summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans Insulander <hin@cvs.openbsd.org>2001-06-22 21:17:30 +0000
committerHans Insulander <hin@cvs.openbsd.org>2001-06-22 21:17:30 +0000
commit6b96aa9137652188a7e2cab902c921b3efb4bbbe (patch)
treec73a4dc2c9f8f7c77ccd3a734e1105f53603ac5d
parent6030de5bbb3be2acc4f5f6f1d7fcf463a2f76042 (diff)
Import of heimdal-0.3f
Lots of changes, highlights include: * change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab, the new keytab type that tries both of these in order (SRVTAB is also an alias for krb4:) * improve error reporting and error handling (error messages should be more detailed and more useful) * the API is closer to what MIT krb5 is using * more compatible with windows 2000 * removed some memory leaks * bug fixes
Diffstat
-rw-r--r--kerberosV/src/admin/admin.new.fixit0
-rw-r--r--kerberosV/src/admin/ktutil.cat871
-rw-r--r--kerberosV/src/appl/afsutil/afsutil.new.fixit0
-rw-r--r--kerberosV/src/appl/appl.new.fixit0
-rw-r--r--kerberosV/src/appl/dceutils/dceutils.new.fixit0
-rw-r--r--kerberosV/src/appl/ftp/common/common.new.fixit0
-rw-r--r--kerberosV/src/appl/ftp/ftp/ftp.cat1650
-rw-r--r--kerberosV/src/appl/ftp/ftp/ftp.new.fixit0
-rw-r--r--kerberosV/src/appl/ftp/ftpd/ftpd.cat8296
-rw-r--r--kerberosV/src/appl/ftp/ftpd/ftpd.new.fixit0
-rw-r--r--kerberosV/src/appl/ftp/ftpd/ftpusers.cat527
-rw-r--r--kerberosV/src/appl/kf/kf.cat146
-rw-r--r--kerberosV/src/appl/kf/kf.new.fixit0
-rw-r--r--kerberosV/src/appl/kf/kfd.cat831
-rw-r--r--kerberosV/src/appl/kx/kx.cat139
-rw-r--r--kerberosV/src/appl/kx/kx.new.fixit0
-rw-r--r--kerberosV/src/appl/kx/kxd.cat837
-rw-r--r--kerberosV/src/appl/kx/rxtelnet.cat143
-rw-r--r--kerberosV/src/appl/kx/rxterm.cat141
-rw-r--r--kerberosV/src/appl/kx/tenletxr.cat137
-rw-r--r--kerberosV/src/appl/login/login.new.fixit0
-rw-r--r--kerberosV/src/appl/otp/otp.cat143
-rw-r--r--kerberosV/src/appl/otp/otp.new.fixit0
-rw-r--r--kerberosV/src/appl/otp/otpprint.cat136
-rw-r--r--kerberosV/src/appl/popper/popper.new.fixit0
-rw-r--r--kerberosV/src/appl/push/pfrom.cat117
-rw-r--r--kerberosV/src/appl/push/push.cat877
-rw-r--r--kerberosV/src/appl/push/push.new.fixit0
-rw-r--r--kerberosV/src/appl/rcp/rcp.new.fixit0
-rw-r--r--kerberosV/src/appl/rsh/rsh.new.fixit0
-rw-r--r--kerberosV/src/appl/su/su.new.fixit0
-rw-r--r--kerberosV/src/appl/telnet/arpa/arpa.new.fixit0
-rw-r--r--kerberosV/src/appl/telnet/libtelnet/libtelnet.new.fixit0
-rw-r--r--kerberosV/src/appl/telnet/telnet/telnet.cat1718
-rw-r--r--kerberosV/src/appl/telnet/telnet/telnet.new.fixit0
-rw-r--r--kerberosV/src/appl/telnet/telnetd/telnetd.cat8297
-rw-r--r--kerberosV/src/appl/telnet/telnetd/telnetd.new.fixit0
-rw-r--r--kerberosV/src/appl/test/test.new.fixit0
-rw-r--r--kerberosV/src/appl/xnlock/xnlock.cat1132
-rw-r--r--kerberosV/src/appl/xnlock/xnlock.new.fixit0
-rw-r--r--kerberosV/src/doc/doc.new.fixit0
-rw-r--r--kerberosV/src/doc/programming.texi287
42 files changed, 2925 insertions, 0 deletions
diff --git a/kerberosV/src/admin/admin.new.fixit b/kerberosV/src/admin/admin.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/admin/admin.new.fixit
diff --git a/kerberosV/src/admin/ktutil.cat8 b/kerberosV/src/admin/ktutil.cat8
new file mode 100644
index 00000000000..f349f610f05
--- /dev/null
+++ b/kerberosV/src/admin/ktutil.cat8
@@ -0,0 +1,71 @@
+
+KTUTIL(8) UNIX System Manager's Manual KTUTIL(8)
+
+NNAAMMEE
+ kkttuuttiill - manage Kerberos keytabs
+
+SSYYNNOOPPSSIISS
+ kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
+ ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol-
+ lowing:
+
+ add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
+ _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d]
+ [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
+ Adds a key to the keytab. Options that are not specified will be
+ prompted for.
+
+ change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
+ _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
+ Update one or several keys to new versions. By default, use the
+ admin server for the realm of an keytab entry. Otherwise it will
+ use the values specified by the options.
+
+ If no principals are given, all the ones in the keytab are updat-
+ ed.
+
+ copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
+ Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
+
+ get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e |
+ ----eennccttyyppeess==_e_n_c_t_y_p_e
+ sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t]
+ _p_r_i_n_c_i_p_a_l ][--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n _s_e_r_v_e_r]
+ [----aaddmmiinn-- Get a key for pprriinncciippaall and store it in a keytab.
+
+ list [----kkeeyyss] [----ttiimmeessttaammpp]
+ List the keys stored in the keytab.
+
+ remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
+ [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
+ Removes the specified key or keys. Not specifying a _k_v_n_o removes
+ keys with any version number. Not specifying a _e_n_c_t_y_p_e removes
+ keys of any type.
+
+ purge [----aaggee==_a_g_e]
+ Removes all old entries (for which there is a newer version) that
+ are older than _a_g_e (default one week).
+
+ srvconvert
+
+ srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+ Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab and
+ stores it in _k_e_y_t_a_b. Identical to:
+
+ ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
+
+ srvcreate
+
+ key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
+ Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab and
+ stores it in _s_r_v_t_a_b. Identical to:
+
+ ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
+
+SSEEEE AALLSSOO
+ kadmin(8)
+
+ HEIMDAL December 16, 2000 2
diff --git a/kerberosV/src/appl/afsutil/afsutil.new.fixit b/kerberosV/src/appl/afsutil/afsutil.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/afsutil/afsutil.new.fixit
diff --git a/kerberosV/src/appl/appl.new.fixit b/kerberosV/src/appl/appl.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/appl.new.fixit
diff --git a/kerberosV/src/appl/dceutils/dceutils.new.fixit b/kerberosV/src/appl/dceutils/dceutils.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/dceutils/dceutils.new.fixit
diff --git a/kerberosV/src/appl/ftp/common/common.new.fixit b/kerberosV/src/appl/ftp/common/common.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/ftp/common/common.new.fixit
diff --git a/kerberosV/src/appl/ftp/ftp/ftp.cat1 b/kerberosV/src/appl/ftp/ftp/ftp.cat1
new file mode 100644
index 00000000000..66262de9dfa
--- /dev/null
+++ b/kerberosV/src/appl/ftp/ftp/ftp.cat1
@@ -0,0 +1,650 @@
+
+FTP(1) UNIX Reference Manual FTP(1)
+
+NNAAMMEE
+ ffttpp - ARPANET file transfer program
+
+SSYYNNOOPPSSIISS
+ ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
+ The program allows a user to transfer files to and from a remote network
+ site.
+
+ Modifications has been made so that it almost follows the ftpsec Internet
+ draft.
+
+ Options may be specified at the command line, or to the command inter-
+ preter.
+
+ --tt Enables packet tracing.
+
+ --vv Verbose option forces ffttpp to show all responses from the remote
+ server, as well as report on data transfer statistics.
+
+ --nn Restrains ffttpp from attempting ``auto-login'' upon initial connec-
+ tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
+ low) file in the user's home directory for an entry describing an
+ account on the remote machine. If no entry exists, ffttpp will prompt
+ for the remote machine login name (default is the user identity on
+ the local machine), and, if necessary, prompt for a password and an
+ account with which to login.
+
+ --ii Turns off interactive prompting during multiple file transfers.
+
+ --pp Turn on passive mode.
+
+ --dd Enables debugging.
+
+ --gg Disables file name globbing.
+
+ --ll Disables command line editing.
+
+ The client host with which ffttpp is to communicate may be specified on the
+ command line. If this is done, ffttpp will immediately attempt to establish
+ a connection to an FTP server on that host; otherwise, ffttpp will enter its
+ command interpreter and await instructions from the user. When ffttpp is
+ awaiting commands from the user the prompt `ftp>' is provided to the us-
+ er. The following commands are recognized by ffttpp:
+
+ !! [_c_o_m_m_a_n_d [_a_r_g_s]]
+ Invoke an interactive shell on the local machine. If there
+ are arguments, the first is taken to be a command to execute
+ directly, with the rest of the arguments as its arguments.
+
+ $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
+ Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
+ command. Arguments are passed to the macro unglobbed.
+
+ aaccccoouunntt [_p_a_s_s_w_d]
+ Supply a supplemental password required by a remote system
+ for access to resources once a login has been successfully
+ completed. If no argument is included, the user will be
+
+
+ prompted for an account password in a non-echoing input mode.
+
+ aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+ Append a local file to a file on the remote machine. If
+ _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
+ in naming the remote file after being altered by any nnttrraannss
+ or nnmmaapp setting. File transfer uses the current settings for
+ ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
+
+ aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de-
+ fault type.
+
+ bbeellll Arrange that a bell be sounded after each file transfer com-
+ mand is completed.
+
+ bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer.
+
+ bbyyee Terminate the FTP session with the remote server and exit
+ ffttpp. An end of file will also terminate the session and exit.
+
+ ccaassee Toggle remote computer file name case mapping during mmggeett
+ commands. When ccaassee is on (default is off), remote computer
+ file names with all letters in upper case are written in the
+ local directory with the letters mapped to lower case.
+
+ ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
+ Change the working directory on the remote machine to _r_e_m_o_t_e_-
+ _d_i_r_e_c_t_o_r_y.
+
+ ccdduupp Change the remote machine working directory to the parent of
+ the current remote machine working directory.
+
+ cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
+ Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
+ mote sytem to _m_o_d_e.
+
+ cclloossee Terminate the FTP session with the remote server, and return
+ to the command interpreter. Any defined macros are erased.
+
+ ccrr Toggle carriage return stripping during ascii type file re-
+ trieval. Records are denoted by a carriage return/linefeed
+ sequence during ascii type file transfer. When ccrr is on (the
+ default), carriage returns are stripped from this sequence to
+ conform with the UNIX single linefeed record delimiter.
+ Records on non-UNIX remote systems may contain single line-
+ feeds; when an ascii type transfer is made, these linefeeds
+ may be distinguished from a record delimiter only when ccrr is
+ off.
+
+ ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
+ Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
+
+ ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
+ Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
+ fied it is used to set the debugging level. When debugging
+ is on, ffttpp prints each command sent to the remote machine,
+ preceded by the string `-->'
+
+ ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+ Print a listing of the directory contents in the directory,
+ _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
+ _l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt
+ the user to verify that the last argument is indeed the tar-
+ get local file for receiving ddiirr output. If no directory is
+ specified, the current working directory on the remote ma-
+ chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
+
+ is --, output comes to the terminal.
+
+ ddiissccoonnnneecctt A synonym for _c_l_o_s_e.
+
+ ffoorrmm _f_o_r_m_a_t
+ Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is
+ ``file''.
+
+ ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+ Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
+ If the local file name is not specified, it is given the same
+ name it has on the remote machine, subject to alteration by
+ the current ccaassee, nnttrraannss, and nnmmaapp settings. The current
+ settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
+ transferring the file.
+
+ gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If
+ globbing is turned off with gglloobb, the file name arguments are
+ taken literally and not expanded. Globbing for mmppuutt is done
+ as in csh(1). For mmddeelleettee and mmggeett, each remote file name is
+ expanded separately on the remote machine and the lists are
+ not merged. Expansion of a directory name is likely to be
+ different from expansion of the name of an ordinary file: the
+ exact result depends on the foreign operating system and ftp
+ server, and can be previewed by doing `mls remote-files -'.
+ As a security measure, remotely globbed files that starts
+ with `/' or contains `../', will not be automatically re-
+ ceived. If you have interactive prompting turned off, these
+ filenames will be ignored. Note: mmggeett and mmppuutt are not meant
+ to transfer entire directory subtrees of files. That can be
+ done by transferring a tar(1) archive of the subtree (in bi-
+ nary mode).
+
+ hhaasshh Toggle hash-sign (``#'') printing for each data block trans-
+ ferred. The size of a data block is 1024 bytes.
+
+ hheellpp [_c_o_m_m_a_n_d]
+ Print an informative message about the meaning of _c_o_m_m_a_n_d. If
+ no argument is given, ffttpp prints a list of the known com-
+ mands.
+
+ iiddllee [_s_e_c_o_n_d_s]
+ Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
+ onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
+ printed.
+
+ llccdd [_d_i_r_e_c_t_o_r_y]
+ Change the working directory on the local machine. If no
+ _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
+
+ llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+ Print a listing of the contents of a directory on the remote
+ machine. The listing includes any system-dependent informa-
+ tion that the server chooses to include; for example, most
+ UNIX systems will produce output from the command `ls -l'.
+ (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
+ the current working directory is used. If interactive
+ prompting is on, ffttpp will prompt the user to verify that the
+ last argument is indeed the target local file for receiving
+ llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
+ is `--', the output is sent to the terminal.
