
struct checksum_type *ct,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
void *data,
|
||||
size_t len,
|
||||
Checksum *result)
|
||||
create_checksum (krb5_context context,
|
||||
struct checksum_type *ct,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage,
|
||||
void *data,
|
||||
size_t len,
|
||||
Checksum *result)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
struct key_data *dkey;
|
||||
int keyed_checksum;
|
||||
|
||||
|
||||
keyed_checksum = (ct->flags & F_KEYED) != 0;
|
||||
if(keyed_checksum && crypto == NULL) {
|
||||
krb5_clear_error_string (context);
|
||||
|
@ -1770,17 +1827,26 @@ do_checksum (krb5_context context,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
create_checksum(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
unsigned usage, /* not krb5_key_usage */
|
||||
krb5_cksumtype type, /* 0 -> pick from crypto */
|
||||
void *data,
|
||||
size_t len,
|
||||
Checksum *result)
|
||||
static int
|
||||
arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
|
||||
{
|
||||
return (ct->type == CKSUMTYPE_HMAC_MD5) &&
|
||||
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_create_checksum(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_key_usage usage,
|
||||
int type,
|
||||
void *data,
|
||||
size_t len,
|
||||
Checksum *result)
|
||||
{
|
||||
struct checksum_type *ct = NULL;
|
||||
unsigned keyusage;
|
||||
|
||||
/* type 0 -> pick from crypto */
|
||||
if (type) {
|
||||
ct = _find_checksum(type);
|
||||
} else if (crypto) {
|
||||
|
@ -1794,21 +1860,15 @@ create_checksum(krb5_context context,
|
|||
type);
|
||||
return KRB5_PROG_SUMTYPE_NOSUPP;
|
||||
}
|
||||
return do_checksum (context, ct, crypto, usage, data, len, result);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_create_checksum(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
krb5_key_usage usage,
|
||||
int type,
|
||||
void *data,
|
||||
size_t len,
|
||||
Checksum *result)
|
||||
{
|
||||
return create_checksum(context, crypto,
|
||||
CHECKSUM_USAGE(usage),
|
||||
type, data, len, result);
|
||||
if (arcfour_checksum_p(ct, crypto)) {
|
||||
keyusage = usage;
|
||||
usage2arcfour(context, &keyusage);
|
||||
} else
|
||||
keyusage = CHECKSUM_USAGE(usage);
|
||||
|
||||
return create_checksum(context, ct, crypto, keyusage,
|
||||
data, len, result);
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
|
@ -1826,7 +1886,7 @@ verify_checksum(krb5_context context,
|
|||
struct checksum_type *ct;
|
||||
|
||||
ct = _find_checksum(cksum->cksumtype);
|
||||
if(ct == NULL) {
|
||||
if (ct == NULL) {
|
||||
krb5_set_error_string (context, "checksum type %d not supported",
|
||||
cksum->cksumtype);
|
||||
return KRB5_PROG_SUMTYPE_NOSUPP;
|
||||
|
@ -1872,8 +1932,24 @@ krb5_verify_checksum(krb5_context context,
|
|||
size_t len,
|
||||
Checksum *cksum)
|
||||
{
|
||||
return verify_checksum(context, crypto,
|
||||
CHECKSUM_USAGE(usage), data, len, cksum);
|
||||
struct checksum_type *ct;
|
||||
unsigned keyusage;
|
||||
|
||||
ct = _find_checksum(cksum->cksumtype);
|
||||
if(ct == NULL) {
|
||||
krb5_set_error_string (context, "checksum type %d not supported",
|
||||
cksum->cksumtype);
|
||||
return KRB5_PROG_SUMTYPE_NOSUPP;
|
||||
}
|
||||
|
||||
