summaryrefslogtreecommitdiff
path: root/kerberosIV
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2000-02-29 06:56:47 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2000-02-29 06:56:47 +0000
commit304acec229fb1d6c391d0e878c4e554f2a397d09 (patch)
tree1dc4a839ded738feff130c1184928cd37c0c0b0e /kerberosIV
parent1ca722e5ea47f9fe2718bdce57437a6de11849f7 (diff)
excess files
Diffstat (limited to 'kerberosIV')
-rw-r--r--kerberosIV/src/man/acl_check.cat3198
-rw-r--r--kerberosIV/src/man/afslog.cat139
-rw-r--r--kerberosIV/src/man/des.cat1132
-rw-r--r--kerberosIV/src/man/des_crypt.cat3330
-rw-r--r--kerberosIV/src/man/ext_srvtab.cat866
-rw-r--r--kerberosIV/src/man/ftp.cat1646
-rw-r--r--kerberosIV/src/man/ftpd.cat8290
-rw-r--r--kerberosIV/src/man/ftpusers.cat527
-rw-r--r--kerberosIV/src/man/kadmin.cat8110
-rw-r--r--kerberosIV/src/man/kadmind.cat8132
-rw-r--r--kerberosIV/src/man/kafs.cat3118
-rw-r--r--kerberosIV/src/man/kauth.cat147
-rw-r--r--kerberosIV/src/man/kauthd.cat822
-rw-r--r--kerberosIV/src/man/kdb_destroy.cat866
-rw-r--r--kerberosIV/src/man/kdb_edit.cat866
-rw-r--r--kerberosIV/src/man/kdb_init.cat866
-rw-r--r--kerberosIV/src/man/kdb_util.cat866
-rw-r--r--kerberosIV/src/man/kdestroy.cat1132
-rw-r--r--kerberosIV/src/man/kerberos.cat1198
-rw-r--r--kerberosIV/src/man/kerberos.cat3396
-rw-r--r--kerberosIV/src/man/kerberos.cat8147
-rw-r--r--kerberosIV/src/man/kinit.cat1132
-rw-r--r--kerberosIV/src/man/klist.cat166
-rw-r--r--kerberosIV/src/man/kpasswd.cat166
-rw-r--r--kerberosIV/src/man/kprop.cat844
-rw-r--r--kerberosIV/src/man/kpropd.cat842
-rw-r--r--kerberosIV/src/man/krb.conf.cat566
-rw-r--r--kerberosIV/src/man/krb.equiv.cat524
-rw-r--r--kerberosIV/src/man/krb.realms.cat566
-rw-r--r--kerberosIV/src/man/krb_realmofhost.cat3132
-rw-r--r--kerberosIV/src/man/krb_sendauth.cat3264
-rw-r--r--kerberosIV/src/man/krb_set_tkt_string.cat366
-rw-r--r--kerberosIV/src/man/ksrvtgt.cat166
-rw-r--r--kerberosIV/src/man/ksrvutil.cat870
-rw-r--r--kerberosIV/src/man/kstash.cat866
-rw-r--r--kerberosIV/src/man/kuserok.cat366
-rw-r--r--kerberosIV/src/man/kx.cat139
-rw-r--r--kerberosIV/src/man/kxd.cat838
-rw-r--r--kerberosIV/src/man/login.access.cat544
-rw-r--r--kerberosIV/src/man/login.cat173
-rw-r--r--kerberosIV/src/man/movemail.cat127
-rw-r--r--kerberosIV/src/man/otp.cat144
-rw-r--r--kerberosIV/src/man/otpprint.cat136
-rw-r--r--kerberosIV/src/man/pagsh.cat117
-rw-r--r--kerberosIV/src/man/popper.cat8198
-rw-r--r--kerberosIV/src/man/rcp.cat166
-rw-r--r--kerberosIV/src/man/rlogin.cat192
-rw-r--r--kerberosIV/src/man/rlogind.cat8103
-rw-r--r--kerberosIV/src/man/rsh.cat175
-rw-r--r--kerberosIV/src/man/rshd.cat8138
-rw-r--r--kerberosIV/src/man/rxtelnet.cat143
-rw-r--r--kerberosIV/src/man/rxterm.cat141
-rw-r--r--kerberosIV/src/man/su.cat185
-rw-r--r--kerberosIV/src/man/telnet.cat1722
-rw-r--r--kerberosIV/src/man/telnetd.cat8297
-rw-r--r--kerberosIV/src/man/tenletxr.cat137
-rw-r--r--kerberosIV/src/man/tf_util.cat3132
57 files changed, 0 insertions, 6877 deletions
diff --git a/kerberosIV/src/man/acl_check.cat3 b/kerberosIV/src/man/acl_check.cat3
deleted file mode 100644
index c7cf745028c..00000000000
--- a/kerberosIV/src/man/acl_check.cat3
+++ /dev/null
@@ -1,198 +0,0 @@
-
-
-
- AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- acl_canonicalize_principal, acl_check, acl_exact_match, acl_add,
- acl_delete, acl_initialize - Access control list routines
-
- SSYYNNOOPPSSIISS
- cccc <<ffiilleess>> --llaaccll --llkkrrbb
-
- ##iinncclluuddee <<kkrrbb..hh>>
-
- aaccll__ccaannoonniiccaalliizzee__pprriinncciippaall((pprriinncciippaall,, bbuuff))
- cchhaarr **pprriinncciippaall;;
- cchhaarr **bbuuff;;
-
- aaccll__cchheecckk((aaccll,, pprriinncciippaall))
- cchhaarr **aaccll;;
- cchhaarr **pprriinncciippaall;;
-
- aaccll__eexxaacctt__mmaattcchh((aaccll,, pprriinncciippaall))
- cchhaarr **aaccll;;
- cchhaarr **pprriinncciippaall;;
-
- aaccll__aadddd((aaccll,, pprriinncciippaall))
- cchhaarr **aaccll;;
- cchhaarr **pprriinncciippaall;;
-
- aaccll__ddeelleettee((aaccll,, pprriinncciippaall))
- cchhaarr **aaccll;;
- cchhaarr **pprriinncciippaall;;
-
- aaccll__iinniittiiaalliizzee((aaccll__ffiillee,, mmooddee))
- cchhaarr **aaccll__ffiillee;;
- iinntt mmooddee;;
-
- DDEESSCCRRIIPPTTIIOONN
- IInnttrroodduuccttiioonn
- An access control list (ACL) is a list of principals, where each
- principal is represented by a text string which cannot contain
- whitespace. The library allows application programs to refer to named
- access control lists to test membership and to atomically add and
- delete principals using a natural and intuitive interface. At
- present, the names of access control lists are required to be Unix
- filenames, and refer to human-readable Unix files; in the future, when
- a networked ACL server is implemented, the names may refer to a
- different namespace specific to the ACL service.
-
- PPrriinncciippaall NNaammeess
- Principal names have the form
- <name>[.<instance>][@<realm>]
- e.g.:
- asp
- asp.root
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- asp@ATHENA.MIT.EDU
- asp.@ATHENA.MIT.EDU
- asp.root@ATHENA.MIT.EDU
- It is possible for principals to be underspecified. If an instance is
- missing, it is assumed to be "". If realm is missing, it is assumed
- to be the local realm as determined by _k_r_b___g_e_t___l_r_e_a_l_m(3). The
- canonical form contains all of name, instance, and realm; the acl_add
- and acl_delete routines will always leave the file in that form. Note
- that the canonical form of asp@ATHENA.MIT.EDU is actually
- asp.@ATHENA.MIT.EDU.
-
- RRoouuttiinneess
- _a_c_l___c_a_n_o_n_i_c_a_l_i_z_e___p_r_i_n_c_i_p_a_l stores the canonical form of _p_r_i_n_c_i_p_a_l in
- _b_u_f. _B_u_f must contain enough space to store a principal, given the
- limits on the sizes of name, instance, and realm specified as
- ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in _/_u_s_r_/_i_n_c_l_u_d_e_/_k_r_b_._h.
-
- _a_c_l___c_h_e_c_k returns nonzero if _p_r_i_n_c_i_p_a_l appears in _a_c_l. Returns 0 if
- principal does not appear in acl, or if an error occurs.
- Canonicalizes principal before checking, and allows the ACL to contain
- wildcards. The only supported wildcards are entries of the form
- name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for
- the its component field. For example, "jtkohl.*@*" would match
- principal jtkohl, with any instance and any realm.
-
- _a_c_l___e_x_a_c_t___m_a_t_c_h performs like _a_c_l___c_h_e_c_k, but does no canonicalization
- or wildcard matching.
-
- _a_c_l___a_d_d atomically adds _p_r_i_n_c_i_p_a_l to _a_c_l. Returns 0 if successful,
- nonzero otherwise. It is considered a failure if _p_r_i_n_c_i_p_a_l is already
- in _a_c_l. This routine will canonicalize _p_r_i_n_c_i_p_a_l, but will treat
- wildcards literally.
-
- _a_c_l___d_e_l_e_t_e atomically deletes _p_r_i_n_c_i_p_a_l from _a_c_l. Returns 0 if
- successful, nonzero otherwise. It is considered a failure if
- _p_r_i_n_c_i_p_a_l is not already in _a_c_l. This routine will canonicalize
- _p_r_i_n_c_i_p_a_l, but will treat wildcards literally.
-
- _a_c_l___i_n_i_t_i_a_l_i_z_e initializes _a_c_l___f_i_l_e. If the file _a_c_l___f_i_l_e does not
- exist, _a_c_l___i_n_i_t_i_a_l_i_z_e creates it with mode _m_o_d_e. If the file _a_c_l___f_i_l_e
- exists, _a_c_l___i_n_i_t_i_a_l_i_z_e removes all members. Returns 0 if successful,
- nonzero otherwise. WARNING: Mode argument is likely to change with
- the eventual introduction of an ACL service.
-
- NNOOTTEESS
- In the presence of concurrency, there is a very small chance that
- _a_c_l___a_d_d or _a_c_l___d_e_l_e_t_e could report success even though it would have
- had no effect. This is a necessary side effect of using lock files
- for concurrency control rather than flock(2), which is not supported
- by NFS.
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- AACCLL__CCHHEECCKK((33)) MMIITT PPrroojjeecctt AAtthheennaa AACCLL__CCHHEECCKK((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- The current implementation caches ACLs in memory in a hash-table
- format for increased efficiency in checking membership; one effect of
- the caching scheme is that one file descriptor will be kept open for
- each ACL cached, up to a maximum of 8.
-
- SSEEEE AALLSSOO
- kerberos(3), krb_get_lrealm(3)
-
- AAUUTTHHOORR
- James Aspnes (MIT Project Athena)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/afslog.cat1 b/kerberosIV/src/man/afslog.cat1
deleted file mode 100644
index f75875ac940..00000000000
--- a/kerberosIV/src/man/afslog.cat1
+++ /dev/null
@@ -1,39 +0,0 @@
-
-AFSLOG(1) UNIX Reference Manual AFSLOG(1)
-
-NNAAMMEE
- aaffsslloogg - obtains AFS tokens for specified cells
-
-SSYYNNOOPPSSIISS
- aaffsslloogg [--dd] [--cc _c_e_l_l] [--kk _r_e_a_l_m] [--pp _p_a_t_h] [--uunnlloogg] [--ccrreeaatteeuusseerr] [_a_r_g_s]
-
-DDEESSCCRRIIPPTTIIOONN
- The aaffsslloogg command obtains AFS tokens, _a_r_g_s are either a name of a cell
- or a pathnames of a file in the cell to get tokens for. If an argument is
- . or .. or contains a slash it is assumed to be a pathname. Otherwise it
- is assumed to be a name of a cell or a prefix thereof.