+
+ mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
+ Define a macro. Subsequent lines are stored as the macro
+ _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
+ file or carriage returns from the terminal) terminates macro
+ input mode. There is a limit of 16 macros and 4096 total
+ characters in all defined macros. Macros remain defined un-
+ til a cclloossee command is executed. The macro processor inter-
+ prets `$' and `\' as special characters. A `$' followed by a
+ number (or numbers) is replaced by the corresponding argument
+ on the macro invocation command line. A `$' followed by an
+ `i' signals that macro processor that the executing macro is
+ to be looped. On the first pass `$i' is replaced by the
+ first argument on the macro invocation command line, on the
+ second pass it is replaced by the second argument, and so on.
+ A `\' followed by any character is replaced by that charac-
+ ter. Use the `\' to prevent special treatment of the `$'.
+
+ mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
+ Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
+
+ mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
+ Like ddiirr, except multiple remote files may be specified. If
+ interactive prompting is on, ffttpp will prompt the user to ver-
+ ify that the last argument is indeed the target local file
+ for receiving mmddiirr output.
+
+ mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
+ Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
+ for each file name thus produced. See gglloobb for details on
+ the filename expansion. Resulting file names will then be
+ processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
+ Files are transferred into the local working directory, which
+ can be changed with `lcd directory'; new local directories
+ can be created with `! mkdir directory'.
+
+ mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
+ Make a directory on the remote machine.
+
+ mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
+ Like nnlliisstt, except multiple remote files may be specified,
+ and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt-
+ ing is on, ffttpp will prompt the user to verify that the last
+ argument is indeed the target local file for receiving mmllss
+ output.
+
+ mmooddee [_m_o_d_e_-_n_a_m_e]
+ Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is
+ ``stream'' mode.
+
+ mmooddttiimmee _f_i_l_e_-_n_a_m_e
+ Show the last modification time of the file on the remote ma-
+ chine.
+
+ mmppuutt _l_o_c_a_l_-_f_i_l_e_s
+ Expand wild cards in the list of local files given as argu-
+ ments and do a ppuutt for each file in the resulting list. See
+ gglloobb for details of filename expansion. Resulting file names
+ will then be processed according to nnttrraannss and nnmmaapp settings.
+
+ nneewweerr _f_i_l_e_-_n_a_m_e
+ Get the file only if the modification time of the remote file
+ is more recent that the file on the current system. If the
+ file does not exist on the current system, the remote file is
+ considered nneewweerr. Otherwise, this command is identical to
+ _g_e_t.
+
+ nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
+ Print a list of the files in a directory on the remote ma-
+ chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
+ working directory is used. If interactive prompting is on,
+ ffttpp will prompt the user to verify that the last argument is
+ indeed the target local file for receiving nnlliisstt output. If
+ no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
+ is sent to the terminal.
+
+ nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
+ Set or unset the filename mapping mechanism. If no arguments
+ are specified, the filename mapping mechanism is unset. If
+ arguments are specified, remote filenames are mapped during
+ mmppuutt commands and ppuutt commands issued without a specified re-
+ mote target filename. If arguments are specified, local
+ filenames are mapped during mmggeett commands and ggeett commands
+ issued without a specified local target filename. This com-
+ mand is useful when connecting to a non-UNIX remote computer
+ with different file naming conventions or practices. The
+ mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
+ [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
+ have already been processed according to the nnttrraannss and ccaassee
+ settings). Variable templating is accomplished by including
+ the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to
+ prevent this special treatment of the `$' character. All
+ other characters are treated literally, and are used to de-
+ termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example,
+ given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
+ $1 would have the value "mydata", and $2 would have the value
+ "data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
+ name. The sequences `$1', `$2', ...., `$9' are replaced by
+ any value resulting from the _i_n_p_a_t_t_e_r_n template. The se-
+ quence `$0' is replace by the original filename. Additional-
+ ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
+ is not a null string; otherwise it is replaced by _s_e_q_2. For
+ example, the command
+
+ nmap $1.$2.$3 [$1,$2].[$2,file]
+
+ would yield the output filename "myfile.data" for input file-
+ names "myfile.data" and "myfile.data.old", "myfile.file" for
+ the input filename "myfile", and "myfile.myfile" for the in-
+ put filename ".myfile". Spaces may be included in
+ _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1'
+ . Use the `\' character to prevent special treatment of the
+ `$','[','[', and `,' characters.
+
+ nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
+ Set or unset the filename character translation mechanism.
+ If no arguments are specified, the filename character trans-
+ lation mechanism is unset. If arguments are specified, char-
+ acters in remote filenames are translated during mmppuutt com-
+ mands and ppuutt commands issued without a specified remote tar-
+ get filename. If arguments are specified, characters in lo-
+ cal filenames are translated during mmggeett commands and ggeett
+ commands issued without a specified local target filename.
+ This command is useful when connecting to a non-UNIX remote
+ computer with different file naming conventions or practices.
+ Characters in a filename matching a character in _i_n_c_h_a_r_s are
+ replaced with the corresponding character in _o_u_t_c_h_a_r_s. If the
+ character's position in _i_n_c_h_a_r_s is longer than the length of
+ _o_u_t_c_h_a_r_s, the character is deleted from the file name.
+
+ ooppeenn _h_o_s_t [_p_o_r_t]
+ Establish a connection to the specified _h_o_s_t FTP server. An
+ optional port number may be supplied, in which case, ffttpp will
+ attempt to contact an FTP server at that port. If the aauuttoo--
+ llooggiinn option is on (default), ffttpp will also attempt to auto-
+
+ matically log the user in to the FTP server (see below).
+
+ ppaassssiivvee Toggle passive mode. If passive mode is turned on (default
+ is off), the ftp client will send a PASV command for all data
+ connections instead of the usual PORT command. The PASV com-
+ mand requests that the remote server open a port for the data
+ connection and return the address of that port. The remote
+ server listens on that port and the client connects to it.
+ When using the more traditional PORT command, the client lis-
+ tens on a port and sends that address to the remote server,
+ who connects back to it. Passive mode is useful when using
+ ffttpp through a gateway router or host that controls the direc-
+ tionality of traffic. (Note that though ftp servers are re-
+ quired to support the PASV command by RFC 1123, some do not.)
+
+ pprroommpptt Toggle interactive prompting. Interactive prompting occurs
+ during multiple file transfers to allow the user to selec-
+ tively retrieve or store files. If prompting is turned off
+ (default is on), any mmggeett or mmppuutt will transfer all files,
+ and any mmddeelleettee will delete all files.
+
+ pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
+ Execute an ftp command on a secondary control connection.
+ This command allows simultaneous connection to two remote ftp
+ servers for transferring files between the two servers. The
+ first pprrooxxyy command should be an ooppeenn, to establish the sec-
+ ondary control connection. Enter the command "proxy ?" to
+ see other ftp commands executable on the secondary connec-
+ tion. The following commands behave differently when pref-
+ aced by pprrooxxyy: ooppeenn will not define new macros during the au-
+ to-login process, cclloossee will not erase existing macro defini-
+ tions, ggeett and mmggeett transfer files from the host on the pri-
+ mary control connection to the host on the secondary control
+ connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
+ host on the secondary control connection to the host on the
+ primary control connection. Third party file transfers de-
+ pend upon support of the ftp protocol PASV command by the
+ server on the secondary control connection.
+
+ ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+ Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is
+ left unspecified, the local file name is used after process-
+ ing according to any nnttrraannss or nnmmaapp settings in naming the
+ remote file. File transfer uses the current settings for
+ ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
+
+ ppwwdd Print the name of the current working directory on the remote
+ machine.
+
+ qquuiitt A synonym for bbyyee.
+
+ qquuoottee _a_r_g_1 _a_r_g_2 _._._.
+ The arguments specified are sent, verbatim, to the remote FTP
+ server.
+
+ rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+ A synonym for get.
+
+ rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
+ Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
+ smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
+ tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
+ continued from the apparent point of failure. This command
+ is useful when transferring very large files over networks
+
+
+ that are prone to dropping connections.
+
+ rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
+ Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e
+ is specified it is supplied to the server as well.
+
+ rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
+ With no arguments, show status of remote machine. If _f_i_l_e_-
+ _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
+ chine.
+
+ rreennaammee [_f_r_o_m] [_t_o]
+ Rename the file _f_r_o_m on the remote machine, to the file _t_o.
+
+ rreesseett Clear reply queue. This command re-synchronizes command/re-
+ ply sequencing with the remote ftp server. Resynchronization
+ may be necessary following a violation of the ftp protocol by
+ the remote server.
+
+ rreessttaarrtt _m_a_r_k_e_r
+ Restart the immediately following ggeett or ppuutt at the indicated
+ _m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset into
+ the file.
+
+ rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
+ Delete a directory on the remote machine.
+
+ rruunniiqquuee Toggle storing of files on the local system with unique file-
+ names. If a file already exists with a name equal to the
+ target local filename for a ggeett or mmggeett command, a ".1" is
+ appended to the name. If the resulting name matches another
+ existing file, a ".2" is appended to the original name. If
+ this process continues up to ".99", an error message is
+ printed, and the transfer does not take place. The generated
+ unique filename will be reported. Note that rruunniiqquuee will not
+ affect local files generated from a shell command (see be-
+ low). The default value is off.
+
+ sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
+ A synonym for put.
+
+ sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at-
+ tempt to use a PORT command when establishing a connection
+ for each data transfer. The use of PORT commands can prevent
+ delays when performing multiple file transfers. If the PORT
+ command fails, ffttpp will use the default data port. When the
+ use of PORT commands is disabled, no attempt will be made to
+ use PORT commands for each data transfer. This is useful for
+ certain FTP implementations which do ignore PORT commands
+ but, incorrectly, indicate they've been accepted.
+
+ ssiittee _a_r_g_1 _a_r_g_2 _._._.
+ The arguments specified are sent, verbatim, to the remote FTP
+ server as a SITE command.
+
+ ssiizzee _f_i_l_e_-_n_a_m_e
+ Return size of _f_i_l_e_-_n_a_m_e on remote machine.
+
+ ssttaattuuss Show the current status of ffttpp.
+
+ ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
+ Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default
+ ``stream'' structure is used.
+
+ ssuunniiqquuee Toggle storing of files on remote machine under unique file
+ names. Remote ftp server must support ftp protocol STOU com-
+ mand for successful completion. The remote server will re-
+ port unique name. Default value is off.
+
+ ssyysstteemm Show the type of operating system running on the remote ma-
+ chine.
+
+ tteenneexx Set the file transfer type to that needed to talk to TENEX
+ machines.
+
+ ttrraaccee Toggle packet tracing.
+
+ ttyyppee [_t_y_p_e_-_n_a_m_e]
+ Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is speci-
+ fied, the current type is printed. The default type is net-
+ work ASCII.
+
+ uummaasskk [_n_e_w_m_a_s_k]
+ Set the default umask on the remote server to _n_e_w_m_a_s_k. If
+ _n_e_w_m_a_s_k is omitted, the current umask is printed.
+
+ uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
+ Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d
+ is not specified and the server requires it, ffttpp will prompt
+ the user for it (after disabling local echo). If an _a_c_c_o_u_n_t
+ field is not specified, and the FTP server requires it, the
+ user will be prompted for it. If an _a_c_c_o_u_n_t field is speci-
+ fied, an account command will be relayed to the remote server
+ after the login sequence is completed if the remote server
+ did not require it for logging in. Unless ffttpp is invoked
+ with ``auto-login'' disabled, this process is done automati-
+ cally on initial connection to the FTP server.
+
+ vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the
+ FTP server are displayed to the user. In addition, if ver-
+ bose is on, when a file transfer completes, statistics re-
+ garding the efficiency of the transfer are reported. By de-
+ fault, verbose is on.
+
+ ?? [_c_o_m_m_a_n_d]
+ A synonym for help.
+
+ The following command can be used with ftpsec-aware servers.
+
+ pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
+ Set the data protection level to the requested level.
+
+ The following command can be used with ftp servers that has implemented
+ the KAUTH site command.
+
+ kkaauutthh [_p_r_i_n_c_i_p_a_l]
+ Obtain remote tickets.
+
+ Command arguments which have embedded spaces may be quoted with quote `"'
+ marks.
+
+AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
+ To abort a file transfer, use the terminal interrupt key (usually Ctrl-
+ C). Sending transfers will be immediately halted. Receiving transfers
+ will be halted by sending a ftp protocol ABOR command to the remote serv-
+ er, and discarding any further data received. The speed at which this is
+ accomplished depends upon the remote server's support for ABOR process-
+ ing. If the remote server does not support the ABOR command, an `ftp>'
+ prompt will not appear until the remote server has completed sending the
+ requested file.
+
+
+ The terminal interrupt key sequence will be ignored when ffttpp has complet-
+ ed any local processing and is awaiting a reply from the remote server.
+ A long delay in this mode may result from the ABOR processing described
+ above, or from unexpected behavior by the remote server, including viola-
+ tions of the ftp protocol. If the delay results from unexpected remote
+ server behavior, the local ffttpp program must be killed by hand.
+
+FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
+ Files specified as arguments to ffttpp commands are processed according to
+ the following rules.
+
+ 1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
+ (for writing) is used.
+
+ 2. If the first character of the file name is `|', the remainder of the
+ argument is interpreted as a shell command. FFttpp then forks a shell,
+ using popen(3) with the argument supplied, and reads (writes) from
+ the stdout (stdin). If the shell command includes spaces, the argu-
+ ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex-
+ ample of this mechanism is: ``dir more''.
+
+ 3. Failing the above checks, if ``globbing'' is enabled, local file
+ names are expanded according to the rules used in the csh(1); c.f.
+ the gglloobb command. If the ffttpp command expects a single local file
+ (.e.g. ppuutt), only the first filename generated by the "globbing"
+ operation is used.
+
+ 4. For mmggeett commands and ggeett commands with unspecified local file
+ names, the local filename is the remote filename, which may be al-
+ tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename
+ may then be altered if rruunniiqquuee is on.
+
+ 5. For mmppuutt commands and ppuutt commands with unspecified remote file
+ names, the remote filename is the local filename, which may be al-
+ tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then
+ be altered by the remote server if ssuunniiqquuee is on.
+
+FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
+ The FTP specification specifies many parameters which may affect a file
+ transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary),
+ ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
+ FFttpp supports the ascii and image types of file transfer, plus local byte
+ size 8 for tteenneexx mode transfers.
+
+ FFttpp supports only the default values for the remaining file transfer pa-
+ rameters: mmooddee, ffoorrmm, and ssttrruucctt.