if (arcfour_checksum_p(ct, crypto)) {
|
||||
keyusage = usage;
|
||||
usage2arcfour(context, &keyusage);
|
||||
} else
|
||||
keyusage = CHECKSUM_USAGE(usage);
|
||||
|
||||
return verify_checksum(context, crypto, keyusage,
|
||||
data, len, cksum);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
|
@ -2109,7 +2185,7 @@ AES_CTS_encrypt(krb5_context context,
|
|||
k = &k[1];
|
||||
|
||||
if (len < AES_BLOCK_SIZE)
|
||||
abort();
|
||||
krb5_abortx(context, "invalid use of AES_CTS_encrypt");
|
||||
if (len == AES_BLOCK_SIZE) {
|
||||
if (encrypt)
|
||||
AES_encrypt(data, data, k);
|
||||
|
@ -2149,6 +2225,7 @@ ARCFOUR_subencrypt(krb5_context context,
|
|||
RC4_KEY rc4_key;
|
||||
unsigned char *cdata = data;
|
||||
unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
|
||||
krb5_error_code ret;
|
||||
|
||||
t[0] = (usage >> 0) & 0xFF;
|
||||
t[1] = (usage >> 8) & 0xFF;
|
||||
|
@ -2158,7 +2235,9 @@ ARCFOUR_subencrypt(krb5_context context,
|
|||
k1_c.checksum.length = sizeof(k1_c_data);
|
||||
k1_c.checksum.data = k1_c_data;
|
||||
|
||||
hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
|
||||
ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
|
||||
|
||||
|
@ -2171,7 +2250,9 @@ ARCFOUR_subencrypt(krb5_context context,
|
|||
cksum.checksum.length = 16;
|
||||
cksum.checksum.data = data;
|
||||
|
||||
hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
|
||||
ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
ke.key = &kb;
|
||||
kb.keyvalue = k1_c.checksum;
|
||||
|
@ -2179,7 +2260,9 @@ ARCFOUR_subencrypt(krb5_context context,
|
|||
k3_c.checksum.length = sizeof(k3_c_data);
|
||||
k3_c.checksum.data = k3_c_data;
|
||||
|
||||
hmac(NULL, c, data, 16, 0, &ke, &k3_c);
|
||||
ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
|
||||
RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
|
||||
|
@ -2206,6 +2289,7 @@ ARCFOUR_subdecrypt(krb5_context context,
|
|||
unsigned char *cdata = data;
|
||||
unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
|
||||
unsigned char cksum_data[16];
|
||||
krb5_error_code ret;
|
||||
|
||||
t[0] = (usage >> 0) & 0xFF;
|
||||
t[1] = (usage >> 8) & 0xFF;
|
||||
|
@ -2215,7 +2299,9 @@ ARCFOUR_subdecrypt(krb5_context context,
|
|||
k1_c.checksum.length = sizeof(k1_c_data);
|
||||
k1_c.checksum.data = k1_c_data;
|
||||
|
||||
hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
|
||||
ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
|
||||
|
||||
|
@ -2228,7 +2314,9 @@ ARCFOUR_subdecrypt(krb5_context context,
|
|||
k3_c.checksum.length = sizeof(k3_c_data);
|
||||
k3_c.checksum.data = k3_c_data;
|
||||
|
||||
hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
|
||||
ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
|
||||
RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
|
||||
|
@ -2239,7 +2327,9 @@ ARCFOUR_subdecrypt(krb5_context context,
|
|||
cksum.checksum.length = 16;
|
||||
cksum.checksum.data = cksum_data;
|
||||
|
||||
hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
|
||||
ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
|
||||
if (ret)
|
||||
krb5_abortx(context, "hmac failed");
|
||||
|
||||
memset (k1_c_data, 0, sizeof(k1_c_data));
|
||||
memset (k2_c_data, 0, sizeof(k2_c_data));
|
||||
|