-
- The --cc and --pp flags can be used to resolve ambiguities.
-
- aaffsslloogg might fail to guess the Kerberos realm to get tickets for (for in-
- stance if the volume location servers of the cell does not reside in the
- kerberos realm that holds the AFS service key, and the correct realm
- isn't the same as the cell name or the local realm (I didn't say this was
- a common problem)). Anyway, the --kk can be used to give a hint. It should
- not be used unless there is a problem, since all tickets will be taken
- from the specified realm and this is not (usually) what you want.
-
- --ccrreeaatteeuusseerr means that aaffsslloogg should try to run ppttss to create a remote
- user principal in another cell. --dd can be used for debugging.
-
- If the --uunnlloogg flag is given any tokens are removed and all other argu-
- ments are ignored.
-
-SSEEEE AALLSSOO
- kauth(1), kafs(3)
-
-BBUUGGSS
- It should be able to handle the MIT Athena aakklloogg flags --hhoossttss, --zzssuubbss,
- and --nnoopprrddbb, but does not.
-
- KTH-KRB April 27, 1996 1
diff --git a/kerberosIV/src/man/des.cat1 b/kerberosIV/src/man/des.cat1
deleted file mode 100644
index 8ba5b2f5a29..00000000000
--- a/kerberosIV/src/man/des.cat1
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- DDEESS((11)) DDEESS((11))
-
-
-
-
- NNAAMMEE
- des - encrypt or decrypt data using Data Encryption Standard
-
- SSYYNNOOPPSSIISS
- ddeess ( --ee | --EE ) | ( --dd | --DD ) | ( --[ccCC][cckknnaammee] ) | [ --bb33hhffss ] [ --kk _k_e_y
- ] ] [ --uu[_u_u_n_a_m_e] [ _i_n_p_u_t_-_f_i_l_e [ _o_u_t_p_u_t_-_f_i_l_e ] ]
-
- DDEESSCCRRIIPPTTIIOONN
- ddeess encrypts and decrypts data using the Data Encryption Standard
- algorithm. One of --ee,, --EE (for encrypt) or --dd,, --DD (for decrypt) must
- be specified. It is also possible to use --cc or --CC in conjunction or
- instead of the a encrypt/decrypt option to generate a 16 character
- hexadecimal checksum, generated via the _d_e_s___c_b_c___c_k_s_u_m_. Two standard
- encryption modes are supported by the ddeess program, Cipher Block
- Chaining (the default) and Electronic Code Book (specified with --bb ).
- The key used for the DES algorithm is obtained by prompting the user
- unless the ``--kk _k_e_y_' option is given. If the key is an argument to the
- ddeess command, it is potentially visible to users executing ppss(1) or a
- derivative. To minimise this possibility, ddeess takes care to destroy
- the key argument immediately upon entry. If your shell keeps a
- history file be careful to make sure it is not world readable. Since
- this program attempts to maintain compatability with sunOS's des(1)
- command, there are 2 different methods used to convert the user
- supplied key to a des key. Whenever and one or more of --EE,, --DD,, --CC or
- --33 options are used, the key conversion procedure will not be
- compatible with the sunOS des(1) version but will use all the user
- supplied character to generate the des key. ddeess command reads from
- standard input unless _i_n_p_u_t_-_f_i_l_e is specified and writes to standard
- output unless _o_u_t_p_u_t_-_f_i_l_e is given.
-
- OOPPTTIIOONNSS
- --bb Select ECB (eight bytes at a time) encryption mode.
-
- --33 Encrypt using triple encryption. By default triple cbc
- encryption is used but if the --bb option is used then triple ecb
- encryption is performed. If the key is less than 8 characters
- long, the flag has no effect.
-
- --ee Encrypt data using an 8 byte key in a manner compatible with
- sunOS des(1).
-
- --EE Encrypt data using a key of nearly unlimited length (1024 bytes).
- This will product a more secure encryption.
-
- --dd Decrypt data that was encrypted with the -e option.
-
- --DD Decrypt data that was encrypted with the -E option.
-
- --cc Generate a 16 character hexadecimal cbc checksum and output this
- to stderr. If a filename was specified after the --cc option, the
- checksum is output to that file. The checksum is generated using
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- DDEESS((11)) DDEESS((11))
-
-
-
-
- a key generated in a sunOS compatible manner.
-
- --CC A cbc checksum is generated in the same manner as described for
- the --cc option but the DES key is generated in the same manner as
- used for the --EE and --DD options
-
- --ff Does nothing - allowed for compatibility with sunOS des(1)
- command.
-
- --ss Does nothing - allowed for compatibility with sunOS des(1)
- command.
-
- --kk _k_e_y
- Use the encryption _k_e_y specified.
-
- --hh The _k_e_y is assumed to be a 16 character hexadecimal number. If
- the --33 option is used the key is assumed to be a 32 character
- hexadecimal number.
-
- --uu This flag is used to read and write uuencoded files. If
- decrypting, the input file is assumed to contain uuencoded, DES
- encrypted data. If encrypting, the characters following the -u
- are used as the name of the uuencoded file to embed in the begin
- line of the uuencoded output. If there is no name specified
- after the -u, the name text.des will be embedded in the header.
-
- SSEEEE AALLSSOO
- ppss ((11)) ddeess__ccrryypptt((33))
-
- BBUUGGSS
- The problem with using the --ee option is the short key length. It
- would be better to use a real 56-bit key rather than an ASCII-based
- 56-bit pattern. Knowing that the key was derived from ASCII radically
- reduces the time necessary for a brute-force cryptographic attack. My
- attempt to remove this problem is to add an alternative text-key to
- DES-key function. This alternative function (accessed via --EE,, --DD,, --SS
- and --33 ) uses DES to help generate the key. Be carefully when using
- the -u option. Doing des -ud <filename> will not decrypt filename
- (the -u option will gobble the d option). The VMS operating system
- operates in a world where files are always a multiple of 512 bytes.
- This causes problems when encrypted data is send from unix to VMS
- since a 88 byte file will suddenly be padded with 424 null bytes. To
- get around this problem, use the -u option to uuencode the data before
- it is send to the VMS system.
-
- AAUUTTHHOORR
- Eric Young (eay@mincom.oz.au or eay@psych.psy.uq.oz.au)
-
-
-
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/des_crypt.cat3 b/kerberosIV/src/man/des_crypt.cat3
deleted file mode 100644
index efc3d91332c..00000000000
--- a/kerberosIV/src/man/des_crypt.cat3
+++ /dev/null
@@ -1,330 +0,0 @@
-
-
-
- DDEESS__CCRRYYPPTT((33)) MMIITT PPrroojjeecctt AAtthheennaa DDEESS__CCRRYYPPTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- des_read_password, des_string_to_key, des_random_key, des_set_key,
- des_ecb_encrypt, des_cbc_encrypt, des_pcbc_encrypt, des_cbc_cksum,
- des_quad_cksum, - (new) DES encryption
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<ddeess..hh>>
-
- iinntt ddeess__rreeaadd__ppaasssswwoorrdd((kkeeyy,,pprroommpptt,,vveerriiffyy))
- des_cblock *key;
- char *prompt;
- int verify;
-
- iinntt ddeess__ssttrriinngg__ttoo__kkeeyy((ssttrr,,kkeeyy))
- cchhaarr **ssttrr;;
- ddeess__ccbblloocckk kkeeyy;;
-
- iinntt ddeess__rraannddoomm__kkeeyy((kkeeyy))
- ddeess__ccbblloocckk **kkeeyy;;
-
- iinntt ddeess__sseett__kkeeyy((kkeeyy,,sscchheedduullee))
- ddeess__ccbblloocckk **kkeeyy;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
-
- iinntt ddeess__eeccbb__eennccrryypptt((iinnppuutt,,oouuttppuutt,,sscchheedduullee,,eennccrryypptt))
- ddeess__ccbblloocckk **iinnppuutt;;
- ddeess__ccbblloocckk **oouuttppuutt;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
- iinntt eennccrryypptt;;
-
- iinntt ddeess__ccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
- ddeess__ccbblloocckk **iinnppuutt;;
- ddeess__ccbblloocckk **oouuttppuutt;;
- lloonngg lleennggtthh;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
- ddeess__ccbblloocckk **iivveecc;;
- iinntt eennccrryypptt;;
-
- iinntt ddeess__ppccbbcc__eennccrryypptt((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc,,eennccrryypptt))
- ddeess__ccbblloocckk **iinnppuutt;;
- ddeess__ccbblloocckk **oouuttppuutt;;
- lloonngg lleennggtthh;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
- ddeess__ccbblloocckk **iivveecc;;
- iinntt eennccrryypptt;;
-
- uunnssiiggnneedd lloonngg ddeess__ccbbcc__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,sscchheedduullee,,iivveecc))
- ddeess__ccbblloocckk **iinnppuutt;;
- ddeess__ccbblloocckk **oouuttppuutt;;
- lloonngg lleennggtthh;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- DDEESS__CCRRYYPPTT((33)) MMIITT PPrroojjeecctt AAtthheennaa DDEESS__CCRRYYPPTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- ddeess__ccbblloocckk **iivveecc;;
-
- uunnssiiggnneedd lloonngg qquuaadd__cckkssuumm((iinnppuutt,,oouuttppuutt,,lleennggtthh,,oouutt__ccoouunntt,,sseeeedd))
- ddeess__ccbblloocckk **iinnppuutt;;
- ddeess__ccbblloocckk **oouuttppuutt;;
- lloonngg lleennggtthh;;
- iinntt oouutt__ccoouunntt;;
- ddeess__ccbblloocckk **sseeeedd;;
-
- DDEESSCCRRIIPPTTIIOONN
- This library supports various DES encryption related operations. It
- differs from the _c_r_y_p_t_, _s_e_t_k_e_y_, _a_n_d _e_n_c_r_y_p_t library routines in that
- it provides a true DES encryption, without modifying the algorithm,
- and executes much faster.
-
- For each key that may be simultaneously active, create a
- ddeess__kkeeyy__sscchheedduullee struct, defined in "des.h". Next, create key
- schedules (from the 8-byte keys) as needed, via _d_e_s___s_e_t___k_e_y_, prior to
- using the encryption or checksum routines. Then setup the input and
- output areas. Make sure to note the restrictions on lengths being
- multiples of eight bytes. Finally, invoke the encryption/decryption
- routines, _d_e_s___e_c_b___e_n_c_r_y_p_t or _d_e_s___c_b_c___e_n_c_r_y_p_t or _d_e_s___p_c_b_c___e_n_c_r_y_p_t_, or,
- to generate a cryptographic checksum, use _q_u_a_d___c_k_s_u_m (fast) or
- _d_e_s___c_b_c___c_k_s_u_m (slow).