+
+TTHHEE ..nneettrrcc FFIILLEE
+ The _._n_e_t_r_c file contains login and initialization information used by the
+ auto-login process. It resides in the user's home directory. The fol-
+ lowing tokens are recognized; they may be separated by spaces, tabs, or
+ new-lines:
+
+ mmaacchhiinnee _n_a_m_e
+ Identify a remote machine _n_a_m_e. The auto-login process searches
+ the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote ma-
+ chine specified on the ffttpp command line or as an ooppeenn command
+ argument. Once a match is made, the subsequent _._n_e_t_r_c tokens
+ are processed, stopping when the end of file is reached or an-
+ other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
+
+ ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
+ any name. There can be only one ddeeffaauulltt token, and it must be
+ after all mmaacchhiinnee tokens. This is normally used as:
+
+
+ default login anonymous password user@site
+
+ thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
+ chines not specified in _._n_e_t_r_c. This can be overridden by using
+ the --nn flag to disable auto-login.
+
+ llooggiinn _n_a_m_e
+ Identify a user on the remote machine. If this token is pre-
+ sent, the auto-login process will initiate a login using the
+ specified _n_a_m_e.
+
+ ppaasssswwoorrdd _s_t_r_i_n_g
+ Supply a password. If this token is present, the auto-login
+ process will supply the specified string if the remote server
+ requires a password as part of the login process. Note that if
+ this token is present in the _._n_e_t_r_c file for any user other
+ than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
+ _._n_e_t_r_c is readable by anyone besides the user.
+
+ aaccccoouunntt _s_t_r_i_n_g
+ Supply an additional account password. If this token is pre-
+ sent, the auto-login process will supply the specified string
+ if the remote server requires an additional account password,
+ or the auto-login process will initiate an ACCT command if it
+ does not.
+
+ mmaaccddeeff _n_a_m_e
+ Define a macro. This token functions like the ffttpp mmaaccddeeff com-
+ mand functions. A macro is defined with the specified name;
+ its contents begin with the next _._n_e_t_r_c line and continue until
+ a null line (consecutive new-line characters) is encountered.
+ If a macro named iinniitt is defined, it is automatically executed
+ as the last step in the auto-login process.
+
+EENNVVIIRROONNMMEENNTT
+ FFttpp utilizes the following environment variables.
+
+ HOME For default location of a _._n_e_t_r_c file, if one exists.
+
+ SHELL For default shell.
+
+SSEEEE AALLSSOO
+ ftpd(8), _R_F_C_2_2_2_8
+
+HHIISSTTOORRYY
+ The ffttpp command appeared in 4.2BSD.
+
+BBUUGGSS
+ Correct execution of many commands depends upon proper behavior by the
+ remote server.
+
+ An error in the treatment of carriage returns in the 4.2BSD ascii-mode
+ transfer code has been corrected. This correction may result in incor-
+ rect transfers of binary files to and from 4.2BSD servers using the ascii
+ type. Avoid this problem by using the binary image type.
+
+4.2 Berkeley Distribution April 27, 1996 10
diff --git a/kerberosV/src/appl/ftp/ftp/ftp.new.fixit b/kerberosV/src/appl/ftp/ftp/ftp.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/ftp/ftp/ftp.new.fixit
diff --git a/kerberosV/src/appl/ftp/ftpd/ftpd.cat8 b/kerberosV/src/appl/ftp/ftpd/ftpd.cat8
new file mode 100644
index 00000000000..d4af02e71cc
--- /dev/null
+++ b/kerberosV/src/appl/ftp/ftpd/ftpd.cat8
@@ -0,0 +1,296 @@
+
+FTPD(8) UNIX System Manager's Manual FTPD(8)
+
+NNAAMMEE
+ ffttppdd - Internet File Transfer Protocol server
+
+SSYYNNOOPPSSIISS
+ ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
+ _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
+
+DDEESSCCRRIIPPTTIIOONN
+ FFttppdd is the Internet File Transfer Protocol server process. The server
+ uses the TCP protocol and listens at the port specified in the ``ftp''
+ service specification; see services(5).
+
+ Available options:
+
+ --aa Select the level of authentication required. Kerberised login
+ can not be turned off. The default is to only allow kerberised
+ login. Other possibilities can be turned on by giving a string
+ of comma separated flags as argument to --aa. Recognised flags are:
+
+ _p_l_a_i_n Allow logging in with plaintext password. The password can
+ be a(n) OTP or an ordinary password.
+
+ _o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
+
+ _f_t_p Allow anonymous login.
+
+ The following combination modes exists for backwards compatibili-
+ ty:
+
+ _n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
+
+ _s_a_f_e Same as _f_t_p.
+
+ _u_s_e_r Ignored.
+
+ --dd Debugging information is written to the syslog using LOG_FTP.
+
+ --gg Anonymous users will get a umask of _u_m_a_s_k.
+
+ --ii Open a socket and wait for a connection. This is mainly used for
+ debugging when ftpd isn't started by inetd.
+
+ --ll Each successful and failed ftp(1) session is logged using syslog
+ with a facility of LOG_FTP. If this option is specified twice,
+ the retrieve (get), store (put), append, delete, make directory,
+ remove directory and rename operations and their filename argu-
+ ments are also logged.
+
+ --pp Use _p_o_r_t (a service name or number) instead of the default
+ _f_t_p_/_t_c_p.
+
+ --TT A client may also request a different timeout period; the maximum
+ period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
+ The default limit is 2 hours.
+
+ --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
+ fault is 15 minutes).
+
+ --uu Set the initial umask to something else than the default 027.
+
+
+
+ --vv Verbose mode.
+
+ --BB, ----bbuuiillttiinn--llss
+ use built-in ls to list files
+
+ ----ggoooodd--cchhaarrss==_s_t_r_i_n_g
+ allowed anonymous upload filename chars
+
+ The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
+ ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
+ ffttppdd prints it before issuing the ``ready'' message. If the file
+ _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
+
+ The ftp server currently supports the following ftp requests. The case
+ of the requests is ignored.
+
+ Request Description
+ ABOR abort previous command
+ ACCT specify account (ignored)
+ ALLO allocate storage (vacuously)
+ APPE append to a file
+ CDUP change to parent of current working directory
+ CWD change working directory
+ DELE delete a file
+ HELP give help information
+ LIST give list files in a directory (``ls -lgA'')
+ MKD make a directory
+ MDTM show last modification time of file
+ MODE specify data transfer _m_o_d_e
+ NLST give name list of files in directory
+ NOOP do nothing
+ PASS specify password
+ PASV prepare for server-to-server transfer
+ PORT specify data connection port
+ PWD print the current working directory
+ QUIT terminate session
+ REST restart incomplete transfer
+ RETR retrieve a file
+ RMD remove a directory
+ RNFR specify rename-from file name
+ RNTO specify rename-to file name
+ SITE non-standard commands (see next section)
+ SIZE return size of file
+ STAT return status of server
+ STOR store a file
+ STOU store a file with a unique name
+ STRU specify data transfer _s_t_r_u_c_t_u_r_e
+ SYST show operating system type of server system
+ TYPE specify data transfer _t_y_p_e
+ USER specify user name
+ XCUP change to parent of current working directory
+ (deprecated)
+ XCWD change working directory (deprecated)
+ XMKD make a directory (deprecated)
+ XPWD print the current working directory (deprecated)
+ XRMD remove a directory (deprecated)
+
+ The following commands are specified by RFC2228.
+
+ AUTH authentication/security mechanism
+ ADAT authentication/security data
+ PROT data channel protection level
+ PBSZ protection buffer size
+ MIC integrity protected command
+
+
+ CONF confidentiality protected command
+ ENC privacy protected command
+ CCC clear command channel
+
+ The following non-standard or UNIX specific commands are supported by the
+ SITE request.
+
+ UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
+ IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
+ CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
+ FIND quickly find a specific file with GNU locate(1).
+ HELP give help information.
+
+ The following Kerberos related site commands are understood.
+
+ KAUTH obtain remote tickets.
+ KLIST show remote tickets
+
+ The remaining ftp requests specified in Internet RFC 959 are recognized,
+ but not implemented. MDTM and SIZE are not specified in RFC 959, but
+ will appear in the next updated FTP RFC.
+
+ The ftp server will abort an active file transfer only when the ABOR com-
+ mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
+ "Synch" signal in the command Telnet stream, as described in Internet RFC
+ 959. If a STAT command is received during a data transfer, preceded by a
+ Telnet IP and Synch, transfer status will be returned.
+
+ FFttppdd interprets file names according to the ``globbing'' conventions used
+ by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
+
+ FFttppdd authenticates users according to these rules.
+
+ 1. If Kerberos authentication is used, the user must pass valid
+ tickets and the principal must be allowed to login as the re-
+ mote user.
+
+ 2. The login name must be in the password data base, and not have
+ a null password (if kerberos is used the password field is not
+ checked). In this case a password must be provided by the
+ client before any file operations may be performed. If the
+ user has an OTP key, the response from a successful USER com-
+ mand will include an OTP challenge. The client may choose to
+ respond with a PASS command giving either a standard password
+ or an OTP one-time password. The server will automatically de-
+ termine which type of password it has been given and attempt
+ to authenticate accordingly. See otp(1) for more information
+ on OTP authentication.
+
+ 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
+
+ 4. The user must have a standard shell returned by
+ getusershell(3).
+
+ 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
+ sion's root will be changed to the user's login directory by
+ chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
+ item). However, the user must still supply a password. This
+ feature is intended as a compromise between a fully anonymous
+ account and a fully privileged account. The account should
+ also be set up as for an anonymous account.
+
+ 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
+ account must be present in the password file (user ``ftp'').
+ In this case the user is allowed to log in by specifying any
+ password (by convention an email address for the user should
+ be used as the password).
+
+ In the last case, ffttppdd takes special measures to restrict the client's
+ access privileges. The server performs a chroot(2) to the home directory
+ of the ``ftp'' user. In order that system security is not breached, it
+ is recommended that the ``ftp'' subtree be constructed with care, consid-
+ er following these guidelines for anonymous ftp.
+
+ In general all files should be owned by ``root'', and have non-write per-
+ missions (644 or 755 depending on the kind of file). No files should be
+ owned or writable by ``ftp'' (possibly with exception for the
+ _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
+
+ _~_f_t_p The ``ftp'' homedirectory should be owned by root.
+
+ _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
+ These programs must either be statically linked, or you
+ must setup an environment for dynamic linking when run-
+ ning chrooted. These programs will be used if present:
+
+ ls Used when listing files.
+
+ compress
+ When retrieving a filename that ends in _._Z,
+ and that file isn't present, ffttppdd will try
+ to find the filename without _._Z and com-
+ press it on the fly.
+
+ gzip Same as compress, just with files ending in
+ _._g_z.
+
+ gtar Enables retrieval of whole directories as
+ files ending in _._t_a_r. Can also be combined
+ with compression. You must use GNU Tar (or
+ some other that supports the --zz and --ZZ
+ flags).
+
+ locate Will enable ``fast find'' with the SSIITTEE
+ FFIINNDD command. You must also create a
+ _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
+
+ _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
+ here, ls will be able to produce owner names rather than
+ numbers. Remember to remove any passwords from these
+ files.
+
+ The file _m_o_t_d, if present, will be printed after a suc-
+ cessful login.
+
+ _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
+
+ _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
+ lic.
+
+ If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
+ rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
+ ``ftp'' is member of group ``ftp''). The following restrictions apply to
+ anonymous users:
+
+ ++oo Directories created will have mode 700.
+
+ ++oo Uploaded files will be created with an umask of 777, if not changed
+ with the --gg option.
+
+ ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
+
+ and SSIITTEE CCHHMMOODD.
+
+ ++oo Filenames must start with an alpha-numeric character, and consist of
+ alpha-numeric characters or any of the following: + (plus), - (mi-
+ nus), = (equal), _ (underscore), . (period), and , (comma).
+
+FFIILLEESS
+ /etc/ftpusers Access list for users.
+ /etc/ftpchroot List of normal users who should be chroot'd.
+ /etc/ftpwelcome Welcome notice.
+ /etc/motd Welcome notice after login.
+ /etc/nologin Displayed and access refused.
+ ~/.klogin Login access for Kerberos.
+
+SSEEEE AALLSSOO
+ ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8),
+
+SSTTAANNDDAARRDDSS
+ RRFFCC 995599 FTP PROTOCOL SPECIFICATION
+ RRFFCC 11993388 OTP Specification
+ RRFFCC 22222288 FTP Security Extensions.
+
+BBUUGGSS
+ The server must run as the super-user to create sockets with privileged
+ port numbers. It maintains an effective user id of the logged in user,
+ reverting to the super-user only when binding addresses to sockets. The
+ possible security holes have been extensively scrutinized, but are possi-
+ bly incomplete.
+
+HHIISSTTOORRYY
+ The ffttppdd command appeared in 4.2BSD.
+
+4.2 Berkeley Distribution April 19, 1997 5
diff --git a/kerberosV/src/appl/ftp/ftpd/ftpd.new.fixit b/kerberosV/src/appl/ftp/ftpd/ftpd.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/ftp/ftpd/ftpd.new.fixit
diff --git a/kerberosV/src/appl/ftp/ftpd/ftpusers.cat5 b/kerberosV/src/appl/ftp/ftpd/ftpusers.cat5
new file mode 100644
index 00000000000..d2ee3d3c3af
--- /dev/null
+++ b/kerberosV/src/appl/ftp/ftpd/ftpusers.cat5
@@ -0,0 +1,27 @@
+
+FTPUSERS(5) UNIX Programmer's Manual FTPUSERS(5)
+
+NNAAMMEE
+ _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
+
+DDEESSCCRRIIPPTTIIOONN
+ _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
+ FTP access. Each line contains a user, optionally followed by ``allow''
+ (anything but ``allow'' is ignored). The semi-user ``*'' matches any us-
+ er. Users that has an explicit ``allow'', or that does not match any
+ line, are allowed access. Anyone else is denied access.
+
+ Note that this is compatible with the old format, where this file con-
+ tained a list of users that should be denied access.