@ -2256,54 +2346,28 @@ ARCFOUR_subdecrypt(krb5_context context,
|
|||
/*
|
||||
* convert the usage numbers used in
|
||||
* draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
|
||||
* draft-brezak-win2k-krb-rc4-hmac-03.txt
|
||||
* draft-brezak-win2k-krb-rc4-hmac-04.txt
|
||||
*/
|
||||
|
||||
static krb5_error_code
|
||||
usage2arcfour (krb5_context context, int *usage)
|
||||
{
|
||||
switch (*usage) {
|
||||
case KRB5_KU_PA_ENC_TIMESTAMP :
|
||||
*usage = 1;
|
||||
return 0;
|
||||
case KRB5_KU_TICKET :
|
||||
*usage = 2;
|
||||
return 0;
|
||||
case KRB5_KU_AS_REP_ENC_PART :
|
||||
case KRB5_KU_AS_REP_ENC_PART : /* 3 */
|
||||
case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
|
||||
*usage = 8;
|
||||
return 0;
|
||||
case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION :
|
||||
case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY :
|
||||
case KRB5_KU_TGS_REQ_AUTH_CKSUM :
|
||||
case KRB5_KU_TGS_REQ_AUTH :
|
||||
*usage = 7;
|
||||
case KRB5_KU_USAGE_SEAL : /* 22 */
|
||||
*usage = 13;
|
||||
return 0;
|
||||
case KRB5_KU_TGS_REP_ENC_PART_SESSION :
|
||||
case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY :
|
||||
*usage = 8;
|
||||
return 0;
|
||||
case KRB5_KU_AP_REQ_AUTH_CKSUM :
|
||||
case KRB5_KU_AP_REQ_AUTH :
|
||||
case KRB5_KU_AP_REQ_ENC_PART :
|
||||
*usage = 11;
|
||||
return 0;
|
||||
case KRB5_KU_KRB_PRIV :
|
||||
case KRB5_KU_USAGE_SIGN : /* 23 */
|
||||
*usage = 15;
|
||||
return 0;
|
||||
case KRB5_KU_USAGE_SEQ: /* 24 */
|
||||
*usage = 0;
|
||||
return 0;
|
||||
case KRB5_KU_KRB_CRED :
|
||||
case KRB5_KU_KRB_SAFE_CKSUM :
|
||||
case KRB5_KU_OTHER_ENCRYPTED :
|
||||
case KRB5_KU_OTHER_CKSUM :
|
||||
case KRB5_KU_KRB_ERROR :
|
||||
case KRB5_KU_AD_KDC_ISSUED :
|
||||
case KRB5_KU_MANDATORY_TICKET_EXTENSION :
|
||||
case KRB5_KU_AUTH_DATA_TICKET_EXTENSION :
|
||||
case KRB5_KU_USAGE_SEAL :
|
||||
case KRB5_KU_USAGE_SIGN :
|
||||
case KRB5_KU_USAGE_SEQ :
|
||||
default :
|
||||
krb5_set_error_string(context, "unknown arcfour usage type %d", *usage);
|
||||
return KRB5_PROG_ETYPE_NOSUPP;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2731,9 +2795,9 @@ encrypt_internal_derived(krb5_context context,
|
|||
memcpy(q, data, len);
|
||||
|
||||
ret = create_checksum(context,
|
||||
et->keyed_checksum,
|
||||
crypto,
|
||||
INTEGRITY_USAGE(usage),
|
||||
et->keyed_checksum->type,
|
||||
p,
|
||||
block_sz,
|
||||
&cksum);
|
||||
|
@ -2800,9 +2864,9 @@ encrypt_internal(krb5_context context,
|
|||
memcpy(q, data, len);
|
||||
|
||||
ret = create_checksum(context,
|
||||
et->checksum,
|
||||
crypto,
|
||||
0,
|
||||
et->checksum->type,
|
||||
p,
|
||||
block_sz,
|
||||
&cksum);
|
||||
|
@ -2896,6 +2960,11 @@ decrypt_internal_derived(krb5_context context,
|
|||
return EINVAL; /* XXX - better error code? */
|
||||
}
|
||||
|
||||
if (((len - checksum_sz) % et->padsize) != 0) {
|
||||
krb5_clear_error_string(context);
|
||||
return KRB5_BAD_MSIZE;
|
||||
}
|
||||
|
||||
p = malloc(len);
|
||||
if(len != 0 && p == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
|
@ -2964,6 +3033,11 @@ decrypt_internal(krb5_context context,
|
|||
size_t checksum_sz, l;
|
||||
struct encryption_type *et = crypto->et;
|
||||
|
||||
if ((len % et->padsize) != 0) {
|
||||