-
- A _d_e_s___c_b_l_o_c_k struct is an 8 byte block used as the fundamental unit
- for DES data and keys, and is defined as:
-
- ttyyppeeddeeff uunnssiiggnneedd cchhaarr ddeess__ccbblloocckk[[88]];;
-
- and a _d_e_s___k_e_y___s_c_h_e_d_u_l_e_, is defined as:
-
- ttyyppeeddeeff ssttrruucctt ddeess__kkss__ssttrruucctt {{ddeess__ccbblloocckk __;;}} ddeess__kkeeyy__sscchheedduullee[[1166]];;
-
- _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d writes the string specified by _p_r_o_m_p_t to the
- standard output, turns off echo (if possible) and reads an input
- string from standard input until terminated with a newline. If _v_e_r_i_f_y
- is non-zero, it prompts and reads input again, for use in applications
- such as changing a password; both versions are compared, and the input
- is requested repeatedly until they match. Then _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d
- converts the input string into a valid DES key, internally using the
- _d_e_s___s_t_r_i_n_g___t_o___k_e_y routine. The newly created key is copied to the
- area pointed to by the _k_e_y argument. _d_e_s___r_e_a_d___p_a_s_s_w_o_r_d returns a zero
- if no errors occurred, or a -1 indicating that an error occurred
- trying to manipulate the terminal echo.
-
- _d_e_s___s_t_r_i_n_g___t_o___k_e_y converts an arbitrary length null-terminated string
- to an 8 byte DES key, with odd byte parity, per FIPS specification. A
- one-way function is used to convert the string to a key, making it
- very difficult to reconstruct the string from the key. The _s_t_r
- argument is a pointer to the string, and _k_e_y should point to a
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- DDEESS__CCRRYYPPTT((33)) MMIITT PPrroojjeecctt AAtthheennaa DDEESS__CCRRYYPPTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- _d_e_s___c_b_l_o_c_k supplied by the caller to receive the generated key. No
- meaningful value is returned. Void is not used for compatibility with
- other compilers.
-
- _d_e_s___r_a_n_d_o_m___k_e_y generates a random DES encryption key (eight bytes),
- set to odd parity per FIPS specifications. This routine uses the
- current time, process id, and a counter as a seed for the random
- number generator. The caller must supply space for the output
- key, pointed to by argument _k_e_y_, then after calling _d_e_s___r_a_n_d_o_m___k_e_y
- should call the _d_e_s___s_e_t___k_e_y routine when needed. No meaningful value
- is returned. Void is not used for compatibility with other compilers.
-
- _d_e_s___s_e_t___k_e_y calculates a key schedule from all eight bytes of the
- input key, pointed to by the _k_e_y argument, and outputs the schedule
- into the _d_e_s___k_e_y___s_c_h_e_d_u_l_e indicated by the _s_c_h_e_d_u_l_e argument. Make
- sure to pass a valid eight byte key; no padding is done. The key
- schedule may then be used in subsequent encryption/decryption/checksum
- operations. Many key schedules may be cached for later use. The user
- is responsible to clear keys and schedules as soon as no longer
- needed, to prevent their disclosure. The routine also checks the key
- parity, and returns a zero if the key parity is correct (odd), a -1
- indicating a key parity error, or a -2 indicating use of an illegal
- weak key. If an error is returned, the key schedule was not created.
-
- _d_e_s___e_c_b___e_n_c_r_y_p_t is the basic DES encryption routine that encrypts or
- decrypts a single 8-byte block in eelleeccttrroonniicc ccooddee bbooookk mode. It
- always transforms the input data, pointed to by _i_n_p_u_t_, into the output
- data, pointed to by the _o_u_t_p_u_t argument.
-
- If the _e_n_c_r_y_p_t argument is non-zero, the _i_n_p_u_t (cleartext) is
- encrypted into the _o_u_t_p_u_t (ciphertext) using the key_schedule
- specified by the _s_c_h_e_d_u_l_e argument, previously set via _d_e_s___s_e_t___k_e_y
-
- If encrypt is zero, the _i_n_p_u_t (now ciphertext) is decrypted into the
- _o_u_t_p_u_t (now cleartext).
-
- Input and output may overlap.
-
- No meaningful value is returned. Void is not used for compatibility
- with other compilers.
-
- _d_e_s___c_b_c___e_n_c_r_y_p_t encrypts/decrypts using the cciipphheerr--bblloocckk--cchhaaiinniinngg mmooddee
- ooff DDEESS.. If the _e_n_c_r_y_p_t argument is non-zero, the routine cipher-
- block-chain encrypts the cleartext data pointed to by the _i_n_p_u_t
- argument into the ciphertext pointed to by the _o_u_t_p_u_t argument, using
- the key schedule provided by the _s_c_h_e_d_u_l_e argument, and initialization
- vector provided by the _i_v_e_c argument. If the _l_e_n_g_t_h argument is not
- an integral multiple of eight bytes, the last block is copied to a
- temp and zero filled (highest addresses). The output is ALWAYS an
- integral multiple of eight bytes.
-
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
-
-
-
- DDEESS__CCRRYYPPTT((33)) MMIITT PPrroojjeecctt AAtthheennaa DDEESS__CCRRYYPPTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- If _e_n_c_r_y_p_t is zero, the routine cipher-block chain decrypts the (now)
- ciphertext data pointed to by the _i_n_p_u_t argument into (now) cleartext
- pointed to by the _o_u_t_p_u_t argument using the key schedule provided by
- the _s_c_h_e_d_u_l_e argument, and initialization vector provided by the _i_v_e_c
- argument. Decryption ALWAYS operates on integral multiples of 8 bytes,
- so it will round the _l_e_n_g_t_h provided up to the appropriate multiple.
- Consequently, it will always produce the rounded-up number of bytes of
- output cleartext. The application must determine if the output
- cleartext was zero-padded due to original cleartext lengths that were
- not integral multiples of 8.
-
- No errors or meaningful values are returned. Void is not used for
- compatibility with other compilers.
-
- A characteristic of cbc mode is that changing a single bit of the
- cleartext, then encrypting using cbc mode, affects ALL the subsequent
- ciphertext. This makes cryptanalysis much more difficult. However,
- modifying a single bit of the ciphertext, then decrypting, only
- affects the resulting cleartext from the modified block and the
- succeeding block. Therefore, _d_e_s___p_c_b_c___e_n_c_r_y_p_t is STRONGLY recommended
- for applications where indefinite propagation of errors is required in
- order to detect modifications.
-
- _d_e_s___p_c_b_c___e_n_c_r_y_p_t encrypts/decrypts using a modified block chaining
- mode. Its calling sequence is identical to _d_e_s___c_b_c___e_n_c_r_y_p_t_. It
- differs in its error propagation characteristics.
-
- _d_e_s___p_c_b_c___e_n_c_r_y_p_t is highly recommended for most encryption purposes,
- in that modification of a single bit of the ciphertext will affect ALL
- the subsequent (decrypted) cleartext. Similarly, modifying a single
- bit of the cleartext will affect ALL the subsequent (encrypted)
- ciphertext. "PCBC" mode, on encryption, "xors" both the cleartext of
- block N and the ciphertext resulting from block N with the cleartext
- for block N+1 prior to encrypting block N+1.
-
- _d_e_s___c_b_c___c_k_s_u_m produces an 8 byte cryptographic checksum by cipher-
- block-chain encrypting the cleartext data pointed to by the _i_n_p_u_t
- argument. All of the ciphertext output is discarded, except the last
- 8-byte ciphertext block, which is written into the area pointed to by
- the _o_u_t_p_u_t argument. It uses the key schedule, provided by the
- _s_c_h_e_d_u_l_e argument and initialization vector provided by the _i_v_e_c
- argument. If the _l_e_n_g_t_h argument is not an integral multiple of eight
- bytes, the last cleartext block is copied to a temp and zero filled
- (highest addresses). The output is ALWAYS eight bytes.
-
- The routine also returns an unsigned long, which is the last (highest
- address) half of the 8 byte checksum computed.
-
- _q_u_a_d___c_k_s_u_m produces a checksum by chaining quadratic operations on the
- cleartext data pointed to by the _i_n_p_u_t argument. The _l_e_n_g_t_h argument
- specifies the length of the input -- only exactly that many bytes are
-
-
-
- - 4 - Formatted: December 16, 1999
-
-
-
-
-
-
- DDEESS__CCRRYYPPTT((33)) MMIITT PPrroojjeecctt AAtthheennaa DDEESS__CCRRYYPPTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- included for the checksum, without any padding.
-
- The algorithm may be iterated over the same input data, if the
- _o_u_t___c_o_u_n_t argument is 2, 3 or 4, and the optional _o_u_t_p_u_t argument is a
- non-null pointer . The default is one iteration, and it will not run
- more than 4 times. Multiple iterations run slower, but provide a
- longer checksum if desired. The _s_e_e_d argument provides an 8-byte seed
- for the first iteration. If multiple iterations are requested, the
- results of one iteration are automatically used as the seed for the
- next iteration.
-
- It returns both an unsigned long checksum value, and if the _o_u_t_p_u_t
- argument is not a null pointer, up to 16 bytes of the computed
- checksum are written into the output.
-
- FFIILLEESS
- /usr/include/des.h
- /usr/lib/libdes.a
-
- SSEEEE AALLSSOO
- DDIIAAGGNNOOSSTTIICCSS
- BBUUGGSS
- This software has not yet been compiled or tested on machines other
- than the VAX and the IBM PC.
-
- AAUUTTHHOORRSS
- Steve Miller, MIT Project Athena/Digital Equipment Corporation
-
- RREESSTTRRIICCTTIIOONNSS
- COPYRIGHT 1985,1986 Massachusetts Institute of Technology
-
- This software may not be exported outside of the US without a special
- license from the US Dept of Commerce. It may be replaced by any secret
- key block cipher with block length and key length of 8 bytes, as long
- as the interface is the same as described here.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 5 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/ext_srvtab.cat8 b/kerberosIV/src/man/ext_srvtab.cat8
deleted file mode 100644
index fd47ece9677..00000000000
--- a/kerberosIV/src/man/ext_srvtab.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- EEXXTT__SSRRVVTTAABB((88)) MMIITT PPrroojjeecctt AAtthheennaa EEXXTT__SSRRVVTTAABB((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- ext_srvtab - extract service key files from Kerberos key distribution
- center database
-
- SSYYNNOOPPSSIISS
- ext_srvtab [ --nn ] [ --rr rreeaallmm ] [ hhoossttnnaammee ...... ]
-
- DDEESSCCRRIIPPTTIIOONN
- _e_x_t___s_r_v_t_a_b extracts service key files from the Kerberos key
- distribution center (KDC) database.
-
- Upon execution, it prompts the user to enter the master key string for
- the database. If the --nn option is specified, the master key is
- instead fetched from the master key cache file.
-
- For each _h_o_s_t_n_a_m_e specified on the command line, _e_x_t___s_r_v_t_a_b creates
- the service key file _h_o_s_t_n_a_m_e-new-srvtab, containing all the entries
- in the database with an instance field of _h_o_s_t_n_a_m_e_. This new file
- contains all the keys registered for Kerberos-mediated service
- providing programs which use the _k_r_b___g_e_t___p_h_o_s_t(3) principal and
- instance conventions to run on the host _h_o_s_t_n_a_m_e. If the --rr option is
- specified, the realm fields in the extracted file will match the given
- realm rather than the local realm.
-
- DDIIAAGGNNOOSSTTIICCSS
- "verify_master_key: Invalid master key, does not match database."
- The master key string entered was incorrect.
-
- FFIILLEESS
- _h_o_s_t_n_a_m_e-new-srvtab Service key file generated for _h_o_s_t_n_a_m_e
-
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- DBM files containing database
-
- /.k Master key cache file.