+
+EEXXAAMMPPLLEESS
+ This will deny anyone but ``foo'' and ``bar'' to use FTP:
+
+ foo allow
+ bar allow
+ *
+
+SSEEEE AALLSSOO
+ ftpd(8)
+
+ KTH-KRB May 7, 1997 1
diff --git a/kerberosV/src/appl/kf/kf.cat1 b/kerberosV/src/appl/kf/kf.cat1
new file mode 100644
index 00000000000..b87ed85af22
--- /dev/null
+++ b/kerberosV/src/appl/kf/kf.cat1
@@ -0,0 +1,46 @@
+
+KF(1) UNIX Reference Manual KF(1)
+
+NNAAMMEE
+ kkff - securly forward tickets
+
+SSYYNNOOPPSSIISS
+ kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e |
+ ----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh |
+ ----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._.
+
+DDEESSCCRRIIPPTTIIOONN
+ The kkff program forwards tickets to a remove host through an authenticated
+ and encrypted stream. Options supported are:
+
+ --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
+ port to connect to
+
+ --ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n
+ remote login name
+
+ --cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e
+ remote cred cache
+
+ --FF, ----ffoorrwwaarrddaabbllee
+ forward forwardable credentials
+
+ --GG, ----nnoo--ffoorrwwaarrddaabbllee
+ do not forward forwardable credentials
+
+ --hh, ----hheellpp
+
+ ----vveerrssiioonn
+
+ kkff is useful when you do not want to enter your password on a remote host
+ but want to have your tickets one for example afs.
+
+ In order for kkff to work you will need to acquire your initial ticket with
+ forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee.
+
+ tteellnneett is able to forward ticket by itself.
+
+SSEEEE AALLSSOO
+ kinit(1), telnet(1), kfd(8)
+
+ Heimdal July 2, 2000 1
diff --git a/kerberosV/src/appl/kf/kf.new.fixit b/kerberosV/src/appl/kf/kf.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/kf/kf.new.fixit
diff --git a/kerberosV/src/appl/kf/kfd.cat8 b/kerberosV/src/appl/kf/kfd.cat8
new file mode 100644
index 00000000000..396ffdc8fc6
--- /dev/null
+++ b/kerberosV/src/appl/kf/kfd.cat8
@@ -0,0 +1,31 @@
+
+KFD(8) UNIX System Manager's Manual KFD(8)
+
+NNAAMMEE
+ kkffdd - receive forwarded tickets
+
+SSYYNNOOPPSSIISS
+ kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g]
+ [--hh | ----hheellpp] [----vveerrssiioonn]
+
+DDEESSCCRRIIPPTTIIOONN
+ This is the daemon for kf(1). Supported options:
+
+ --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
+ port to listen to
+
+ --ii, ----iinneettdd
+ not started from inetd
+
+ --RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g
+ path to regpag binary
+
+EEXXAAMMPPLLEESS
+ Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
+
+ kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd
+
+SSEEEE AALLSSOO
+ kf(1)
+
+ Heimdal July 2, 2000 1
diff --git a/kerberosV/src/appl/kx/kx.cat1 b/kerberosV/src/appl/kx/kx.cat1
new file mode 100644
index 00000000000..ce22926ec6a
--- /dev/null
+++ b/kerberosV/src/appl/kx/kx.cat1
@@ -0,0 +1,39 @@
+
+KX(1) UNIX Reference Manual KX(1)
+
+NNAAMMEE
+ kkxx - securely forward X conections
+
+SSYYNNOOPPSSIISS
+ _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
+
+DDEESSCCRRIIPPTTIIOONN
+ The kkxx program forwards a X connection from a remote client to a local
+ screen through an authenticated and encrypted stream. Options supported
+ by kkxx:
+
+ --ll Log in on remote the host as user _u_s_e_r_n_a_m_e.
+
+ --kk Do not enable keep-alives on the TCP connections.
+
+ --dd Do not fork. This is mainly useful for debugging.
+
+ --tt Listen not only on a UNIX-domain socket but on a TCP socket as
+ well.
+
+ --pp Use the port _p_o_r_t.
+
+ --PP Force passive mode.
+
+ This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
+ run it directly.
+
+ It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
+ from the remote X clients to the local server. When started, it prints
+ the display and Xauthority-file to be used on host _h_o_s_t and then goes to
+ the background, waiting for connections from the remote kkxxdd..
+
+SSEEEE AALLSSOO
+ rxtelnet(1), rxterm(1), kxd(8)
+
+ KTH-KRB September 27, 1996 1
diff --git a/kerberosV/src/appl/kx/kx.new.fixit b/kerberosV/src/appl/kx/kx.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/kx/kx.new.fixit
diff --git a/kerberosV/src/appl/kx/kxd.cat8 b/kerberosV/src/appl/kx/kxd.cat8
new file mode 100644
index 00000000000..e033cee412e
--- /dev/null
+++ b/kerberosV/src/appl/kx/kxd.cat8
@@ -0,0 +1,37 @@
+
+KXD(8) UNIX System Manager's Manual KXD(8)
+
+NNAAMMEE
+ kkxxdd - securely forward X conections
+
+SSYYNNOOPPSSIISS
+ _k_x_d [--tt] [--ii] [--pp _p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ This is the daemon for kkxx.
+
+ Options supported by kkxxdd:
+
+ --tt TCP. Normally kkxxdd will only listen for X connections on a UNIX
+ socket, but some machines (for example, Cray) have X libraries
+ that are not able to use UNIX sockets and thus you need to use
+ TCP to talk to the pseudo-xserver created by kkxxdd.. This option de-
+ creases the security significantly and should only be used when
+ it is necessary and you have considered the consequences of doing
+ so.
+
+ --ii Interactive. Do not expect to be started by iinneettdd,, but allocate
+ and listen to the socket yourself. Handy for testing and debug-
+ ging.
+
+ --pp Port. Listen on the port _p_o_r_t. Only usable with --ii.
+
+EEXXAAMMPPLLEESS
+ Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
+
+ kx stream tcp nowait root /usr/athena/libexec/kxd kxd
+
+SSEEEE AALLSSOO
+ kx(1), rxtelnet(1), rxterm(1)
+
+ KTH-KRB September 27, 1996 1
diff --git a/kerberosV/src/appl/kx/rxtelnet.cat1 b/kerberosV/src/appl/kx/rxtelnet.cat1
new file mode 100644
index 00000000000..ad3f4209cb7
--- /dev/null
+++ b/kerberosV/src/appl/kx/rxtelnet.cat1
@@ -0,0 +1,43 @@
+
+RXTELNET(1) UNIX Reference Manual RXTELNET(1)
+
+NNAAMMEE
+ rrxxtteellnneett - start a telnet and forward X-connections.
+
+SSYYNNOOPPSSIISS
+ rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+ _t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
+ From this window you will also be able to run X clients that will be able
+ to connect securily to your X server. If _p_o_r_t is given, that port will be
+ used instead of the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disables keep-alives
+
+ --tt Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
+
+ --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+ --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+ --nn Do not start any terminal emulator.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+ the following.
+
+ 1. On foo: rrxxtteellnneett _b_a_r
+
+ 2. You will get a new window with a tteellnneett to _b_a_r. In this window you
+ will be able to start X clients.
+
+SSEEEE AALLSSOO
+ rxterm(1), tenletxr(1), kx(1), kxd(8), telnet(1)
+
+ KTH_KRB September 27, 1996 1
diff --git a/kerberosV/src/appl/kx/rxterm.cat1 b/kerberosV/src/appl/kx/rxterm.cat1
new file mode 100644
index 00000000000..56eec66236b
--- /dev/null
+++ b/kerberosV/src/appl/kx/rxterm.cat1
@@ -0,0 +1,41 @@
+
+RXTERM(1) UNIX Reference Manual RXTERM(1)
+
+NNAAMMEE
+ rrxxtteerrmm - start a secure remote xterm
+
+SSYYNNOOPPSSIISS
+ rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
+ _t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window
+ you will also be able to run X clients that will be able to connect se-
+ curily to your X server. If _p_o_r_t is given, that port will be used instead
+ of the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disable keep-alives
+
+ --rr Send _r_s_h___a_r_g_s as arguments to rrsshh
+
+ --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
+
+ --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o (where your display is) to host _b_a_r, you might do
+ the following.
+
+ 1. On foo: rrxxtteerrmm _b_a_r
+
+ 2. You will get a new window running an xxtteerrmm on host _b_a_r. In this win-
+ dow you will be able to start X clients.
+
+SSEEEE AALLSSOO
+ rxtelnet(1), tenletxr(1), kx(1), kxd(8), rsh(1)
+
+ KTH_KRB September 27, 1996 1
diff --git a/kerberosV/src/appl/kx/tenletxr.cat1 b/kerberosV/src/appl/kx/tenletxr.cat1
new file mode 100644
index 00000000000..c1714e7a092
--- /dev/null
+++ b/kerberosV/src/appl/kx/tenletxr.cat1
@@ -0,0 +1,37 @@
+
+TENLETXR(1) UNIX Reference Manual TENLETXR(1)
+
+NNAAMMEE
+ tteennlleettxxrr - forward X-connections backwards.
+
+SSYYNNOOPPSSIISS
+ tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The tteennlleettxxrr program enables forwarding of X-connections from this ma-
+ chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of
+ the default.
+
+ The supported options are:
+
+ --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
+
+ --kk Disables keep-alives.
+
+EEXXAAMMPPLLEE
+ To login from host _f_o_o to host _b_a_r (where your display is), you might do
+ the following.
+
+ 1. On foo: tteennlleettxxrr _b_a_r
+
+ 2. You will get a new shell where you will be able to start X clients
+ that will show their windows on _b_a_r.
+
+BBUUGGSS
+ It currently checks if you have permission to run it by checking if you
+ own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
+
+SSEEEE AALLSSOO
+ rxtelnet(1), rxterm(1), kx(1), kxd(8), telnet(1)
+
+ KTH_KRB March 31, 1997 1
diff --git a/kerberosV/src/appl/login/login.new.fixit b/kerberosV/src/appl/login/login.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/login/login.new.fixit
diff --git a/kerberosV/src/appl/otp/otp.cat1 b/kerberosV/src/appl/otp/otp.cat1
new file mode 100644
index 00000000000..588bcc2f6c8
--- /dev/null
+++ b/kerberosV/src/appl/otp/otp.cat1
@@ -0,0 +1,43 @@
+
+OTP(1) UNIX Reference Manual OTP(1)
+
+NNAAMMEE
+ oottpp - manages one-time passwords
+
+SSYYNNOOPPSSIISS
+ oottpp [--ddhhlloorr] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
+
+DDEESSCCRRIIPPTTIIOONN
+ The oottpp program initializes and updates your current series of one-time
+ passwords (OTPs).
+
+ Use this to set a new series of one-time passwords. Only perform this on
+ the console or over an encrypted link as you will have to supply your
+ pass-phrase. The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
+
+ Options are:
+
+ --dd To delete a one-time password.
+
+ --ff Choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any of:
+ md4, md5, and sha.
+
+ --hh For getting a help message.
+
+ --ll List the current table of one-time passwords.
+
+ --oo To open (unlock) the otp-entry for a user.
+
+ --rr To renew a one-time password series. This operation can be per-
+ formed over an potentially eavesdropped link because you do not
+ supply the pass-phrase. First you need to supply the current
+ one-time password and then the new one corresponding to the sup-
+ plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
+
+ --uu To choose a different _u_s_e_r to set one-time passwords for. This
+ only works when running oottpp as root.
+
+SSEEEE AALLSSOO
+ otpprint(1)
+
+ KTH-KRB November 17, 1996 1
diff --git a/kerberosV/src/appl/otp/otp.new.fixit b/kerberosV/src/appl/otp/otp.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/otp/otp.new.fixit
diff --git a/kerberosV/src/appl/otp/otpprint.cat1 b/kerberosV/src/appl/otp/otpprint.cat1
new file mode 100644
index 00000000000..1c4d2444faf
--- /dev/null
+++ b/kerberosV/src/appl/otp/otpprint.cat1
@@ -0,0 +1,36 @@
+
+OTP(1) UNIX Reference Manual OTP(1)
+
+NNAAMMEE
+ oottpppprriinntt - print lists of one-time passwords
+
+SSYYNNOOPPSSIISS
+ oottpp [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
+
+DDEESSCCRRIIPPTTIIOONN
+ The oottpppprriinntt program prints lists of OTPs.
+
+ Use this to print out a series of one-time passwords. You will have to
+ supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program
+ will prompt you for your pass-phrase.
+
+ There are several different print formats. The default is to print each
+ password with six short english words.
+
+ Options are:
+
+ --ee Print the passwords in ``extended'' format. In this format a
+ prefix that says ``hex:'' or ``word:'' is included.
+
+ --ff To choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any
+ of: md4, md5, and sha.
+
+ --hh Print the passwords in hex.
+
+ --nn Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and
+ going backwards. The default is 10.
+
+SSEEEE AALLSSOO
+ otp(1)
+
+ KTH-KRB November 17, 1996 1
diff --git a/kerberosV/src/appl/popper/popper.new.fixit b/kerberosV/src/appl/popper/popper.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/popper/popper.new.fixit
diff --git a/kerberosV/src/appl/push/pfrom.cat1 b/kerberosV/src/appl/push/pfrom.cat1
new file mode 100644
index 00000000000..8abf68aff9c
--- /dev/null
+++ b/kerberosV/src/appl/push/pfrom.cat1
@@ -0,0 +1,17 @@
+
+PFROM(1) UNIX Reference Manual PFROM(1)
+
+NNAAMMEE
+ ppffrroomm - fetch a list of the current mail via POP
+
+SSYYNNOOPPSSIISS
+ ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt]
+ [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c]
+
+DDEESSCCRRIIPPTTIIOONN
+ ppffrroomm is a script that does push --from.
+
+SSEEEE AALLSSOO
+ push(8)
+
+ HEIMDAL Mars 4, 2000 1
diff --git a/kerberosV/src/appl/push/push.cat8 b/kerberosV/src/appl/push/push.cat8
new file mode 100644
index 00000000000..dff390efe7a
--- /dev/null
+++ b/kerberosV/src/appl/push/push.cat8
@@ -0,0 +1,77 @@
+
+PUSH(8) UNIX System Manager's Manual PUSH(8)
+
+NNAAMMEE
+ ppuusshh - fetch mail via POP
+
+SSYYNNOOPPSSIISS
+ ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
+ ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c |
+ ----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
+
+DDEESSCCRRIIPPTTIIOONN
+ ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
+ in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following for-
+ mats:
+ `hostname:username'
+ `po:hostname:username'
+ `username@hostname'
+ `po:username@hostname'
+ `hostname'
+ `po:username'
+
+ If no username is specified, ppuusshh assumes that it's the same as on the
+ local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
+ variable.