krb5_clear_error_string(context);
|
||||
return KRB5_BAD_MSIZE;
|
||||
}
|
||||
|
||||
checksum_sz = CHECKSUMSIZE(et->checksum);
|
||||
p = malloc(len);
|
||||
if(len != 0 && p == NULL) {
|
||||
|
@ -3022,25 +3096,34 @@ decrypt_internal_special(krb5_context context,
|
|||
struct encryption_type *et = crypto->et;
|
||||
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
|
||||
size_t sz = len - cksum_sz - et->confoundersize;
|
||||
char *cdata = (char *)data;
|
||||
char *tmp;
|
||||
unsigned char *p;
|
||||
krb5_error_code ret;
|
||||
|
||||
tmp = malloc (sz);
|
||||
if (tmp == NULL) {
|
||||
if ((len % et->padsize) != 0) {
|
||||
krb5_clear_error_string(context);
|
||||
return KRB5_BAD_MSIZE;
|
||||
}
|
||||
|
||||
p = malloc (len);
|
||||
if (p == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
memcpy(p, data, len);
|
||||
|
||||
ret = (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec);
|
||||
ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec);
|
||||
if (ret) {
|
||||
free(tmp);
|
||||
free(p);
|
||||
return ret;
|
||||
}
|
||||
|
||||
memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
|
||||
|
||||
result->data = tmp;
|
||||
memmove (p, p + cksum_sz + et->confoundersize, sz);
|
||||
result->data = realloc(p, sz);
|
||||
if(result->data == NULL) {
|
||||
free(p);
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
result->length = sz;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
/*autoheader*/
|
|
@ -1,51 +0,0 @@
|
|||
KRB5-CONFIG(1) NetBSD Reference Manual KRB5-CONFIG(1)
|
||||
|
||||
NNAAMMEE
|
||||
kkrrbb55--ccoonnffiigg - give information on how to link code against Heimdal li-
|
||||
braries
|
||||
|
||||
SSYYNNOOPPSSIISS
|
||||
kkrrbb55--ccoonnffiigg [----pprreeffiixx[=_d_i_r]] [----eexxeecc--pprreeffiixx[=_d_i_r]] [----lliibbss] [----ccffllaaggss]
|
||||
[_l_i_b_r_a_r_i_e_s]
|
||||
|
||||
DDEESSCCRRIIPPTTIIOONN
|
||||
kkrrbb55--ccoonnffiigg tells the application programmer what special flags to use to
|
||||
compile and link programs against the libraries installed by Heimdal.
|
||||
|
||||
Options supported:
|
||||
|
||||
----pprreeffiixx[=_d_i_r]
|
||||
Print the prefix if no _d_i_r is specified, otherwise set prefix to
|
||||
_d_i_r.
|
||||
|
||||
----eexxeecc--pprreeffiixx[=_d_i_r]
|
||||
Print the exec-prefix if no _d_i_r is specified, otherwise set exec-
|
||||
prefix to _d_i_r.
|
||||
|
||||
----lliibbss Output the set of libraries that should be linked against.
|
||||
|
||||
----ccffllaaggss
|
||||
Output the set of flags to give to the C compiler when using the
|
||||
Heimdal libraries.
|
||||
|
||||
By default kkrrbb55--ccoonnffiigg will output the set of flags and libraries to be
|
||||
used by a normal program using the krb5 API. The user can also supply a
|
||||
library to be used, the supported ones are:
|
||||
|
||||
krb5 (the default)
|
||||
|
||||
gssapi use the krb5 gssapi mechanism
|
||||
|
||||
kadm-client
|
||||
use the client-side kadmin libraries
|
||||
|
||||
kadm-server
|
||||
use the server-side kadmin libraries
|
||||
|
||||
SSEEEE AALLSSOO
|
||||
cc(1)
|
||||
|
||||
HHIISSTTOORRYY
|
||||
kkrrbb55--ccoonnffiigg appeared in Heimdal 0.3d.
|
||||
|
||||
HEIMDAL November 30, 2000 1
|
Loading…
Reference in a new issue