-
- SSEEEE AALLSSOO
- read_service_key(3), krb_get_phost(3)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/ftp.cat1 b/kerberosIV/src/man/ftp.cat1
deleted file mode 100644
index 2b39717c619..00000000000
--- a/kerberosIV/src/man/ftp.cat1
+++ /dev/null
@@ -1,646 +0,0 @@
-
-FTP(1) UNIX Reference Manual FTP(1)
-
-NNAAMMEE
- ffttpp - ARPANET file transfer program
-
-SSYYNNOOPPSSIISS
- ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [_h_o_s_t]
-
-DDEESSCCRRIIPPTTIIOONN
- FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
- The program allows a user to transfer files to and from a remote network
- site.
-
- Modifications has been made so that it almost follows the ftpsec Internet
- draft.
-
- Options may be specified at the command line, or to the command inter-
- preter.
-
- --tt Enables packet tracing.
-
- --vv Verbose option forces ffttpp to show all responses from the remote
- server, as well as report on data transfer statistics.
-
- --nn Restrains ffttpp from attempting ``auto-login'' upon initial connec-
- tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
- low) file in the user's home directory for an entry describing an
- account on the remote machine. If no entry exists, ffttpp will prompt
- for the remote machine login name (default is the user identity on
- the local machine), and, if necessary, prompt for a password and an
- account with which to login.
-
- --ii Turns off interactive prompting during multiple file transfers.
-
- --pp Turn on passive mode.
-
- --dd Enables debugging.
-
- --gg Disables file name globbing.
-
- The client host with which ffttpp is to communicate may be specified on the
- command line. If this is done, ffttpp will immediately attempt to establish
- a connection to an FTP server on that host; otherwise, ffttpp will enter its
- command interpreter and await instructions from the user. When ffttpp is
- awaiting commands from the user the prompt `ftp>' is provided to the us-
- er. The following commands are recognized by ffttpp:
-
- !! [_c_o_m_m_a_n_d [_a_r_g_s]]
- Invoke an interactive shell on the local machine. If there
- are arguments, the first is taken to be a command to execute
- directly, with the rest of the arguments as its arguments.
-
- $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
- Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
- command. Arguments are passed to the macro unglobbed.
-
- aaccccoouunntt [_p_a_s_s_w_d]
- Supply a supplemental password required by a remote system
- for access to resources once a login has been successfully
- completed. If no argument is included, the user will be
- prompted for an account password in a non-echoing input mode.
-
- aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
- Append a local file to a file on the remote machine. If
- _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
- in naming the remote file after being altered by any nnttrraannss
- or nnmmaapp setting. File transfer uses the current settings for
- ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
-
- aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de-
- fault type.
-
- bbeellll Arrange that a bell be sounded after each file transfer com-
- mand is completed.
-
- bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer.
-
- bbyyee Terminate the FTP session with the remote server and exit
- ffttpp. An end of file will also terminate the session and exit.
-
- ccaassee Toggle remote computer file name case mapping during mmggeett
- commands. When ccaassee is on (default is off), remote computer
- file names with all letters in upper case are written in the
- local directory with the letters mapped to lower case.
-
- ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
- Change the working directory on the remote machine to _r_e_m_o_t_e_-
- _d_i_r_e_c_t_o_r_y.
-
- ccdduupp Change the remote machine working directory to the parent of
- the current remote machine working directory.
-
- cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
- Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
- mote sytem to _m_o_d_e.
-
- cclloossee Terminate the FTP session with the remote server, and return
- to the command interpreter. Any defined macros are erased.
-
- ccrr Toggle carriage return stripping during ascii type file re-
- trieval. Records are denoted by a carriage return/linefeed
- sequence during ascii type file transfer. When ccrr is on (the
- default), carriage returns are stripped from this sequence to
- conform with the UNIX single linefeed record delimiter.
- Records on non-UNIX remote systems may contain single line-
- feeds; when an ascii type transfer is made, these linefeeds
- may be distinguished from a record delimiter only when ccrr is
- off.
-
- ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
- Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
-
- ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
- Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
- fied it is used to set the debugging level. When debugging
- is on, ffttpp prints each command sent to the remote machine,
- preceded by the string `-->'
-
- ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
- Print a listing of the directory contents in the directory,
- _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
- _l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt
- the user to verify that the last argument is indeed the tar-
- get local file for receiving ddiirr output. If no directory is
- specified, the current working directory on the remote ma-
- chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
- is --, output comes to the terminal.
-
-
-
- ddiissccoonnnneecctt A synonym for _c_l_o_s_e.
-
- ffoorrmm _f_o_r_m_a_t
- Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is
- ``file''.
-
- ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
- Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
- If the local file name is not specified, it is given the same
- name it has on the remote machine, subject to alteration by
- the current ccaassee, nnttrraannss, and nnmmaapp settings. The current
- settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
- transferring the file.
-
- gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If
- globbing is turned off with gglloobb, the file name arguments are
- taken literally and not expanded. Globbing for mmppuutt is done
- as in csh(1). For mmddeelleettee and mmggeett, each remote file name is
- expanded separately on the remote machine and the lists are
- not merged. Expansion of a directory name is likely to be
- different from expansion of the name of an ordinary file: the
- exact result depends on the foreign operating system and ftp
- server, and can be previewed by doing `mls remote-files -'.
- As a security measure, remotely globbed files that starts
- with `/' or contains `../', will not be automatically re-
- ceived. If you have interactive prompting turned off, these
- filenames will be ignored. Note: mmggeett and mmppuutt are not meant
- to transfer entire directory subtrees of files. That can be
- done by transferring a tar(1) archive of the subtree (in bi-
- nary mode).
-
- hhaasshh Toggle hash-sign (``#'') printing for each data block trans-
- ferred. The size of a data block is 1024 bytes.
-
- hheellpp [_c_o_m_m_a_n_d]
- Print an informative message about the meaning of _c_o_m_m_a_n_d. If
- no argument is given, ffttpp prints a list of the known com-
- mands.
-
- iiddllee [_s_e_c_o_n_d_s]
- Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
- onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
- printed.
-
- llccdd [_d_i_r_e_c_t_o_r_y]
- Change the working directory on the local machine. If no
- _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
-
- llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
- Print a listing of the contents of a directory on the remote
- machine. The listing includes any system-dependent informa-
- tion that the server chooses to include; for example, most
- UNIX systems will produce output from the command `ls -l'.
- (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
- the current working directory is used. If interactive
- prompting is on, ffttpp will prompt the user to verify that the
- last argument is indeed the target local file for receiving
- llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
- is `--', the output is sent to the terminal.
-
- mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
- Define a macro. Subsequent lines are stored as the macro
- _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
- file or carriage returns from the terminal) terminates macro
- input mode. There is a limit of 16 macros and 4096 total
- characters in all defined macros. Macros remain defined un-
- til a cclloossee command is executed. The macro processor inter-
- prets `$' and `\' as special characters. A `$' followed by a
- number (or numbers) is replaced by the corresponding argument
- on the macro invocation command line. A `$' followed by an
- `i' signals that macro processor that the executing macro is
- to be looped. On the first pass `$i' is replaced by the
- first argument on the macro invocation command line, on the
- second pass it is replaced by the second argument, and so on.
- A `\' followed by any character is replaced by that charac-
- ter. Use the `\' to prevent special treatment of the `$'.
-
- mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
- Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
-
- mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
- Like ddiirr, except multiple remote files may be specified. If
- interactive prompting is on, ffttpp will prompt the user to ver-
- ify that the last argument is indeed the target local file
- for receiving mmddiirr output.
-
- mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
- Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
- for each file name thus produced. See gglloobb for details on
- the filename expansion. Resulting file names will then be
- processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
- Files are transferred into the local working directory, which
- can be changed with `lcd directory'; new local directories
- can be created with `! mkdir directory'.
-
- mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
- Make a directory on the remote machine.
-
- mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
- Like nnlliisstt, except multiple remote files may be specified,
- and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt-
- ing is on, ffttpp will prompt the user to verify that the last
- argument is indeed the target local file for receiving mmllss
- output.
-
- mmooddee [_m_o_d_e_-_n_a_m_e]
- Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is
- ``stream'' mode.
-
- mmooddttiimmee _f_i_l_e_-_n_a_m_e
- Show the last modification time of the file on the remote ma-
- chine.
-
- mmppuutt _l_o_c_a_l_-_f_i_l_e_s
- Expand wild cards in the list of local files given as argu-
- ments and do a ppuutt for each file in the resulting list. See
- gglloobb for details of filename expansion. Resulting file names
- will then be processed according to nnttrraannss and nnmmaapp settings.
-
- nneewweerr _f_i_l_e_-_n_a_m_e
- Get the file only if the modification time of the remote file
- is more recent that the file on the current system. If the
- file does not exist on the current system, the remote file is
- considered nneewweerr. Otherwise, this command is identical to
- _g_e_t.
-
- nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
- Print a list of the files in a directory on the remote ma-
- chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
- working directory is used. If interactive prompting is on,
- ffttpp will prompt the user to verify that the last argument is
- indeed the target local file for receiving nnlliisstt output. If
- no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
- is sent to the terminal.
-
- nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
- Set or unset the filename mapping mechanism. If no arguments
- are specified, the filename mapping mechanism is unset. If
- arguments are specified, remote filenames are mapped during
- mmppuutt commands and ppuutt commands issued without a specified re-
- mote target filename. If arguments are specified, local
- filenames are mapped during mmggeett commands and ggeett commands
- issued without a specified local target filename. This com-
- mand is useful when connecting to a non-UNIX remote computer
- with different file naming conventions or practices. The
- mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
- [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
- have already been processed according to the nnttrraannss and ccaassee
- settings). Variable templating is accomplished by including
- the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to
- prevent this special treatment of the `$' character. All
- other characters are treated literally, and are used to de-
- termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example,
- given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
- $1 would have the value "mydata", and $2 would have the value
- "data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
- name. The sequences `$1', `$2', ...., `$9' are replaced by
- any value resulting from the _i_n_p_a_t_t_e_r_n template. The se-
- quence `$0' is replace by the original filename. Additional-
- ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
- is not a null string; otherwise it is replaced by _s_e_q_2. For
- example, the command
-
- nmap $1.$2.$3 [$1,$2].[$2,file]
-
- would yield the output filename "myfile.data" for input file-
- names "myfile.data" and "myfile.data.old", "myfile.file" for
- the input filename "myfile", and "myfile.myfile" for the in-
- put filename ".myfile". Spaces may be included in
- _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1'
- . Use the `\' character to prevent special treatment of the
- `$','[','[', and `,' characters.
-
- nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
- Set or unset the filename character translation mechanism.
- If no arguments are specified, the filename character trans-
- lation mechanism is unset. If arguments are specified, char-
- acters in remote filenames are translated during mmppuutt com-
- mands and ppuutt commands issued without a specified remote tar-
- get filename. If arguments are specified, characters in lo-
- cal filenames are translated during mmggeett commands and ggeett
- commands issued without a specified local target filename.
- This command is useful when connecting to a non-UNIX remote
- computer with different file naming conventions or practices.
- Characters in a filename matching a character in _i_n_c_h_a_r_s are
- replaced with the corresponding character in _o_u_t_c_h_a_r_s. If the
- character's position in _i_n_c_h_a_r_s is longer than the length of
- _o_u_t_c_h_a_r_s, the character is deleted from the file name.
-
- ooppeenn _h_o_s_t [_p_o_r_t]
- Establish a connection to the specified _h_o_s_t FTP server. An
- optional port number may be supplied, in which case, ffttpp will
- attempt to contact an FTP server at that port. If the aauuttoo--
- llooggiinn option is on (default), ffttpp will also attempt to auto-
- matically log the user in to the FTP server (see below).