+
+ Supported options:
+
+ --44, ----kkrrbb44
+ use Kerberos 4 (if compiled with support for Kerberos 4)
+
+ --55, ----kkrrbb55
+ use Kerberos 5 (if compiled with support for Kerberos 5)
+
+ --ff, ----ffoorrkk
+ fork before starting to delete messages
+
+ --ll, ----lleeaavvee
+ don't delete fetched mail
+
+ ----ffrroomm behave like from.
+
+ --cc, ----ccoouunntt
+ first print how many messages and bytes there are.
+
+ ----hheeaaddeerrss=_h_e_a_d_e_r_s
+ a list of comma-separated headers that should get printed.
+
+ --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c
+ use this port instead of the default `kpop' or `1109'.
+
+ The default is to first try Kerberos 5 authentication and then, if that
+ fails, Kerberos 4.
+
+EENNVVIIRROONNMMEENNTT
+ MAILHOST
+ points to the post office, if no other hostname is specified.
+
+EEXXAAMMPPLLEESS
+ $ push cornfield:roosta ~/.emacs-mail-crash-box
+
+ tries to fetch mail for the user _r_o_o_s_t_a from the post office at
+ ``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are
+ using Gnus, aren't you?)
+
+ $ push --from -5 havregryn
+
+ tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
+ using Kerberos 5.
+
+SSEEEE AALLSSOO
+ movemail(8), popper(8), from(1), pfrom(1)
+
+HHIISSTTOORRYY
+ ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
+
+ HEIMDAL May 31, 1998 2
diff --git a/kerberosV/src/appl/push/push.new.fixit b/kerberosV/src/appl/push/push.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/push/push.new.fixit
diff --git a/kerberosV/src/appl/rcp/rcp.new.fixit b/kerberosV/src/appl/rcp/rcp.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/rcp/rcp.new.fixit
diff --git a/kerberosV/src/appl/rsh/rsh.new.fixit b/kerberosV/src/appl/rsh/rsh.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/rsh/rsh.new.fixit
diff --git a/kerberosV/src/appl/su/su.new.fixit b/kerberosV/src/appl/su/su.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/su/su.new.fixit
diff --git a/kerberosV/src/appl/telnet/arpa/arpa.new.fixit b/kerberosV/src/appl/telnet/arpa/arpa.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/telnet/arpa/arpa.new.fixit
diff --git a/kerberosV/src/appl/telnet/libtelnet/libtelnet.new.fixit b/kerberosV/src/appl/telnet/libtelnet/libtelnet.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/telnet/libtelnet/libtelnet.new.fixit
diff --git a/kerberosV/src/appl/telnet/telnet/telnet.cat1 b/kerberosV/src/appl/telnet/telnet/telnet.cat1
new file mode 100644
index 00000000000..708994e60a4
--- /dev/null
+++ b/kerberosV/src/appl/telnet/telnet/telnet.cat1
@@ -0,0 +1,718 @@
+
+TELNET(1) UNIX Reference Manual TELNET(1)
+
+NNAAMMEE
+ tteellnneett - user interface to the TELNET protocol
+
+SSYYNNOOPPSSIISS
+ tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m]
+ [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]]
+
+DDEESSCCRRIIPPTTIIOONN
+ The tteellnneett command is used to communicate with another host using the
+ TELNET protocol. If tteellnneett is invoked without the _h_o_s_t argument, it en-
+ ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it
+ accepts and executes the commands listed below. If it is invoked with
+ arguments, it performs an ooppeenn command with those arguments.
+
+ Options:
+
+ --88 Specifies an 8-bit data path. This causes an attempt to negoti-
+ ate the TELNET BINARY option on both input and output.
+
+ --77 Do not try to negotiate TELNET BINARY option.
+
+ --EE Stops any character from being recognized as an escape character.
+
+ --FF If Kerberos V5 authentication is being used, the --FF option allows
+ the local credentials to be forwarded to the remote system, in-
+ cluding any credentials that have already been forwarded into the
+ local environment.
+
+ --KK Specifies no automatic login to the remote system.
+
+ --LL Specifies an 8-bit data path on output. This causes the BINARY
+ option to be negotiated on output.
+
+ --SS _t_o_s Sets the IP type-of-service (TOS) option for the telnet connec-
+ tion to the value _t_o_s, which can be a numeric TOS value or, on
+ systems that support it, a symbolic TOS name found in the
+ /etc/iptos file.
+
+ --XX _a_t_y_p_e
+ Disables the _a_t_y_p_e type of authentication.
+
+ --aa Attempt automatic login. Currently, this sends the user name via
+ the USER variable of the ENVIRON option if supported by the re-
+ mote system. The name used is that of the current user as re-
+ turned by getlogin(2) if it agrees with the current user ID, oth-
+ erwise it is the name associated with the user ID.
+
+ --cc Disables the reading of the user's _._t_e_l_n_e_t_r_c file. (See the
+ ttooggggllee sskkiipprrcc command on this man page.)
+
+ --dd Sets the initial value of the ddeebbuugg toggle to TRUE
+
+ --ee _e_s_c_a_p_e _c_h_a_r
+ Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r.
+ If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
+ ter.
+
+ --ff If Kerberos V5 authentication is being used, the --ff option allows
+ the local credentials to be forwarded to the remote system.
+
+ --kk _r_e_a_l_m
+ If Kerberos authentication is being used, the --kk option requests
+ that telnet obtain tickets for the remote host in realm realm in-
+ stead of the remote host's realm, as determined by
+ krb_realmofhost(3).
+
+ --ll _u_s_e_r
+ When connecting to the remote system, if the remote system under-
+ stands the ENVIRON option, then _u_s_e_r will be sent to the remote
+ system as the value for the variable USER. This option implies
+ the --aa option. This option may also be used with the ooppeenn com-
+ mand.
+
+ --nn _t_r_a_c_e_f_i_l_e
+ Opens _t_r_a_c_e_f_i_l_e for recording trace information. See the sseett
+ ttrraacceeffiillee command below.
+
+ --rr Specifies a user interface similar to rlogin(1). In this mode,
+ the escape character is set to the tilde (~) character, unless
+ modified by the -e option.
+
+ --xx Turns on encryption of the data stream if possible. This is cur-
+ rently the default and when it fails a warning is issued.
+
+ _h_o_s_t Indicates the official name, an alias, or the Internet address of
+ a remote host.
+
+ _p_o_r_t Indicates a port number (address of an application). If a number
+ is not specified, the default tteellnneett port is used.
+
+ When in rlogin mode, a line of the form ~. disconnects from the remote
+ host; ~ is the telnet escape character. Similarly, the line ~^Z suspends
+ the telnet session. The line ~^] escapes to the normal telnet escape
+ prompt.
+
+ Once a connection has been opened, tteellnneett will attempt to enable the
+ TELNET LINEMODE option. If this fails, then tteellnneett will revert to one of
+ two input modes: either ``character at a time'' or ``old line by line''
+ depending on what the remote system supports.
+
+ When LINEMODE is enabled, character processing is done on the local sys-
+ tem, under the control of the remote system. When input editing or char-
+ acter echoing is to be disabled, the remote system will relay that infor-
+ mation. The remote system will also relay changes to any special charac-
+ ters that happen on the remote system, so that they can take effect on
+ the local system.
+
+ In ``character at a time'' mode, most text typed is immediately sent to
+ the remote host for processing.
+
+ In ``old line by line'' mode, all text is echoed locally, and (normally)
+ only completed lines are sent to the remote host. The ``local echo char-
+ acter'' (initially ``^E'') may be used to turn off and on the local echo
+ (this would mostly be used to enter passwords without the password being
+ echoed).
+
+ If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
+ (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
+ and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
+ quences to the remote side. If LINEMODE has ever been enabled, then the
+ user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
+ is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
+ aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
+ subsequent output to the terminal (until the remote host acknowledges the
+ TELNET sequence) and flush previous terminal input (in the case of qquuiitt
+ and iinnttrr).
+
+
+ While connected to a remote host, tteellnneett command mode may be entered by
+ typing the tteellnneett ``escape character'' (initially ``^]''). When in com-
+ mand mode, the normal terminal editing conventions are available.
+
+ The following tteellnneett commands are available. Only enough of each command
+ to uniquely identify it need be typed (this is also true for arguments to
+ the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
+
+ aauutthh _a_r_g_u_m_e_n_t _._._.
+ The auth command manipulates the information sent through the
+ TELNET AUTHENTICATE option. Valid arguments for the auth com-
+ mand are as follows:
+
+ ddiissaabbllee _t_y_p_e Disables the specified type of authentication.
+ To obtain a list of available types, use the
+ aauutthh ddiissaabbllee ?? command.
+
+ eennaabbllee _t_y_p_e Enables the specified type of authentication.
+ To obtain a list of available types, use the
+ aauutthh eennaabbllee ?? command.
+
+ ssttaattuuss Lists the current status of the various types of
+ authentication.
+
+ cclloossee Close a TELNET session and return to command mode.
+
+ ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
+ Displays all, or some, of the sseett and ttooggggllee values (see be-
+ low).
+
+ eennccrryypptt _a_r_g_u_m_e_n_t _._._.
+ The encrypt command manipulates the information sent through
+ the TELNET ENCRYPT option.
+
+ Note: Because of export controls, the TELNET ENCRYPT option
+ is not supported outside of the United States and Canada.
+
+ Valid arguments for the encrypt command are as follows:
+
+ ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
+ Disables the specified type of encryption. If
+ you omit the input and output, both input and
+ output are disabled. To obtain a list of avail-
+ able types, use the eennccrryypptt ddiissaabbllee ?? command.
+
+ eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt]
+ Enables the specified type of encryption. If
+ you omit input and output, both input and output
+ are enabled. To obtain a list of available
+ types, use the eennccrryypptt eennaabbllee ?? command.
+
+ iinnppuutt This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
+ mand.
+
+ --iinnppuutt This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
+ mand.
+
+ oouuttppuutt This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
+ command.
+
+ --oouuttppuutt This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
+ mand.
+
+ ssttaarrtt [iinnppuutt | oouuttppuutt]
+ Attempts to start encryption. If you omit iinnppuutt
+ and oouuttppuutt, both input and output are enabled.
+ To obtain a list of available types, use the
+ eennccrryypptt eennaabbllee ?? command.
+
+ ssttaattuuss Lists the current status of encryption.
+
+ ssttoopp [iinnppuutt | oouuttppuutt]
+ Stops encryption. If you omit input and output,
+ encryption is on both input and output.
+
+ ttyyppee _t_y_p_e Sets the default type of encryption to be used
+ with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
+ mands.
+
+ eennvviirroonn _a_r_g_u_m_e_n_t_s _._._.
+ The eennvviirroonn command is used to manipulate the the variables
+ that my be sent through the TELNET ENVIRON option. The ini-
+ tial set of variables is taken from the users environment,
+ with only the DISPLAY and PRINTER variables being exported by
+ default. The USER variable is also exported if the --aa or --ll
+ options are used.
+
+ Valid arguments for the eennvviirroonn command are:
+
+ ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
+ Define the variable _v_a_r_i_a_b_l_e to have a value of
+ _v_a_l_u_e. Any variables defined by this command are
+ automatically exported. The _v_a_l_u_e may be enclosed
+ in single or double quotes so that tabs and spaces
+ may be included.
+
+ uunnddeeffiinnee _v_a_r_i_a_b_l_e
+ Remove _v_a_r_i_a_b_l_e from the list of environment vari-
+ ables.
+
+ eexxppoorrtt _v_a_r_i_a_b_l_e
+ Mark the variable _v_a_r_i_a_b_l_e to be exported to the
+ remote side.
+
+ uunneexxppoorrtt _v_a_r_i_a_b_l_e
+ Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
+ less explicitly asked for by the remote side.
+
+ lliisstt List the current set of environment variables.
+ Those marked with a ** will be sent automatically,
+ other variables will only be sent if explicitly
+ requested.
+
+ ?? Prints out help information for the eennvviirroonn com-
+ mand.
+
+ llooggoouutt Sends the TELNET LOGOUT option to the remote side. This com-
+ mand is similar to a cclloossee command; however, if the remote
+ side does not support the LOGOUT option, nothing happens. If,
+ however, the remote side does support the LOGOUT option, this
+ command should cause the remote side to close the TELNET con-
+ nection. If the remote side also supports the concept of sus-
+ pending a user's session for later reattachment, the logout
+ argument indicates that you should terminate the session imme-
+ diately.
+
+ mmooddee _t_y_p_e _T_y_p_e is one of several options, depending on the state of the
+ TELNET session. The remote host is asked for permission to go
+ into the requested mode. If the remote host is capable of en-
+ tering that mode, the requested mode will be entered.
+
+ cchhaarraacctteerr Disable the TELNET LINEMODE option, or, if the
+ remote side does not understand the LINEMODE op-
+ tion, then enter ``character at a time`` mode.
+
+ lliinnee Enable the TELNET LINEMODE option, or, if the
+ remote side does not understand the LINEMODE op-
+ tion, then attempt to enter ``old-line-by-line``
+ mode.
+
+ iissiigg (--iissiigg) Attempt to enable (disable) the TRAPSIG mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ eeddiitt (--eeddiitt) Attempt to enable (disable) the EDIT mode of the
+ LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ ssooffttttaabbss (--ssooffttttaabbss)
+ Attempt to enable (disable) the SOFT_TAB mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ lliitteecchhoo (--lliitteecchhoo)
+ Attempt to enable (disable) the LIT_ECHO mode of
+ the LINEMODE option. This requires that the
+ LINEMODE option be enabled.
+
+ ?? Prints out help information for the mmooddee com-
+ mand.