-
- ppaassssiivvee Toggle passive mode. If passive mode is turned on (default
- is off), the ftp client will send a PASV command for all data
- connections instead of the usual PORT command. The PASV com-
- mand requests that the remote server open a port for the data
- connection and return the address of that port. The remote
- server listens on that port and the client connects to it.
- When using the more traditional PORT command, the client lis-
- tens on a port and sends that address to the remote server,
- who connects back to it. Passive mode is useful when using
- ffttpp through a gateway router or host that controls the direc-
- tionality of traffic. (Note that though ftp servers are re-
- quired to support the PASV command by RFC 1123, some do not.)
-
- pprroommpptt Toggle interactive prompting. Interactive prompting occurs
- during multiple file transfers to allow the user to selec-
- tively retrieve or store files. If prompting is turned off
- (default is on), any mmggeett or mmppuutt will transfer all files,
- and any mmddeelleettee will delete all files.
-
- pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
- Execute an ftp command on a secondary control connection.
- This command allows simultaneous connection to two remote ftp
- servers for transferring files between the two servers. The
- first pprrooxxyy command should be an ooppeenn, to establish the sec-
- ondary control connection. Enter the command "proxy ?" to
- see other ftp commands executable on the secondary connec-
- tion. The following commands behave differently when pref-
- aced by pprrooxxyy: ooppeenn will not define new macros during the au-
- to-login process, cclloossee will not erase existing macro defini-
- tions, ggeett and mmggeett transfer files from the host on the pri-
- mary control connection to the host on the secondary control
- connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
- host on the secondary control connection to the host on the
- primary control connection. Third party file transfers de-
- pend upon support of the ftp protocol PASV command by the
- server on the secondary control connection.
-
- ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
- Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is
- left unspecified, the local file name is used after process-
- ing according to any nnttrraannss or nnmmaapp settings in naming the
- remote file. File transfer uses the current settings for
- ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
-
- ppwwdd Print the name of the current working directory on the remote
- machine.
-
- qquuiitt A synonym for bbyyee.
-
- qquuoottee _a_r_g_1 _a_r_g_2 _._._.
- The arguments specified are sent, verbatim, to the remote FTP
- server.
-
- rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
- A synonym for get.
-
- rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
- Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
- smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
- tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
- continued from the apparent point of failure. This command
- is useful when transferring very large files over networks
- that are prone to dropping connections.
-
- rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
- Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e
-
-
- is specified it is supplied to the server as well.
-
- rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
- With no arguments, show status of remote machine. If _f_i_l_e_-
- _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
- chine.
-
- rreennaammee [_f_r_o_m] [_t_o]
- Rename the file _f_r_o_m on the remote machine, to the file _t_o.
-
- rreesseett Clear reply queue. This command re-synchronizes command/re-
- ply sequencing with the remote ftp server. Resynchronization
- may be necessary following a violation of the ftp protocol by
- the remote server.
-
- rreessttaarrtt _m_a_r_k_e_r
- Restart the immediately following ggeett or ppuutt at the indicated
- _m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset into
- the file.
-
- rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
- Delete a directory on the remote machine.
-
- rruunniiqquuee Toggle storing of files on the local system with unique file-
- names. If a file already exists with a name equal to the
- target local filename for a ggeett or mmggeett command, a ".1" is
- appended to the name. If the resulting name matches another
- existing file, a ".2" is appended to the original name. If
- this process continues up to ".99", an error message is
- printed, and the transfer does not take place. The generated
- unique filename will be reported. Note that rruunniiqquuee will not
- affect local files generated from a shell command (see be-
- low). The default value is off.
-
- sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
- A synonym for put.
-
- sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at-
- tempt to use a PORT command when establishing a connection
- for each data transfer. The use of PORT commands can prevent
- delays when performing multiple file transfers. If the PORT
- command fails, ffttpp will use the default data port. When the
- use of PORT commands is disabled, no attempt will be made to
- use PORT commands for each data transfer. This is useful for
- certain FTP implementations which do ignore PORT commands
- but, incorrectly, indicate they've been accepted.
-
- ssiittee _a_r_g_1 _a_r_g_2 _._._.
- The arguments specified are sent, verbatim, to the remote FTP
- server as a SITE command.
-
- ssiizzee _f_i_l_e_-_n_a_m_e
- Return size of _f_i_l_e_-_n_a_m_e on remote machine.
-
- ssttaattuuss Show the current status of ffttpp.
-
- ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
- Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default
- ``stream'' structure is used.
-
- ssuunniiqquuee Toggle storing of files on remote machine under unique file
- names. Remote ftp server must support ftp protocol STOU com-
- mand for successful completion. The remote server will re-
- port unique name. Default value is off.
-
- ssyysstteemm Show the type of operating system running on the remote ma-
-
- chine.
-
- tteenneexx Set the file transfer type to that needed to talk to TENEX
- machines.
-
- ttrraaccee Toggle packet tracing.
-
- ttyyppee [_t_y_p_e_-_n_a_m_e]
- Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is speci-
- fied, the current type is printed. The default type is net-
- work ASCII.
-
- uummaasskk [_n_e_w_m_a_s_k]
- Set the default umask on the remote server to _n_e_w_m_a_s_k. If
- _n_e_w_m_a_s_k is omitted, the current umask is printed.
-
- uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
- Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d
- is not specified and the server requires it, ffttpp will prompt
- the user for it (after disabling local echo). If an _a_c_c_o_u_n_t
- field is not specified, and the FTP server requires it, the
- user will be prompted for it. If an _a_c_c_o_u_n_t field is speci-
- fied, an account command will be relayed to the remote server
- after the login sequence is completed if the remote server
- did not require it for logging in. Unless ffttpp is invoked
- with ``auto-login'' disabled, this process is done automati-
- cally on initial connection to the FTP server.
-
- vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the
- FTP server are displayed to the user. In addition, if ver-
- bose is on, when a file transfer completes, statistics re-
- garding the efficiency of the transfer are reported. By de-
- fault, verbose is on.
-
- ?? [_c_o_m_m_a_n_d]
- A synonym for help.
-
- The following command can be used with ftpsec-aware servers.
-
- pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
- Set the data protection level to the requested level.
-
- The following command can be used with ftp servers that has implemented
- the KAUTH site command.
-
- kkaauutthh [_p_r_i_n_c_i_p_a_l]
- Obtain remote tickets.
-
- Command arguments which have embedded spaces may be quoted with quote `"'
- marks.
-
-AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
- To abort a file transfer, use the terminal interrupt key (usually Ctrl-
- C). Sending transfers will be immediately halted. Receiving transfers
- will be halted by sending a ftp protocol ABOR command to the remote serv-
- er, and discarding any further data received. The speed at which this is
- accomplished depends upon the remote server's support for ABOR process-
- ing. If the remote server does not support the ABOR command, an `ftp>'
- prompt will not appear until the remote server has completed sending the
- requested file.
-
- The terminal interrupt key sequence will be ignored when ffttpp has complet-
- ed any local processing and is awaiting a reply from the remote server.
- A long delay in this mode may result from the ABOR processing described
- above, or from unexpected behavior by the remote server, including viola-
- tions of the ftp protocol. If the delay results from unexpected remote
- server behavior, the local ffttpp program must be killed by hand.
-
-FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
- Files specified as arguments to ffttpp commands are processed according to
- the following rules.
-
- 1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
- (for writing) is used.
-
- 2. If the first character of the file name is `|', the remainder of the
- argument is interpreted as a shell command. FFttpp then forks a shell,
- using popen(3) with the argument supplied, and reads (writes) from
- the stdout (stdin). If the shell command includes spaces, the argu-
- ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex-
- ample of this mechanism is: ``dir more''.
-
- 3. Failing the above checks, if ``globbing'' is enabled, local file
- names are expanded according to the rules used in the csh(1); c.f.
- the gglloobb command. If the ffttpp command expects a single local file
- (.e.g. ppuutt), only the first filename generated by the "globbing"
- operation is used.
-
- 4. For mmggeett commands and ggeett commands with unspecified local file
- names, the local filename is the remote filename, which may be al-
- tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename
- may then be altered if rruunniiqquuee is on.
-
- 5. For mmppuutt commands and ppuutt commands with unspecified remote file
- names, the remote filename is the local filename, which may be al-
- tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then
- be altered by the remote server if ssuunniiqquuee is on.
-
-FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
- The FTP specification specifies many parameters which may affect a file
- transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary),
- ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
- FFttpp supports the ascii and image types of file transfer, plus local byte
- size 8 for tteenneexx mode transfers.
-
- FFttpp supports only the default values for the remaining file transfer pa-
- rameters: mmooddee, ffoorrmm, and ssttrruucctt.
-
-TTHHEE ..nneettrrcc FFIILLEE
- The _._n_e_t_r_c file contains login and initialization information used by the
- auto-login process. It resides in the user's home directory. The fol-
- lowing tokens are recognized; they may be separated by spaces, tabs, or
- new-lines:
-
- mmaacchhiinnee _n_a_m_e
- Identify a remote machine _n_a_m_e. The auto-login process searches
- the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote ma-
- chine specified on the ffttpp command line or as an ooppeenn command
- argument. Once a match is made, the subsequent _._n_e_t_r_c tokens
- are processed, stopping when the end of file is reached or an-
- other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
-
- ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
- any name. There can be only one ddeeffaauulltt token, and it must be
- after all mmaacchhiinnee tokens. This is normally used as:
-
- default login anonymous password user@site
-
- thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
- chines not specified in _._n_e_t_r_c. This can be overridden by using
-
- the --nn flag to disable auto-login.
-
- llooggiinn _n_a_m_e
- Identify a user on the remote machine. If this token is pre-
- sent, the auto-login process will initiate a login using the
- specified _n_a_m_e.
-
- ppaasssswwoorrdd _s_t_r_i_n_g
- Supply a password. If this token is present, the auto-login
- process will supply the specified string if the remote server
- requires a password as part of the login process. Note that if
- this token is present in the _._n_e_t_r_c file for any user other
- than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
- _._n_e_t_r_c is readable by anyone besides the user.
-
- aaccccoouunntt _s_t_r_i_n_g
- Supply an additional account password. If this token is pre-
- sent, the auto-login process will supply the specified string
- if the remote server requires an additional account password,
- or the auto-login process will initiate an ACCT command if it
- does not.
-
- mmaaccddeeff _n_a_m_e
- Define a macro. This token functions like the ffttpp mmaaccddeeff com-
- mand functions. A macro is defined with the specified name;
- its contents begin with the next _._n_e_t_r_c line and continue until
- a null line (consecutive new-line characters) is encountered.
- If a macro named iinniitt is defined, it is automatically executed
- as the last step in the auto-login process.
-
-EENNVVIIRROONNMMEENNTT
- FFttpp utilizes the following environment variables.
-
- HOME For default location of a _._n_e_t_r_c file, if one exists.
-
- SHELL For default shell.
-
-SSEEEE AALLSSOO
- ftpd(8), _R_F_C_2_2_2_8
-
-HHIISSTTOORRYY
- The ffttpp command appeared in 4.2BSD.
-
-BBUUGGSS
- Correct execution of many commands depends upon proper behavior by the
- remote server.
-
- An error in the treatment of carriage returns in the 4.2BSD ascii-mode
- transfer code has been corrected. This correction may result in incor-
- rect transfers of binary files to and from 4.2BSD servers using the ascii
- type. Avoid this problem by using the binary image type.