+
+ ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t]
+ Open a connection to the named host. If no port number is
+ specified, tteellnneett will attempt to contact a TELNET server at
+ the default port. The host specification may be either a host
+ name (see hosts(5)) or an Internet address specified in the
+ ``dot notation'' (see inet(3)). The [--ll] option may be used
+ to specify the user name to be passed to the remote system via
+ the ENVIRON option. When connecting to a non-standard port,
+ tteellnneett omits any automatic initiation of TELNET options. When
+ the port number is preceded by a minus sign, the initial op-
+ tion negotiation is done. After establishing a connection,
+ the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
+ Lines beginning with a # are comment lines. Blank lines are
+ ignored. Lines that begin without white space are the start
+ of a machine entry. The first thing on the line is the name
+ of the machine that is being connected to. The rest of the
+ line, and successive lines that begin with white space are as-
+ sumed to be tteellnneett commands and are processed as if they had
+ been typed in manually to the tteellnneett command prompt.
+
+ qquuiitt Close any open TELNET session and exit tteellnneett. An end of file
+ (in command mode) will also close a session and exit.
+
+ sseenndd _a_r_g_u_m_e_n_t_s
+ Sends one or more special character sequences to the remote
+ host. The following are the arguments which may be specified
+ (more than one argument may be specified at a time):
+
+ aabboorrtt Sends the TELNET ABORT (Abort processes) sequence.
+
+ aaoo Sends the TELNET AO (Abort Output) sequence, which
+ should cause the remote system to flush all output
+ _f_r_o_m the remote system _t_o the user's terminal.
+
+ aayytt Sends the TELNET AYT (Are You There) sequence, to
+ which the remote system may or may not choose to re-
+
+ spond.
+
+ bbrrkk Sends the TELNET BRK (Break) sequence, which may have
+ significance to the remote system.
+
+ eecc Sends the TELNET EC (Erase Character) sequence, which
+ should cause the remote system to erase the last char-
+ acter entered.
+
+ eell Sends the TELNET EL (Erase Line) sequence, which
+ should cause the remote system to erase the line cur-
+ rently being entered.
+
+ eeooff Sends the TELNET EOF (End Of File) sequence.
+
+ eeoorr Sends the TELNET EOR (End of Record) sequence.
+
+ eessccaappee Sends the current tteellnneett escape character (initially
+ ``^'').
+
+ ggaa Sends the TELNET GA (Go Ahead) sequence, which likely
+ has no significance to the remote system.
+
+ ggeettssttaattuuss
+ If the remote side supports the TELNET STATUS command,
+ ggeettssttaattuuss will send the subnegotiation to request that
+ the server send its current option status.
+
+ iipp Sends the TELNET IP (Interrupt Process) sequence,
+ which should cause the remote system to abort the cur-
+ rently running process.
+
+ nnoopp Sends the TELNET NOP (No OPeration) sequence.
+
+ ssuusspp Sends the TELNET SUSP (SUSPend process) sequence.
+
+ ssyynncchh Sends the TELNET SYNCH sequence. This sequence causes
+ the remote system to discard all previously typed (but
+ not yet read) input. This sequence is sent as TCP ur-
+ gent data (and may not work if the remote system is a
+ 4.2BSD system -- if it doesn't work, a lower case
+ ``r'' may be echoed on the terminal).
+
+ ddoo _c_m_d
+
+ ddoonntt _c_m_d
+
+ wwiillll _c_m_d
+
+ wwoonntt _c_m_d
+ Sends the TELNET DO _c_m_d sequence. _C_m_d can be either a
+ decimal number between 0 and 255, or a symbolic name
+ for a specific TELNET command. _C_m_d can also be either
+ hheellpp or ?? to print out help information, including a
+ list of known symbolic names.
+
+ ?? Prints out help information for the sseenndd command.
+
+ sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
+
+ uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
+ The sseett command will set any one of a number of tteellnneett vari-
+ ables to a specific value or to TRUE. The special value ooffff
+ turns off the function associated with the variable, this is
+ equivalent to using the uunnsseett command. The uunnsseett command will
+ disable or set to FALSE any of the specified functions. The
+ values of variables may be interrogated with the ddiissppllaayy com-
+ mand. The variables which may be set or unset, but not tog-
+ gled, are listed here. In addition, any of the variables for
+ the ttooggggllee command may be explicitly set or unset using the
+ sseett and uunnsseett commands.
+
+ aayytt If TELNET is in localchars mode, or LINEMODE is en-
+ abled, and the status character is typed, a TELNET AYT
+ sequence (see sseenndd aayytt preceding) is sent to the re-
+ mote host. The initial value for the "Are You There"
+ character is the terminal's status character.
+
+ eecchhoo This is the value (initially ``^E'') which, when in
+ ``line by line'' mode, toggles between doing local
+ echoing of entered characters (for normal processing),
+ and suppressing echoing of entered characters (for en-
+ tering, say, a password).
+
+ eeooff If tteellnneett is operating in LINEMODE or ``old line by
+ line'' mode, entering this character as the first
+ character on a line will cause this character to be
+ sent to the remote system. The initial value of the
+ eof character is taken to be the terminal's eeooff char-
+ acter.
+
+ eerraassee If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+ below), aanndd if tteellnneett is operating in ``character at a
+ time'' mode, then when this character is typed, a
+ TELNET EC sequence (see sseenndd eecc above) is sent to the
+ remote system. The initial value for the erase char-
+ acter is taken to be the terminal's eerraassee character.
+
+ eessccaappee This is the tteellnneett escape character (initially ``^['')
+ which causes entry into tteellnneett command mode (when con-
+ nected to a remote system).
+
+ fflluusshhoouuttppuutt
+ If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+ below) and the fflluusshhoouuttppuutt character is typed, a
+ TELNET AO sequence (see sseenndd aaoo above) is sent to the
+ remote host. The initial value for the flush charac-
+ ter is taken to be the terminal's fflluusshh character.
+
+ ffoorrww11
+
+ ffoorrww22 If TELNET is operating in LINEMODE, these are the
+ characters that, when typed, cause partial lines to be
+ forwarded to the remote system. The initial value for
+ the forwarding characters are taken from the termi-
+ nal's eol and eol2 characters.
+
+ iinntteerrrruupptt
+ If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+ below) and the iinntteerrrruupptt character is typed, a TELNET
+ IP sequence (see sseenndd iipp above) is sent to the remote
+ host. The initial value for the interrupt character
+ is taken to be the terminal's iinnttrr character.
+
+ kkiillll If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+ below), aanndd if tteellnneett is operating in ``character at a
+ time'' mode, then when this character is typed, a
+ TELNET EL sequence (see sseenndd eell above) is sent to the
+ remote system. The initial value for the kill charac-
+ ter is taken to be the terminal's kkiillll character.
+
+ llnneexxtt If tteellnneett is operating in LINEMODE or ``old line by
+ line`` mode, then this character is taken to be the
+ terminal's llnneexxtt character. The initial value for the
+ lnext character is taken to be the terminal's llnneexxtt
+ character.
+
+ qquuiitt If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
+ below) and the qquuiitt character is typed, a TELNET BRK
+ sequence (see sseenndd bbrrkk above) is sent to the remote
+ host. The initial value for the quit character is
+ taken to be the terminal's qquuiitt character.
+
+ rreepprriinntt
+ If tteellnneett is operating in LINEMODE or ``old line by
+ line`` mode, then this character is taken to be the
+ terminal's rreepprriinntt character. The initial value for
+ the reprint character is taken to be the terminal's
+ rreepprriinntt character.
+
+ rrllooggiinn This is the rlogin escape character. If set, the nor-
+ mal TELNET escape character is ignored unless it is
+ preceded by this character at the beginning of a line.
+ This character, at the beginning of a line followed by
+ a "." closes the connection; when followed by a ^Z it
+ suspends the telnet command. The initial state is to
+ disable the rlogin escape character.
+
+ ssttaarrtt If the TELNET TOGGLE-FLOW-CONTROL option has been en-
+ abled, then this character is taken to be the termi-
+ nal's ssttaarrtt character. The initial value for the kill
+ character is taken to be the terminal's ssttaarrtt charac-
+ ter.
+
+ ssttoopp If the TELNET TOGGLE-FLOW-CONTROL option has been en-
+ abled, then this character is taken to be the termi-
+ nal's ssttoopp character. The initial value for the kill
+ character is taken to be the terminal's ssttoopp charac-
+ ter.
+
+ ssuusspp If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
+ abled, and the ssuussppeenndd character is typed, a TELNET
+ SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
+ mote host. The initial value for the suspend charac-
+ ter is taken to be the terminal's ssuussppeenndd character.
+
+ ttrraacceeffiillee
+ This is the file to which the output, caused by
+ nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
+ If it is set to ``--'', then tracing information will
+ be written to standard output (the default).
+
+ wwoorrddeerraassee
+ If tteellnneett is operating in LINEMODE or ``old line by
+ line`` mode, then this character is taken to be the
+ terminal's wwoorrddeerraassee character. The initial value for
+ the worderase character is taken to be the terminal's
+ wwoorrddeerraassee character.
+
+ ?? Displays the legal sseett (uunnsseett) commands.
+
+ ssllcc _s_t_a_t_e The ssllcc command (Set Local Characters) is used to set or
+ change the state of the the special characters when the TELNET
+ LINEMODE option has been enabled. Special characters are
+ characters that get mapped to TELNET commands sequences (like
+ iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
+
+
+ By default, the local special characters are exported.
+
+ cchheecckk Verify the current settings for the current spe-
+ cial characters. The remote side is requested to
+ send all the current special character settings,
+ and if there are any discrepancies with the local
+ side, the local side will switch to the remote
+ value.
+
+ eexxppoorrtt Switch to the local defaults for the special char-
+ acters. The local default characters are those of
+ the local terminal at the time when tteellnneett was
+ started.
+
+ iimmppoorrtt Switch to the remote defaults for the special
+ characters. The remote default characters are
+ those of the remote system at the time when the
+ TELNET connection was established.
+
+ ?? Prints out help information for the ssllcc command.
+
+ ssttaattuuss Show the current status of tteellnneett. This includes the peer one
+ is connected to, as well as the current mode.
+
+ ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
+ Toggle (between TRUE and FALSE) various flags that control how
+ tteellnneett responds to events. These flags may be set explicitly
+ to TRUE or FALSE using the sseett and uunnsseett commands listed
+ above. More than one argument may be specified. The state of
+ these flags may be interrogated with the ddiissppllaayy command.
+ Valid arguments are:
+
+ aauutthhddeebbuugg Turns on debugging information for the authenti-
+ cation code.
+
+ aauuttoofflluusshh If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
+ when the aaoo, or qquuiitt characters are recognized
+ (and transformed into TELNET sequences; see sseett
+ above for details), tteellnneett refuses to display
+ any data on the user's terminal until the remote
+ system acknowledges (via a TELNET TIMING MARK
+ option) that it has processed those TELNET se-
+ quences. The initial value for this toggle is
+ TRUE if the terminal user had not done an "stty
+ noflsh", otherwise FALSE (see stty(1)).
+
+ aauuttooddeeccrryypptt When the TELNET ENCRYPT option is negotiated, by
+ default the actual encryption (decryption) of
+ the data stream does not start automatically.
+ The autoencrypt (autodecrypt) command states
+ that encryption of the output (input) stream
+ should be enabled as soon as possible.
+
+ Note: Because of export controls, the TELNET
+ ENCRYPT option is not supported outside the
+ United States and Canada.
+
+ aauuttoollooggiinn If the remote side supports the TELNET
+ AUTHENTICATION option TELNET attempts to use it
+ to perform automatic authentication. If the
+ AUTHENTICATION option is not supported, the us-
+ er's login name are propagated through the
+ TELNET ENVIRON option. This command is the same
+ as specifying _a option on the ooppeenn command.
+
+ aauuttoossyynncchh If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
+ when either the iinnttrr or qquuiitt characters is typed
+ (see sseett above for descriptions of the iinnttrr and
+ qquuiitt characters), the resulting TELNET sequence
+ sent is followed by the TELNET SYNCH sequence.
+ This procedure sshhoouulldd cause the remote system to
+ begin throwing away all previously typed input
+ until both of the TELNET sequences have been
+ read and acted upon. The initial value of this
+ toggle is FALSE.
+
+ bbiinnaarryy Enable or disable the TELNET BINARY option on
+ both input and output.
+
+ iinnbbiinnaarryy Enable or disable the TELNET BINARY option on
+ input.
+
+ oouuttbbiinnaarryy Enable or disable the TELNET BINARY option on
+ output.
+
+ ccrrllff If this is TRUE, then carriage returns will be
+ sent as <CR><LF>. If this is FALSE, then car-
+ riage returns will be send as <CR><NUL>. The
+ initial value for this toggle is FALSE.
+
+ ccrrmmoodd Toggle carriage return mode. When this mode is
+ enabled, most carriage return characters re-
+ ceived from the remote host will be mapped into
+ a carriage return followed by a line feed. This
+ mode does not affect those characters typed by
+ the user, only those received from the remote
+ host. This mode is not very useful unless the
+ remote host only sends carriage return, but nev-
+ er line feed. The initial value for this toggle
+ is FALSE.
+
+ ddeebbuugg Toggles socket level debugging (useful only to
+ the ssuuppeerr uusseerr). The initial value for this tog-
+ gle is FALSE.
+
+ eennccddeebbuugg Turns on debugging information for the encryp-
+ tion code.
+
+ llooccaallcchhaarrss If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
+ qquuiitt, eerraassee, and kkiillll characters (see sseett above)
+ are recognized locally, and transformed into
+ (hopefully) appropriate TELNET control sequences
+ (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
+ above). The initial value for this toggle is
+ TRUE in ``old line by line'' mode, and FALSE in
+ ``character at a time'' mode. When the LINEMODE
+ option is enabled, the value of llooccaallcchhaarrss is
+ ignored, and assumed to always be TRUE. If
+ LINEMODE has ever been enabled, then qquuiitt is
+ sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as
+ eeooff and ssuusspp, see sseenndd above).
+
+ nneettddaattaa Toggles the display of all network data (in hex-
+ adecimal format). The initial value for this
+ toggle is FALSE.
+
+ ooppttiioonnss Toggles the display of some internal tteellnneett pro-
+ tocol processing (having to do with TELNET op-
+ tions). The initial value for this toggle is
+ FALSE.