-
-4.2 Berkeley Distribution April 27, 1996 10
diff --git a/kerberosIV/src/man/ftpd.cat8 b/kerberosIV/src/man/ftpd.cat8
deleted file mode 100644
index e4c124a947d..00000000000
--- a/kerberosIV/src/man/ftpd.cat8
+++ /dev/null
@@ -1,290 +0,0 @@
-
-FTPD(8) UNIX System Manager's Manual FTPD(8)
-
-NNAAMMEE
- ffttppdd - Internet File Transfer Protocol server
-
-SSYYNNOOPPSSIISS
- ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
- _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k]
-
-DDEESSCCRRIIPPTTIIOONN
- FFttppdd is the Internet File Transfer Protocol server process. The server
- uses the TCP protocol and listens at the port specified in the ``ftp''
- service specification; see services(5).
-
- Available options:
-
- --aa Select the level of authentication required. Kerberised login
- can not be turned off. The default is to only allow kerberised
- login. Other possibilities can be turned on by giving a string
- of comma separated flags as argument to --aa. Recognised flags are:
-
- _p_l_a_i_n Allow logging in with plaintext password. The password can
- be a(n) OTP or an ordinary password.
-
- _o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
-
- _f_t_p Allow anonymous login.
-
- The following combination modes exists for backwards compatibili-
- ty:
-
- _n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
-
- _s_a_f_e Same as _f_t_p.
-
- _u_s_e_r Ignored.
-
- --dd Debugging information is written to the syslog using LOG_FTP.
-
- --gg Anonymous users will get a umask of _u_m_a_s_k.
-
- --ii Open a socket and wait for a connection. This is mainly used for
- debugging when ftpd isn't started by inetd.
-
- --ll Each successful and failed ftp(1) session is logged using syslog
- with a facility of LOG_FTP. If this option is specified twice,
- the retrieve (get), store (put), append, delete, make directory,
- remove directory and rename operations and their filename argu-
- ments are also logged.
-
- --pp Use _p_o_r_t (a service name or number) instead of the default
- _f_t_p_/_t_c_p.
-
- --TT A client may also request a different timeout period; the maximum
- period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
- The default limit is 2 hours.
-
- --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
- fault is 15 minutes).
-
- --uu Set the initial umask to something else than the default 027.
-
- --vv Verbose mode.
-
-
- The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
- ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
- ffttppdd prints it before issuing the ``ready'' message. If the file
- _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
-
- The ftp server currently supports the following ftp requests. The case
- of the requests is ignored.
-
- Request Description
- ABOR abort previous command
- ACCT specify account (ignored)
- ALLO allocate storage (vacuously)
- APPE append to a file
- CDUP change to parent of current working directory
- CWD change working directory
- DELE delete a file
- HELP give help information
- LIST give list files in a directory (``ls -lgA'')
- MKD make a directory
- MDTM show last modification time of file
- MODE specify data transfer _m_o_d_e
- NLST give name list of files in directory
- NOOP do nothing
- PASS specify password
- PASV prepare for server-to-server transfer
- PORT specify data connection port
- PWD print the current working directory
- QUIT terminate session
- REST restart incomplete transfer
- RETR retrieve a file
- RMD remove a directory
- RNFR specify rename-from file name
- RNTO specify rename-to file name
- SITE non-standard commands (see next section)
- SIZE return size of file
- STAT return status of server
- STOR store a file
- STOU store a file with a unique name
- STRU specify data transfer _s_t_r_u_c_t_u_r_e
- SYST show operating system type of server system
- TYPE specify data transfer _t_y_p_e
- USER specify user name
- XCUP change to parent of current working directory
- (deprecated)
- XCWD change working directory (deprecated)
- XMKD make a directory (deprecated)
- XPWD print the current working directory (deprecated)
- XRMD remove a directory (deprecated)
-
- The following commands are specified by RFC2228.
-
- AUTH authentication/security mechanism
- ADAT authentication/security data
- PROT data channel protection level
- PBSZ protection buffer size
- MIC integrity protected command
- CONF confidentiality protected command
- ENC privacy protected command
- CCC clear command channel
-
- The following non-standard or UNIX specific commands are supported by the
- SITE request.
-
-
-
-
- UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
- IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
- CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
- FIND quickly find a specific file with GNU locate(1).
- HELP give help information.
-
- The following Kerberos related site commands are understood.
-
- KAUTH obtain remote tickets.
- KLIST show remote tickets
-
- The remaining ftp requests specified in Internet RFC 959 are recognized,
- but not implemented. MDTM and SIZE are not specified in RFC 959, but
- will appear in the next updated FTP RFC.
-
- The ftp server will abort an active file transfer only when the ABOR com-
- mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
- "Synch" signal in the command Telnet stream, as described in Internet RFC
- 959. If a STAT command is received during a data transfer, preceded by a
- Telnet IP and Synch, transfer status will be returned.
-
- FFttppdd interprets file names according to the ``globbing'' conventions used
- by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
-
- FFttppdd authenticates users according to these rules.
-
- 1. If Kerberos authentication is used, the user must pass valid
- tickets and the principal must be allowed to login as the re-
- mote user.
-
- 2. The login name must be in the password data base, and not have
- a null password (if kerberos is used the password field is not
- checked). In this case a password must be provided by the
- client before any file operations may be performed. If the
- user has an OTP key, the response from a successful USER com-
- mand will include an OTP challenge. The client may choose to
- respond with a PASS command giving either a standard password
- or an OTP one-time password. The server will automatically de-
- termine which type of password it has been given and attempt
- to authenticate accordingly. See otp(1) for more information
- on OTP authentication.
-
- 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
-
- 4. The user must have a standard shell returned by
- getusershell(3).
-
- 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
- sion's root will be changed to the user's login directory by
- chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
- item). However, the user must still supply a password. This
- feature is intended as a compromise between a fully anonymous
- account and a fully privileged account. The account should
- also be set up as for an anonymous account.
-
- 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
- account must be present in the password file (user ``ftp'').
- In this case the user is allowed to log in by specifying any
- password (by convention an email address for the user should
- be used as the password).
-
- In the last case, ffttppdd takes special measures to restrict the client's
- access privileges. The server performs a chroot(2) to the home directory
- of the ``ftp'' user. In order that system security is not breached, it
- is recommended that the ``ftp'' subtree be constructed with care, consid-
- er following these guidelines for anonymous ftp.
-
- In general all files should be owned by ``root'', and have non-write per-
- missions (644 or 755 depending on the kind of file). No files should be
- owned or writable by ``ftp'' (possibly with exception for the
- _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
-
- _~_f_t_p The ``ftp'' homedirectory should be owned by root.
-
- _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
- These programs must either be statically linked, or you
- must setup an environment for dynamic linking when run-
- ning chrooted. These programs will be used if present:
-
- ls Used when listing files.
-
- compress
- When retrieving a filename that ends in _._Z,
- and that file isn't present, ffttppdd will try
- to find the filename without _._Z and com-
- press it on the fly.
-
- gzip Same as compress, just with files ending in
- _._g_z.
-
- gtar Enables retrieval of whole directories as
- files ending in _._t_a_r. Can also be combined
- with compression. You must use GNU Tar (or
- some other that supports the --zz and --ZZ
- flags).
-
- locate Will enable ``fast find'' with the SSIITTEE
- FFIINNDD command. You must also create a
- _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
-
- _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
- here, ls will be able to produce owner names rather than
- numbers. Remember to remove any passwords from these
- files.
-
- The file _m_o_t_d, if present, will be printed after a suc-
- cessful login.
-
- _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
-
- _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
- lic.
-
- If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
- rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
- ``ftp'' is member of group ``ftp''). The following restrictions apply to
- anonymous users:
-
- ++oo Directories created will have mode 700.
-
- ++oo Uploaded files will be created with an umask of 777, if not changed
- with the --gg option.
-
- ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
- and SSIITTEE CCHHMMOODD.
-
- ++oo Filenames must start with an alpha-numeric character, and consist of
- alpha-numeric characters or any of the following: + (plus), - (mi-
- nus), = (equal), _ (underscore), . (period), and , (comma).
-
-FFIILLEESS
-
- /etc/ftpusers Access list for users.
- /etc/ftpchroot List of normal users who should be chroot'd.
- /etc/ftpwelcome Welcome notice.
- /etc/motd Welcome notice after login.
- /etc/nologin Displayed and access refused.
- ~/.klogin Login access for Kerberos.
-
-SSEEEE AALLSSOO
- ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8),
-
-SSTTAANNDDAARRDDSS
- RRFFCC 995599 FTP PROTOCOL SPECIFICATION
- RRFFCC 11993388 OTP Specification
- RRFFCC 22222288 FTP Security Extensions.
-
-BBUUGGSS
- The server must run as the super-user to create sockets with privileged
- port numbers. It maintains an effective user id of the logged in user,
- reverting to the super-user only when binding addresses to sockets. The
- possible security holes have been extensively scrutinized, but are possi-
- bly incomplete.
-
-HHIISSTTOORRYY
- The ffttppdd command appeared in 4.2BSD.
-
-4.2 Berkeley Distribution April 19, 1997 5
diff --git a/kerberosIV/src/man/ftpusers.cat5 b/kerberosIV/src/man/ftpusers.cat5
deleted file mode 100644
index 808a3934680..00000000000
--- a/kerberosIV/src/man/ftpusers.cat5
+++ /dev/null
@@ -1,27 +0,0 @@
-
-FTPUSERS(5) UNIX Programmer's Manual FTPUSERS(5)
-
-NNAAMMEE
- _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file.
-
-DDEESSCCRRIIPPTTIIOONN
- _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
- FTP access. Each line contains a user, optionally followed by ``allow''
- (anything but ``allow'' is ignored). The semi-user ``*'' matches any us-
- er. Users that has an explicit ``allow'', or that does not match any
- line, are allowed access. Anyone else is denied access.
-
- Note that this is compatible with the old format, where this file con-
- tained a list of users that should be denied access.
-
-EEXXAAMMPPLLEESS
- This will deny anyone but ``foo'' and ``bar'' to use FTP:
-
- foo allow
- bar allow
- *
-
-SSEEEE AALLSSOO
- ftpd(8)
-
- KTH-KRB May 7, 1997 1
diff --git a/kerberosIV/src/man/kadmin.cat8 b/kerberosIV/src/man/kadmin.cat8
deleted file mode 100644
index 859d5440919..00000000000
--- a/kerberosIV/src/man/kadmin.cat8
+++ /dev/null
@@ -1,110 +0,0 @@
-
-
-KADMIN(8) UNIX System Manager's Manual KADMIN(8)
-
-NNAAMMEE
- kkaaddmmiinn - network utility for Kerberos database administration
-
-SSYYNNOOPPSSIISS
- kkaaddmmiinn [--pp _p_r_i_n_c_i_p_a_l] [--uu _u_s_e_r_n_a_m_e] [--rr _r_e_a_l_m] [--mm] [--TT _t_i_m_e_o_u_t] [--tt]
- [----vveerrssiioonn] [--hh] [----hheellpp] _[_c_o_m_m_a_n_d_]
-
-DDEESSCCRRIIPPTTIIOONN
- This utility provides a unified administration interface to the Kerberos
- master database. Kerberos administrators use kkaaddmmiinn to register new
- users and services to the master database, and to change information
- about existing database entries, such as changing a user's Kerberos pass-
- word. A Kerberos administrator is a user with an ``admin'' instance whose
- name appears on one of the Kerberos administration access control lists.
-
- Supported options:
-
- --pp _p_r_i_n_c_i_p_a_l
- This is the adminstrator principal to use when talking to the
- Kadmin server. The default is taken from the users environment.
-
- --rr _r_e_a_l_m
- This is the default realm to use for transactions. Default is the
- local realm.