+
+ pprreettttyydduummpp When the nneettddaattaa toggle is enabled, if
+ pprreettttyydduummpp is enabled the output from the
+ nneettddaattaa command will be formatted in a more user
+ readable format. Spaces are put between each
+ character in the output, and the beginning of
+ any TELNET escape sequence is preceded by a '*'
+ to aid in locating them.
+
+ sskkiipprrcc When the skiprc toggle is TRUE, TELNET skips the
+ reading of the _._t_e_l_n_e_t_r_c file in the users home
+ directory when connections are opened. The ini-
+ tial value for this toggle is FALSE.
+
+ tteerrmmddaattaa Toggles the display of all terminal data (in
+ hexadecimal format). The initial value for this
+ toggle is FALSE.
+
+ vveerrbboossee__eennccrryypptt
+ When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
+ prints out a message each time encryption is en-
+ abled or disabled. The initial value for this
+ toggle is FALSE. Note: Because of export con-
+ trols, data encryption is not supported outside
+ of the United States and Canada.
+
+ ?? Displays the legal ttooggggllee commands.
+
+ zz Suspend tteellnneett. This command only works when the user is using
+ the csh(1).
+
+ !! [_c_o_m_m_a_n_d]
+ Execute a single command in a subshell on the local system.
+ If ccoommmmaanndd is omitted, then an interactive subshell is in-
+ voked.
+
+ ?? [_c_o_m_m_a_n_d]
+ Get help. With no arguments, tteellnneett prints a help summary.
+ If a command is specified, tteellnneett will print the help informa-
+ tion for just that command.
+
+EENNVVIIRROONNMMEENNTT
+ TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
+ ables. Other environment variables may be propagated to the other side
+ via the TELNET ENVIRON option.
+
+FFIILLEESS
+ ~/.telnetrc user customized telnet startup values
+
+HHIISSTTOORRYY
+ The TTeellnneett command appeared in 4.2BSD.
+
+NNOOTTEESS
+ On some remote systems, echo has to be turned off manually when in ``old
+ line by line'' mode.
+
+ In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
+ only recognized (and sent to the remote system) when it is the first
+ character on a line.
+
+4.2 Berkeley Distribution June 1, 1994 11
diff --git a/kerberosV/src/appl/telnet/telnet/telnet.new.fixit b/kerberosV/src/appl/telnet/telnet/telnet.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/telnet/telnet/telnet.new.fixit
diff --git a/kerberosV/src/appl/telnet/telnetd/telnetd.cat8 b/kerberosV/src/appl/telnet/telnetd/telnetd.cat8
new file mode 100644
index 00000000000..988bf31b832
--- /dev/null
+++ b/kerberosV/src/appl/telnet/telnetd/telnetd.cat8
@@ -0,0 +1,297 @@
+
+TELNETD(8) UNIX System Manager's Manual TELNETD(8)
+
+NNAAMMEE
+ tteellnneettdd - DARPA TELNET protocol server
+
+SSYYNNOOPPSSIISS
+ tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e]
+ [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [_p_o_r_t]
+
+DDEESSCCRRIIPPTTIIOONN
+ The tteellnneettdd command is a server which supports the DARPA standard TELNET
+ virtual terminal protocol. TTeellnneettdd is normally invoked by the internet
+ server (see inetd(8)) for requests to connect to the TELNET port as in-
+ dicated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)). The --ddeebbuugg option
+ may be used to start up tteellnneettdd manually, instead of through inetd(8).
+ If started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alter-
+ nate TCP port number.
+
+ The tteellnneettdd command accepts the following options:
+
+ --aa _a_u_t_h_m_o_d_e This option may be used for specifying what mode should be
+ used for authentication. Note that this option is only use-
+ ful if tteellnneettdd has been compiled with support for the
+ AUTHENTICATION option. There are several valid values for
+ _a_u_t_h_m_o_d_e:
+
+ debug Turns on authentication debugging code.
+
+ user Only allow connections when the remote user can pro-
+ vide valid authentication information to identify the
+ remote user, and is allowed access to the specified
+ account without providing a password.
+
+ valid Only allow connections when the remote user can pro-
+ vide valid authentication information to identify the
+ remote user. The login(1) command will provide any
+ additional user verification needed if the remote us-
+ er is not allowed automatic access to the specified
+ account.
+
+ other Only allow connections that supply some authentica-
+ tion information. This option is currently not sup-
+ ported by any of the existing authentication mecha-
+ nisms, and is thus the same as specifying --aa vvaalliidd.
+
+ otp Only allow authenticated connections (as with --aa
+ uusseerr) and also logins with one-time passwords (OTPs).
+ This option will call login with an option so that
+ only OTPs are accepted. The user can of course still
+ type secret information at the prompt.
+
+ none This is the default state. Authentication informa-
+ tion is not required. If no or insufficient authen-
+ tication information is provided, then the login(1)
+ program will provide the necessary user verification.
+
+ off This disables the authentication code. All user ver-
+ ification will happen through the login(1) program.
+
+ --BB Ignored.
+
+ --DD _d_e_b_u_g_m_o_d_e
+ This option may be used for debugging purposes. This allows
+ tteellnneettdd to print out debugging information to the connec-
+ tion, allowing the user to see what tteellnneettdd is doing. There
+ are several possible values for _d_e_b_u_g_m_o_d_e:
+
+ ooppttiioonnss Prints information about the negotiation of TELNET
+ options.
+
+ rreeppoorrtt Prints the ooppttiioonnss information, plus some addi-
+ tional information about what processing is going
+ on.
+
+ nneettddaattaa Displays the data stream received by tteellnneettdd.
+
+ ppttyyddaattaa Displays data written to the pty.
+
+ eexxeerrcciissee Has not been implemented yet.
+
+ --hh Disables the printing of host-specific information before
+ login has been completed.
+
+ --kk
+
+ --ll Ignored.
+
+ --nn Disable TCP keep-alives. Normally tteellnneettdd enables the TCP
+ keep-alive mechanism to probe connections that have been
+ idle for some period of time to determine if the client is
+ still there, so that idle connections from machines that
+ have crashed or can no longer be reached may be cleaned up.
+
+ --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
+ This option is only enabled when tteellnneettdd is compiled for
+ UNICOS. It specifies an inclusive range of pseudo-terminal
+ devices to use. If the system has sysconf variable
+ _SC_CRAY_NPTY configured, the default pty search range is 0
+ to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
+ Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
+ either end of the search range. If _l_o_w_p_t_y is omitted, the -
+ character is still required so that tteellnneettdd can differenti-
+ ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
+
+ --SS _t_o_s
+
+ --uu _l_e_n This option is used to specify the size of the field in the
+ utmp structure that holds the remote host name. If the re-
+ solved host name is longer than _l_e_n, the dotted decimal val-
+ ue will be used instead. This allows hosts with very long
+ host names that overflow this field to still be uniquely
+ identified. Specifying --uu00 indicates that only dotted deci-
+ mal addresses should be put into the _u_t_m_p file.
+
+ --UU This option causes tteellnneettdd to refuse connections from ad-
+ dresses that cannot be mapped back into a symbolic name via
+ the gethostbyaddr(3) routine.
+
+ --XX _a_u_t_h_t_y_p_e This option is only valid if tteellnneettdd has been built with
+ support for the authentication option. It disables the use
+ of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
+ disable a specific authentication type without having to re-
+ compile tteellnneettdd.
+
+ --LL --ppaatthhnnaammee
+ Specify pathname to an alternative login program.
+
+ TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for
+ a client, then creating a login process which has the slave side of the
+ pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the mas-
+ ter side of the pseudo-terminal, implementing the TELNET protocol and
+ passing characters between the remote client and the login process.
+
+ When a TELNET session is started up, tteellnneettdd sends TELNET options to the
+ client side indicating a willingness to do the following TELNET options,
+ which are described in more detail below:
+
+ DO AUTHENTICATION
+ WILL ENCRYPT
+ DO TERMINAL TYPE
+ DO TSPEED
+ DO XDISPLOC
+ DO NEW-ENVIRON
+ DO ENVIRON
+ WILL SUPPRESS GO AHEAD
+ DO ECHO
+ DO LINEMODE
+ DO NAWS
+ WILL STATUS
+ DO LFLOW
+ DO TIMING-MARK
+
+ The pseudo-terminal allocated to the client is configured to operate in
+ ``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)).
+
+ TTeellnneettdd has support for enabling locally the following TELNET options:
+
+ WILL ECHO When the LINEMODE option is enabled, a WILL ECHO or
+ WONT ECHO will be sent to the client to indicate the
+ current state of terminal echoing. When terminal echo
+ is not desired, a WILL ECHO is sent to indicate that
+ telnetd will take care of echoing any data that needs
+ to be echoed to the terminal, and then nothing is
+ echoed. When terminal echo is desired, a WONT ECHO is
+ sent to indicate that telnetd will not be doing any
+ terminal echoing, so the client should do any terminal
+ echoing that is needed.
+
+ WILL BINARY Indicates that the client is willing to send a 8 bits
+ of data, rather than the normal 7 bits of the Network
+ Virtual Terminal.
+
+ WILL SGA Indicates that it will not be sending IAC GA, go
+ ahead, commands.
+
+ WILL STATUS Indicates a willingness to send the client, upon re-
+ quest, of the current status of all TELNET options.
+
+ WILL TIMING-MARK Whenever a DO TIMING-MARK command is received, it is
+ always responded to with a WILL TIMING-MARK
+
+ WILL LOGOUT When a DO LOGOUT is received, a WILL LOGOUT is sent in
+ response, and the TELNET session is shut down.
+
+ WILL ENCRYPT Only sent if tteellnneettdd is compiled with support for data
+ encryption, and indicates a willingness to decrypt the
+ data stream.
+
+ TTeellnneettdd has support for enabling remotely the following TELNET options:
+
+ DO BINARY Sent to indicate that telnetd is willing to receive an
+ 8 bit data stream.
+
+ DO LFLOW Requests that the client handle flow control charac-
+
+
+ ters remotely.
+
+ DO ECHO This is not really supported, but is sent to identify
+ a 4.2BSD telnet(1) client, which will improperly re-
+ spond with WILL ECHO. If a WILL ECHO is received, a
+ DONT ECHO will be sent in response.
+
+ DO TERMINAL-TYPE Indicates a desire to be able to request the name of
+ the type of terminal that is attached to the client
+ side of the connection.
+
+ DO SGA Indicates that it does not need to receive IAC GA, the
+ go ahead command.
+
+ DO NAWS Requests that the client inform the server when the
+ window (display) size changes.
+
+ DO TERMINAL-SPEED Indicates a desire to be able to request information
+ about the speed of the serial line to which the client
+ is attached.
+
+ DO XDISPLOC Indicates a desire to be able to request the name of
+ the X windows display that is associated with the tel-
+ net client.
+
+ DO NEW-ENVIRON Indicates a desire to be able to request environment
+ variable information, as described in RFC 1572.
+
+ DO ENVIRON Indicates a desire to be able to request environment
+ variable information, as described in RFC 1408.
+
+ DO LINEMODE Only sent if tteellnneettdd is compiled with support for
+ linemode, and requests that the client do line by line
+ processing.
+
+ DO TIMING-MARK Only sent if tteellnneettdd is compiled with support for both
+ linemode and kludge linemode, and the client responded
+ with WONT LINEMODE. If the client responds with WILL
+ TM, the it is assumed that the client supports kludge
+ linemode. Note that the [--kk] option can be used to
+ disable this.
+
+ DO AUTHENTICATION Only sent if tteellnneettdd is compiled with support for au-
+ thentication, and indicates a willingness to receive
+ authentication information for automatic login.
+
+ DO ENCRYPT Only sent if tteellnneettdd is compiled with support for data
+ encryption, and indicates a willingness to decrypt the
+ data stream.
+
+EENNVVIIRROONNMMEENNTT
+FFIILLEESS
+ /etc/services
+ /etc/inittab (UNICOS systems only)
+ /etc/iptos (if supported)
+
+SSEEEE AALLSSOO
+ telnet(1), login(1)
+
+SSTTAANNDDAARRDDSS
+ RRFFCC--885544 TELNET PROTOCOL SPECIFICATION
+ RRFFCC--885555 TELNET OPTION SPECIFICATIONS
+ RRFFCC--885566 TELNET BINARY TRANSMISSION
+ RRFFCC--885577 TELNET ECHO OPTION
+
+
+ RRFFCC--885588 TELNET SUPPRESS GO AHEAD OPTION
+ RRFFCC--885599 TELNET STATUS OPTION
+ RRFFCC--886600 TELNET TIMING MARK OPTION
+ RRFFCC--886611 TELNET EXTENDED OPTIONS - LIST OPTION
+ RRFFCC--888855 TELNET END OF RECORD OPTION
+ RRFFCC--11007733 Telnet Window Size Option
+ RRFFCC--11007799 Telnet Terminal Speed Option
+ RRFFCC--11009911 Telnet Terminal-Type Option
+ RRFFCC--11009966 Telnet X Display Location Option
+ RRFFCC--11112233 Requirements for Internet Hosts -- Application and Support
+ RRFFCC--11118844 Telnet Linemode Option
+ RRFFCC--11337722 Telnet Remote Flow Control Option
+ RRFFCC--11441166 Telnet Authentication Option
+ RRFFCC--11441111 Telnet Authentication: Kerberos Version 4
+ RRFFCC--11441122 Telnet Authentication: SPX
+ RRFFCC--11557711 Telnet Environment Option Interoperability Issues
+ RRFFCC--11557722 Telnet Environment Option
+
+BBUUGGSS
+ Some TELNET commands are only partially implemented.
+
+ Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some
+ dubious protocol exchanges to try to discover if the remote client is, in
+ fact, a 4.2 BSD telnet(1).
+
+ Binary mode has no common interpretation except between similar operating
+ systems (Unix in this case).
+
+ The terminal type name received from the remote client is converted to
+ lower case.
+
+ TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
+
+4.2 Berkeley Distribution June 1, 1994 5
diff --git a/kerberosV/src/appl/telnet/telnetd/telnetd.new.fixit b/kerberosV/src/appl/telnet/telnetd/telnetd.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/telnet/telnetd/telnetd.new.fixit
diff --git a/kerberosV/src/appl/test/test.new.fixit b/kerberosV/src/appl/test/test.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/test/test.new.fixit
diff --git a/kerberosV/src/appl/xnlock/xnlock.cat1 b/kerberosV/src/appl/xnlock/xnlock.cat1
new file mode 100644
index 00000000000..dde8eef6cf0
--- /dev/null
+++ b/kerberosV/src/appl/xnlock/xnlock.cat1
@@ -0,0 +1,132 @@
+
+
+
+XNLOCK(1L) XNLOCK(1L)
+
+
+
+NAME
+ xnlock - amusing lock screen program with message for passers-by
+
+SYNOPSIS
+ xxnnlloocckk [ _o_p_t_i_o_n_s ] [ _m_e_s_s_a_g_e ]
+
+DESCRIPTION
+ _x_n_l_o_c_k is a program that acts as a screen saver for workstations running
+ X11. It also "locks" the screen such that the workstation can be left
+ unattended without worry that someone else will walk up to it and mess
+ everything up. When _x_n_l_o_c_k is running, a little man with a big nose and a
+ hat runs around spewing out messages to the screen. By default, the mes-
+ sages are "humorous", but that depends on your sense of humor.
+
+ If a key or mouse button is pressed, a prompt is printed requesting the
+ user's password. If a RETURN is not typed within 30 seconds, the little
+ man resumes running around.
+
+ Text on the command line is used as the message. For example:
+ % xnlock I'm out to lunch for a couple of hours.
+ Note the need to quote shell metacharacters.
+
+ In the absence of flags or text, _x_n_l_o_c_k displays random fortunes.
+
+OPTIONS
+ Command line options override all resource specifications. All arguments
+ that are not associated with a command line option is taken to be message
+ text that the little man will "say" every once in a while. The resource
+ xxnnlloocckk..tteexxtt may be set to a string.
+
+ --ffnn _f_o_n_t_n_a_m_e
+ The default font is the first 18 point font in the _n_e_w _c_e_n_t_u_r_y _s_c_h_o_o_l_-
+ _b_o_o_k family. While larger fonts are recokmmended over smaller ones,
+ any font in the server's font list will work. The resource to use for
+ this option is xxnnlloocckk..ffoonntt.
+
+ --ffiilleennaammee _f_i_l_e_n_a_m_e
+ Take the message to be displayed from the file _f_i_l_e_n_a_m_e. If _f_i_l_e_n_a_m_e
+ is not specified, _$_H_O_M_E_/_._m_s_g_f_i_l_e is used. If the contents of the file
+ are changed during runtime, the most recent text of the file is used
+ (allowing the displayed message to be altered remotely). Carriage
+ returns within the text are allowed, but tabs or other control charac-
+ ters are not translated and should not be used. The resource avail-
+ able for this option is xxnnlloocckk..ffiillee.
+
+ --aarr Accept root's password to unlock screen. This option is true by
+ default. The reason for this is so that someone's screen may be
+ unlocked by autorized users in case of emergency and the person run-
+ ning the program is still out to lunch. The resource available for
+ specifying this option is xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd.
+
+ --nnooaarr
+ Don't accept root's password. This option is for paranoids who fear
+ their peers might breakin using root's password and remove their files
+ anyway. Specifying this option on the command line overrides the
+ xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd if set to True.
+
+ --iipp Ignore password prompt. The resource available for this option is
+ xxnnlloocckk..iiggnnoorreePPaasssswwdd.
+
+ --nnooiipp
+ Don't ignore password prompt. This is available in order to override
+ the resource iiggnnoorreePPaasssswwdd if set to True.
+
+ --ffgg _c_o_l_o_r
+ Specifies the foreground color. The resource available for this is
+ xxnnlloocckk..ffoorreeggrroouunndd.
+
+ --bbgg _c_o_l_o_r
+ Specifies the background color. The resource available for this is
+ xxnnlloocckk..bbaacckkggrroouunndd.
+
+ --rrvv Reverse the foreground and background colors. The resource for this
+ is xxvvnnlloocckk..rreevveerrsseeVViiddeeoo.
+
+ --nnoorrvv
+ Don't use reverse video. This is available to override the reverseV-
+ ideo resource if set to True.
+
+ --pprroogg _p_r_o_g_r_a_m
+ Receive message text from the running program _p_r_o_g_r_a_m. If there are
+ arguments to _p_r_o_g_r_a_m, encase them with the name of the program in
+ quotes (e.g. xnlock -t "fortune -o"). The resource for this is
+ xxnnlloocckk..pprrooggrraamm.
+
+RESOURCES
+ xnlock.font: fontname
+ xnlock.foreground: color
+ xnlock.background: color
+ xnlock.reverseVideo: True/False
+ xnlock.text: Some random text string
+ xnlock.program: program [args]
+ xnlock.ignorePasswd: True/False
+ xnlock.acceptRootPasswd: True/False
+
+FILES
+ _x_n_l_o_c_k executable file
+ ~/.msgfile default message file
+
+AUTHOR
+ Dan Heller <argv@sun.com> Copyright (c) 1985, 1990.
+ The original version of this program was written using pixrects on a Sun 2
+ running SunOS 1.1.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/kerberosV/src/appl/xnlock/xnlock.new.fixit b/kerberosV/src/appl/xnlock/xnlock.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/appl/xnlock/xnlock.new.fixit
diff --git a/kerberosV/src/doc/doc.new.fixit b/kerberosV/src/doc/doc.new.fixit
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/kerberosV/src/doc/doc.new.fixit
diff --git a/kerberosV/src/doc/programming.texi b/kerberosV/src/doc/programming.texi
new file mode 100644
index 00000000000..bae9eeb6226
--- /dev/null
+++ b/kerberosV/src/doc/programming.texi
@@ -0,0 +1,287 @@
+@c $KTH: programming.texi,v 1.2 2001/05/16 22:11:00 assar Exp $
+
+@node Programming with Kerberos
+@chapter Programming with Kerberos
+
+First you need to know how the Kerberos model works, go read the
+introduction text (@pxref{What is Kerberos?}).
+
+@macro manpage{man, section}
+@cite{\man\(\section\)}
+@end macro
+
+@menu
+* Kerberos 5 API Overview::
+* Walkthru a sample Kerberos 5 client::
+* Validating a password in a server application::
+@end menu
+
+@node Kerberos 5 API Overview, Walkthru a sample Kerberos 5 client, Programming with Kerberos, Programming with Kerberos
+@section Kerberos 5 API Overview
+
+Most functions are documenteded in manual pages. This overview only
+tries to point to where to look for a specific function.
+
+@subsection Kerberos context
+
+A kerberos context (@code{krb5_context}) holds all per thread state. All global variables that
+are context specific are stored in this struture, including default
+encryption types, credential-cache (ticket file), and default realms.
+
+See the manual pages for @manpage{krb5_context,3} and
+@manpage{krb5_init_context,3}.
+
+@subsection Kerberos authenication context
+
+Kerberos authentication context (@code{krb5_auth_context}) holds all
+context related to an authenticated connection, in a similar way to the
+kerberos context that holds the context for the thread or process.
+
+The @code{krb5_auth_context} is used by various functions that are
+directly related to authentication between the server/client. Example of
+data that this structure contains are various flags, addresses of client
+and server, port numbers, keyblocks (and subkeys), sequence numbers,
+replay cache, and checksum types.
+
+See the manual page for @manpage{krb5_auth_context,3}.
+
+@subsection Keytab managment
+
+A keytab is a storage for locally stored keys. Heimdal includes keytab
+support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,
+and for storing keys in memory.
+
+See also manual page for @manpage{krb5_keytab,3}
+
+@node Walkthru a sample Kerberos 5 client, Validating a password in a server application, Kerberos 5 API Overview, Programming with Kerberos
+@section Walkthru a sample Kerberos 5 client
+
+This example contains parts of a sample TCP Kerberos 5 clients, if you
+want a real working client, please look in @file{appl/test} directory in
+the Heimdal distribution.
+
+All Kerberos error-codes that are returned from kerberos functions in
+this program are passed to @code{krb5_err}, that will print a
+descriptive text of the error code and exit. Graphical programs can
+convert error-code to a humal readable error-string with the
+@manpage{krb5_get_err_text,3} function.
+
+Note that you should not use any Kerberos function before
+@code{krb5_init_context()} have completed successfully. That is the
+reson @code{err()} is used when @code{krb5_init_context()} fails.
+
+First the client needs to call @code{krb5_init_context} to initialize
+the Kerberos 5 library. This is only needed once per thread
+in the program. If the function returns a non-zero value it indicates
+that either the Kerberos implemtation is failing or its disabled on
+this host.
+
+@example
+#include <krb5.h>
+
+int
+main(int argc, char **argv)
+@{
+ krb5_context context;
+
+ if (krb5_context(&context))
+ errx (1, "krb5_context");
+@end example
+
+Now the client wants to connect to the host at the other end. The
+preferred way of doing this is using @manpage{getaddrinfo,3} (for
+operating system that have this function implemented), since getaddrinfo
+is neutral to the address type and can use any protocol that is available.
+
+@example
+ struct addrinfo *ai, *a;
+ struct addrinfo hints;
+ int error;
+
+ memset (&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_protocol = IPPROTO_TCP;
+
+ error = getaddrinfo (hostname, "pop3", &hints, &ai);
+ if (error)
+ errx (1, "%s: %s", hostname, gai_strerror(error));
+
+ for (a = ai; a != NULL; a = a->ai_next) @{
+ int s;
+
+ s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
+ if (s < 0)
+ continue;
+ if (connect (s, a->ai_addr, a->ai_addrlen) < 0) @{
+ warn ("connect(%s)", hostname);
+ close (s);
+ continue;
+ @}
+ freeaddrinfo (ai);
+ ai = NULL;
+ @}
+ if (ai) @{
+ freeaddrinfo (ai);
+ errx ("failed to contact %s", hostname);
+ @}
+@end example
+
+Before authenticating, an authentication context needs to be
+created. This context keeps all information for one (to be) authenticated
+connection (see @manpage{krb5_auth_context,3}).
+
+@example
+ status = krb5_auth_con_init (context, &auth_context);
+ if (status)
+ krb5_err (context, 1, status, "krb5_auth_con_init");
+@end example
+
+For setting the address in the authentication there is a help function
+@code{krb5_auth_con_setaddrs_from_fd} that does everthing that is needed
+when given a connected file descriptor to the socket.
+
+@example
+ status = krb5_auth_con_setaddrs_from_fd (context,
+ auth_context,
+ &sock);
+ if (status)
+ krb5_err (context, 1, status,
+ "krb5_auth_con_setaddrs_from_fd");
+@end example
+
+The next step is to build a server principal for the service we want
+to connect to. (See also @manpage{krb5_sname_to_principal,3}.)
+
+@example
+ status = krb5_sname_to_principal (context,
+ hostname,
+ service,
+ KRB5_NT_SRV_HST,
+ &server);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sname_to_principal");
+@end example
+
+The client principal is not passed to @manpage{krb5_sendauth,3}
+function, this causes the @code{krb5_sendauth} function to try to figure it
+out itself.
+
+The server program is using the function @manpage{krb5_recvauth,3} to
+receive the Kerberos 5 authenticator.
+
+In this case, mutual authenication will be tried. That means that the server
+will authenticate to the client. Using mutual authenication
+is good since it enables the user to verify that they are talking to the
+right server (a server that knows the key).
+
+If you are using a non-blocking socket you will need to do all work of
+@code{krb5_sendauth} yourself. Basically you need to send over the
+authenticator from @manpage{krb5_mk_req,3} and, in case of mutual
+authentication, verifying the result from the server with
+@manpage{krb5_rd_rep,3}.
+
+@example
+ status = krb5_sendauth (context,
+ &auth_context,
+ &sock,
+ VERSION,
+ NULL,
+ server,
+ AP_OPTS_MUTUAL_REQUIRED,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_sendauth");
+@end example
+
+Once authentication has been performed, it is time to send some
+data. First we create a krb5_data structure, then we sign it with
+@manpage{krb5_mk_safe,3} using the @code{auth_context} that contains the
+session-key that was exchanged in the
+@manpage{krb5_sendauth,3}/@manpage{krb5_recvauth,3} authentication
+sequence.
+
+@example
+ data.data = "hej";
+ data.length = 3;
+
+ krb5_data_zero (&packet);
+
+ status = krb5_mk_safe (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_safe");
+@end example
+
+And send it over the network.
+
+@example
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+@end example
+
+To send encrypted (and signed) data @manpage{krb5_mk_priv,3} should be
+used instead. @manpage{krb5_mk_priv,3} works the same way as
+@manpage{krb5_mk_safe,3}, with the exception that it encrypts the data
+in addition to signing it.
+
+@example
+ data.data = "hemligt";
+ data.length = 7;
+
+ krb5_data_free (&packet);
+
+ status = krb5_mk_priv (context,
+ auth_context,
+ &data,
+ &packet,
+ NULL);
+ if (status)
+ krb5_err (context, 1, status, "krb5_mk_priv");
+@end example
+
+And send it over the network.
+
+@example
+ len = packet.length;
+ net_len = htonl(len);
+
+ if (krb5_net_write (context, &sock, &net_len, 4) != 4)
+ err (1, "krb5_net_write");
+ if (krb5_net_write (context, &sock, packet.data, len) != len)
+ err (1, "krb5_net_write");
+
+@end example
+
+The server is using @manpage{krb5_rd_safe,3} and
+@manpage{krb5_rd_priv,3} to verify the signature and decrypt the packet.
+
+@node Validating a password in a server application, , Walkthru a sample Kerberos 5 client, Programming with Kerberos
+@section Validating a password in an application
+
+See the manual page for @manpage{krb5_verify_user,3}.
+
+@c @node Why you should use GSS-API for new applications, Walkthru a sample GSS-API client, Validating a password in a server application, Programming with Kerberos
+@c @section Why you should use GSS-API for new applications
+@c
+@c SSPI, bah, bah, microsoft, bah, bah, almost GSS-API.
+@c
+@c It would also be possible for other mechanisms then Kerberos, but that
+@c doesn't exist any other GSS-API implementations today.
+@c
+@c @node Walkthru a sample GSS-API client, , Why you should use GSS-API for new applications, Programming with Kerberos
+@c @section Walkthru a sample GSS-API client
+@c
+@c Write about how gssapi_clent.c works.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-14 19:09:20 +0000