-
- --uu _u_s_e_r_n_a_m_e
- This is similar to --pp, but specifies a name, that gets appended
- with a ``admin'' instance.
-
- --TT _t_i_m_e_o_u_t
- To prevent someone from walking up to an unguarded terminal and
- doing malicious things, administrator tickets are destroyed after
- a period of inactivity. This flag changes the timeout from the
- default of one minute. A timeout of zero seconds disables this
- functionality.
-
- --mm Historically kkaaddmmiinn destroyed tickets after every command; this
- flag used to stop this behaviour (only destroying tickets upon
- exit). Now it's just a synonym for --TT _0.
-
- --tt Use existing tickets (if any are available), this also disbles
- timeout, and doesn't destroy any tickets upon exit.
-
- These tickets have to be for the changepw.kerberos service. Use
- kkiinniitt --pp to acquire them.
-
- The kkaaddmmiinn program communicates over the network with the kkaaddmmiinndd pro-
- gram, which runs on the machine housing the Kerberos master database, and
- does the actual modifications to the database.
-
- When you enter the kkaaddmmiinn command, the program displays a message that
- welcomes you and explains how to ask for help. Then kkaaddmmiinn waits for you
- to enter commands (which are described below). It then asks you for your
- administrator's password before accessing the database.
-
- All commands can be abbreviated as long as they are unique. Some short
- versions of the commands are also recognized for backwards compatibility.
-
- Recognised commands:
-
- add_new_key _p_r_i_n_c_i_p_a_l
- Creates a new principal in the Kerberos database. You give the
- name of the new principal as an argument. You will then be asked
- for a maximum ticket lifetime, attributes, the expiration date of
- the principal, and finally the password of the principal.
-
- change_password _p_r_i_n_c_i_p_a_l
- Changes a principal's password. You will be prompted for the new
- password.
-
- change_key _p_r_i_n_c_i_p_a_l
- This is the same as change_password, but the password is given as
- a raw DES key (for the few occations when you need this).
-
- change_admin_password
- Changes your own admin password. It will prompt you for you old
- and new passwords.
-
- del_entry _p_r_i_n_c_i_p_a_l
- Removes principal from the database.
-
- get_entry _p_r_i_n_c_i_p_a_l
- Show various information for the given principal. Note that the
- key is shown as zeros.
-
- mod_entry _p_r_i_n_c_i_p_a_l
- Modifies a particular entry, for instance to change the expira-
- tion date.
-
- destroy_tickets
- Destroys your admin tickets explicitly.
-
- quit Obvious.
-
-SSEEEE AALLSSOO
- kerberos(1), kadmind(8), kpasswd(1), kinit(1), ksrvutil(8)
-
-AAUUTTHHOORRSS
- Jeffrey I. Schiller, MIT Project Athena
-
- Emanuel Jay Berkenbilt, MIT Project Athena
-
-BBUUGGSS
- The user interface is primitive, and the command names could be better.
-
- KTH-KRB February 3, 1998 2
diff --git a/kerberosIV/src/man/kadmind.cat8 b/kerberosIV/src/man/kadmind.cat8
deleted file mode 100644
index affc4beb24e..00000000000
--- a/kerberosIV/src/man/kadmind.cat8
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- KKAADDMMIINNDD((88)) MMIITT PPrroojjeecctt AAtthheennaa KKAADDMMIINNDD((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kadmind - network daemon for Kerberos database administration
-
- SSYYNNOOPPSSIISS
- kkaaddmmiinndd [ --nn ] [ --mm ] [ --hh ] [ --rr rreeaallmm ] [ --ff ffiilleennaammee ] [ --dd ddbbnnaammee ]
- [ --aa aaccllddiirr ] [ --ii aaddddrreessss ]
-
- DDEESSCCRRIIPPTTIIOONN
- _k_a_d_m_i_n_d is the network database server for the Kerberos password-
- changing and administration tools.
-
- Upon execution, it fetches the master key from the key cache file.
-
- If the --mm option is specified, it instead prompts the user to enter
- the master key string for the database.
-
- The --nn option is a no-op and is left for compatibility reasons.
-
- If the --rr _r_e_a_l_m option is specified, the admin server will pretend
- that its local realm is _r_e_a_l_m instead of the actual local realm of the
- host it is running on. This makes it possible to run a server for a
- foreign kerberos realm.
-
- If the --ff _f_i_l_e_n_a_m_e option is specified, then that file is used to hold
- the log information instead of the default.
-
- If the --dd _d_b_n_a_m_e option is specified, then that file is used as the
- database name instead of the default.
-
- If the --aa _a_c_l_d_i_r option is specified, then _a_c_l_d_i_r is used as the
- directory in which to search for access control lists instead of the
- default.
-
- If the --hh option is specified, _k_a_d_m_i_n_d prints out a short summary of
- the permissible control arguments, and then exits.
-
- If the --ii option is specified, _k_a_d_m_i_n_d will only listen on that
- particular address and not on all configured addresses of the host,
- which is the default.
-
- When performing requests on behalf of clients, _k_a_d_m_i_n_d checks access
- control lists (ACLs) to determine the authorization of the client to
- perform the requested action. Currently four distinct access types
- are supported:
-
- Addition (.add ACL file). If a principal is on this list, it may add
- new principals to the database.
-
- Retrieval (.get ACL file). If a principal is on this list, it may
- retrieve database entries. NOTE: A principal's private key
- is never returned by the get functions.
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKAADDMMIINNDD((88)) MMIITT PPrroojjeecctt AAtthheennaa KKAADDMMIINNDD((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- Modification
- (.mod ACL file). If a principal is on this list, it may
- modify entries in the database.
-
- Deletions (.del ACL file). If a principal is on this list, if may
- delete entries from the database.
-
- A principal is always granted authorization to change its own
- password.
-
- FFIILLEESS
- /var/log/admin_server.syslog
- Default log file.
-
- /var/kerberos Default access control list directory.
-
- admin_acl.{add,get,mod}
- Access control list files (within the directory)
-
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- Default DBM files containing database
-
- /.k Master key cache file.
-
- SSEEEE AALLSSOO
- kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
-
- AAUUTTHHOORRSS
- Douglas A. Church, MIT Project Athena
- John T. Kohl, Project Athena/Digital Equipment Corporation
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kafs.cat3 b/kerberosIV/src/man/kafs.cat3
deleted file mode 100644
index 71f6e330661..00000000000
--- a/kerberosIV/src/man/kafs.cat3
+++ /dev/null
@@ -1,118 +0,0 @@
-
-KAFS(3) UNIX Programmer's Manual KAFS(3)
-
-NNAAMMEE
- kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg,
- kkrrbb__aaffsslloogg__uuiidd
-
-
- - AFS library
-
-SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkaaffss..hh>>
-
- _i_n_t
- kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n)
-
- _i_n_t
- kk__hhaassaaffss()
-
- _i_n_t
- kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P,
- _i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s)
-
- _i_n_t
- kk__sseettppaagg()
-
- _i_n_t
- kk__uunnlloogg()
-
- _i_n_t
- kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m)
-
- _i_n_t
- kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d)
-
-
-
-
-
-DDEESSCCRRIIPPTTIIOONN
- kk__hhaassaaffss() initializes some library internal structures, and tests for
- the presense of AFS in the kernel, none of the other functions should be
- called before kk__hhaassaaffss() is called, or if it fails.
-
- kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick-
- ets) for the specified _c_e_l_l and _r_e_a_l_m. If _c_e_l_l is NULL, the local cell is
- used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use.
- Unless you have some good knowledge of what cell or realm to use, you
- should pass NULL. kkrrbb__aaffsslloogg() will use the real user-id for the ViceId
- field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no
- more than _l_e_n characters is put in _c_e_l_l.
-
- kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This
- function is equivalent to llppiiooccttll().
-
- kk__sseettppaagg() initializes a new PAG.
-
- kk__uunnlloogg() removes destroys all tokens in the current PAG.
-
-
-EENNVVIIRROONNMMEENNTT
- The following environment variable affect the mode of operation of kkaaffss:
-
- AFS_SYSCALL
- Normally, kkaaffss will try to figure out the correct system call(s) that
- are used by AFS by itself. If it does not manage to do that, or does
- it incorrectly, you can set this variable to the system call number or
- list of system call numbers that should be used.
-
-RREETTUURRNN VVAALLUUEESS
- kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise.
- kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er-
- ror number on failure. kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and
- kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc-
- cess.
-
-EEXXAAMMPPLLEESS
- The following code from llooggiinn will obtain a new PAG and tokens for the
- local cell and the cell of the users home directory.
-
- if (k_hasafs()) {
- char cell[64];
- k_setpag();
- if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0)
- krb_afslog(cell, NULL);
- krb_afslog(NULL, NULL);
- }
-
-EERRRROORRSS
- If any of these functions (appart from kk__hhaassaaffss()) is called without AFS
- beeing present in the kernel, the process will usually (depending on the
- operating system) receive a SIGSYS signal.
-
-SSEEEE AALLSSOO
- Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3
- _P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991.
-
-BBUUGGSS
- AFS_SYSCALL has no effect under AIX.
-
- KTH-KRB May 7, 1997 2
diff --git a/kerberosIV/src/man/kauth.cat1 b/kerberosIV/src/man/kauth.cat1
deleted file mode 100644
index 94d7e2c32be..00000000000
--- a/kerberosIV/src/man/kauth.cat1
+++ /dev/null
@@ -1,47 +0,0 @@
-
-KAUTH(1) UNIX Reference Manual KAUTH(1)
-
-NNAAMMEE
- kkaauutthh - overworked Kerberos login program
-
-SSYYNNOOPPSSIISS
- kkaauutthh [--nn _n_a_m_e] [--rr _r_e_m_o_t_e _u_s_e_r] [--tt _r_e_m_o_t_e _t_i_c_k_e_t _f_i_l_e] [--hh _h_o_s_t_s_._._.]
- [--ll _l_i_f_e_t_i_m_e] [--ff _s_r_v_t_a_b] [--cc _c_e_l_l] [_c_o_m_m_a_n_d _._._.]
-
-DDEESSCCRRIIPPTTIIOONN
- The kkaauutthh command obtains ticket granting tickets as well as AFS ticket
- and tokens. It also does a whole lot of other stuff.
-
- The following flags are supported:
-
- --nn Principal to get tickets for. If no other arguments are present
- this can be given without the --nn flag.
-
- --hh Remote hosts to obtain tickets for. This works similar to the MIT
- Athena Kerberos 4 patchlevel 10 command rkinit(1), however not in
- a compatible way. It requires that the remote host runs the
- kauthd(8), server. The --rr and --tt flags are useful only with this
- option.
-
- --rr User on the remote host that should own the ticket file.
-
- --tt Ticket file on remote host.
-
- --ll Lifetime of tickets in minutes. A value of -1 is used for maximum
- ticket lifetime.
-
- --ff Srvtab to get service keys from. Default is _/_e_t_c_/_s_r_v_t_a_b. This is
- mainly used with batch services that need to run authenticated. If
- any command is given, it will be executed in an authenticated fash-
- ion and when the program exits the tickets are destroyed. For long
- running jobs the tickets will be renewed.
-
- --cc AFS cell to get tokens for, default is your local cell.
-
-SSEEEE AALLSSOO
- kinit(1), kauthd(8), kafs(3)
-
-BBUUGGSS
- There is no help-switch.
-
- KTH-KRB May 4, 1996 1
diff --git a/kerberosIV/src/man/kauthd.cat8 b/kerberosIV/src/man/kauthd.cat8
deleted file mode 100644
index 395b67cbcee..00000000000
--- a/kerberosIV/src/man/kauthd.cat8
+++ /dev/null
@@ -1,22 +0,0 @@
-
-KAUTHD(8) UNIX System Manager's Manual KAUTHD(8)
-
-NNAAMMEE
- kkaauutthhdd - remote Kerberos login daemon
-
-SSYYNNOOPPSSIISS
- kkaauutthhdd
-
-DDEESSCCRRIIPPTTIIOONN
- Daemon for the kauth(1) command.
-
- Options supported by kkaauutthhdd:
-
- --ii Interactive. Do not expect to be started by iinneettdd,, but allocate
- and listen to the socket yourself. Handy for testing and debug-
- ging.
-
-SSEEEE AALLSSOO
- kauth(1)
-
- KTH-KRB September 27, 1996 1
diff --git a/kerberosIV/src/man/kdb_destroy.cat8 b/kerberosIV/src/man/kdb_destroy.cat8
deleted file mode 100644
index 376862c448c..00000000000
--- a/kerberosIV/src/man/kdb_destroy.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKDDBB__DDEESSTTRROOYY((88)) MMIITT PPrroojjeecctt AAtthheennaa KKDDBB__DDEESSTTRROOYY((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kdb_destroy - destroy Kerberos key distribution center database
-
- SSYYNNOOPPSSIISS
- kdb_destroy
-
- DDEESSCCRRIIPPTTIIOONN
- _k_d_b___d_e_s_t_r_o_y deletes a Kerberos key distribution center database.
-
- The user is prompted to verify that the database should be destroyed.
- A response beginning with `y' or `Y' confirms deletion. Any other
- response aborts deletion.
-
- DDIIAAGGNNOOSSTTIICCSS
- "Database cannot be deleted at /var/kerberos/principal"
- The attempt to delete the database failed
- (probably due to a system or access permission
- error).
-
- "Database not deleted."
- The user aborted the deletion.
-
- FFIILLEESS
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- DBM files containing database
-
- SSEEEE AALLSSOO
- kdb_init(8)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kdb_edit.cat8 b/kerberosIV/src/man/kdb_edit.cat8
deleted file mode 100644
index 65c38722439..00000000000
--- a/kerberosIV/src/man/kdb_edit.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKDDBB__EEDDIITT((88)) MMIITT PPrroojjeecctt AAtthheennaa KKDDBB__EEDDIITT((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kdb_edit - Kerberos key distribution center database editing utility
-
- SSYYNNOOPPSSIISS
- kdb_edit [ --nn ]
-
- DDEESSCCRRIIPPTTIIOONN
- _k_d_b___e_d_i_t is used to create or change principals stored in the Kerberos
- key distribution center (KDC) database.
-
- When executed, _k_d_b___e_d_i_t prompts for the master key string and verifies
- that it matches the master key stored in the database. If the --nn
- option is specified, the master key is instead fetched from the master
- key cache file.
-
- Once the master key has been verified, _k_d_b___e_d_i_t begins a prompt loop.
- The user is prompted for the principal and instance to be modified.
- If the entry is not found the user may create it. Once an entry is
- found or created, the user may set the password, expiration date,
- maximum ticket lifetime, and attributes. Default expiration dates,
- maximum ticket lifetimes, and attributes are presented in brackets; if
- the user presses return the default is selected. There is no default
- password. The password RANDOM is interpreted specially, and if
- entered the user may have the program select a random DES key for the
- principal.
-
- Upon successfully creating or changing the entry, ``Edit O.K.'' is
- printed.
-
- DDIIAAGGNNOOSSTTIICCSS
- "verify_master_key: Invalid master key, does not match database."
- The master key string entered was incorrect.
-
- FFIILLEESS
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- DBM files containing database
-
- /.k Master key cache file.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kdb_init.cat8 b/kerberosIV/src/man/kdb_init.cat8
deleted file mode 100644
index 7ae92fad974..00000000000
--- a/kerberosIV/src/man/kdb_init.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKDDBB__IINNIITT((88)) MMIITT PPrroojjeecctt AAtthheennaa KKDDBB__IINNIITT((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kdb_init - Initialize Kerberos key distribution center database
-
- SSYYNNOOPPSSIISS
- kdb_init [ rreeaallmm ]
-
- DDEESSCCRRIIPPTTIIOONN
- _k_d_b___i_n_i_t initializes a Kerberos key distribution center database,
- creating the necessary principals.
-
- If the optional _r_e_a_l_m argument is not present, _k_d_b___i_n_i_t prompts for a
- realm name. After determining the realm to be created, it prompts for
- a master key password. The master key password is used to encrypt
- every encryption key stored in the database.
-
- DDIIAAGGNNOOSSTTIICCSS
- "/var/kerberos/principal: File exists"
- An attempt was made to create a database on a
- machine which already had an existing database.
-
- FFIILLEESS
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- DBM files containing database
-
- SSEEEE AALLSSOO
- kdb_destroy(8)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kdb_util.cat8 b/kerberosIV/src/man/kdb_util.cat8
deleted file mode 100644
index ae07ade6f7d..00000000000
--- a/kerberosIV/src/man/kdb_util.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKDDBB__UUTTIILL((88)) MMIITT PPrroojjeecctt AAtthheennaa KKDDBB__UUTTIILL((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kdb_util - Kerberos key distribution center database utility
-
- SSYYNNOOPPSSIISS
- kdb_util ooppeerraattiioonn ffiilleennaammee
-
- DDEESSCCRRIIPPTTIIOONN
- _k_d_b___u_t_i_l allows the Kerberos key distribution center (KDC) database
- administrator to perform utility functions on the database.
-
- _O_p_e_r_a_t_i_o_n must be one of the following:
-
- _l_o_a_d initializes the KDC database with the records described by
- the text contained in the file _f_i_l_e_n_a_m_e. Any existing
- database is overwritten.
-
- _d_u_m_p dumps the KDC database into a text representation in the
- file _f_i_l_e_n_a_m_e.
-
- _s_l_a_v_e___d_u_m_p
- performs a database dump like the _d_u_m_p operation, and
- additionally creates a semaphore file signalling the
- propagation software that an update is available for
- distribution to slave KDC databases.
-
- _m_e_r_g_e merges in the entries from _f_i_l_e_n_a_m_e into the database.
-
- _n_e_w___m_a_s_t_e_r___k_e_y
- prompts for the old and new master key strings, and then
- dumps the KDC database into a text representation in the
- file _f_i_l_e_n_a_m_e. The keys in the text representation are
- encrypted in the new master key.
-
- _c_o_n_v_e_r_t___o_l_d___d_b
- prompts for the master key string, and then dumps the KDC
- database into a text representation in the file _f_i_l_e_n_a_m_e.
- The existing database is assumed to be encrypted using the
- old format (encrypted by the key schedule of the master
- key); the dumped database is encrypted using the new format
- (encrypted directly with master key).
-
- DDIIAAGGNNOOSSTTIICCSS
- "verify_master_key: Invalid master key, does not match database."
- The master key string entered was incorrect.
-
- FFIILLEESS
- /kerberos/principal.pag, /kerberos/principal.dir
- DBM files containing database
-
- _f_i_l_e_n_a_m_e.ok semaphore file created by _s_l_a_v_e___d_u_m_p_.
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kdestroy.cat1 b/kerberosIV/src/man/kdestroy.cat1
deleted file mode 100644
index 3e88a714d8a..00000000000
--- a/kerberosIV/src/man/kdestroy.cat1
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- KKDDEESSTTRROOYY((11)) MMIITT PPrroojjeecctt AAtthheennaa KKDDEESSTTRROOYY((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kdestroy - destroy Kerberos tickets
-
- SSYYNNOOPPSSIISS
- kkddeessttrrooyy [ --ff ] [ --qq ] [ --tt ]
-
- DDEESSCCRRIIPPTTIIOONN
- The _k_d_e_s_t_r_o_y utility destroys the user's active Kerberos authorization
- tickets by writing zeros to the file that contains them. If the
- ticket file does not exist, _k_d_e_s_t_r_o_y displays a message to that
- effect.
-
- After overwriting the file, _k_d_e_s_t_r_o_y removes the file from the system.
- The utility displays a message indicating the success or failure of
- the operation. If _k_d_e_s_t_r_o_y is unable to destroy the ticket file, the
- utility will warn you by making your terminal beep.
-
- In the Athena workstation environment, the _t_o_e_h_o_l_d service
- automatically destroys your tickets when you end a workstation
- session. If your site does not provide a similar ticket-destroying
- mechanism, you can place the _k_d_e_s_t_r_o_y command in your _._l_o_g_o_u_t file so
- that your tickets are destroyed automatically when you logout.
-
- The options to _k_d_e_s_t_r_o_y are as follows:
-
- --ff _k_d_e_s_t_r_o_y runs without displaying the status message.
-
- --qq _k_d_e_s_t_r_o_y will not make your terminal beep if it fails to
- destroy the tickets.
-
- --tt destroy tickets only and keep all AFS tokens.
-
- --uu unlog, i.e remove any AFS tokens associated with the current
- PAG but leave the ticket file alone.
-
- If neither --tt nor --uu is given, both tickets and AFS tokens are
- destroyed.
-
- FFIILLEESS
- KRBTKFILE environment variable if set, otherwise
- /tmp/tkt[uid]
-
- SSEEEE AALLSSOO
- kerberos(1), kinit(1), klist(1)
-
- BBUUGGSS
- Only the tickets in the user's current ticket file are destroyed.
- Separate ticket files are used to hold root instance and password
- changing tickets. These files should probably be destroyed too, or
- all of a user's tickets kept in a single ticket file.
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKDDEESSTTRROOYY((11)) MMIITT PPrroojjeecctt AAtthheennaa KKDDEESSTTRROOYY((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- AAUUTTHHOORRSS
- Steve Miller, MIT Project Athena/Digital Equipment Corporation
- Clifford Neuman, MIT Project Athena
- Bill Sommerfeld, MIT Project Athena
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kerberos.cat1 b/kerberosIV/src/man/kerberos.cat1
deleted file mode 100644
index d034788f997..00000000000
--- a/kerberosIV/src/man/kerberos.cat1
+++ /dev/null
@@ -1,198 +0,0 @@
-
-
-
- KKEERRBBEERROOSS((11)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kerberos - introduction to the Kerberos system
-
-
- DDEESSCCRRIIPPTTIIOONN
- The Kerberos system authenticates individual users in a network
- environment. After authenticating yourself to Kerberos, you can use
- network utilities such as _r_l_o_g_i_n, _r_c_p, and _r_s_h without having to
- present passwords to remote hosts and without having to bother with
- _._r_h_o_s_t_s files. Note that these utilities will work without passwords
- only if the remote machines you deal with support the Kerberos system.
- All Athena timesharing machines and public workstations support
- Kerberos.
-
- Before you can use Kerberos, you must register as an Athena user, and
- you must make sure you have been added to the Kerberos database. You
- can use the _k_i_n_i_t command to find out. This command tries to log you
- into the Kerberos system. _k_i_n_i_t will prompt you for a username and
- password. Enter your username and password. If the utility lets you
- login without giving you a message, you have already been registered.
-
- If you enter your username and _k_i_n_i_t responds with this message:
-
- Principal unknown (kerberos)
-
- you haven't been registered as a Kerberos user. See your system
- administrator.
-
- A Kerberos name contains three parts. The first is the _p_r_i_n_c_i_p_a_l
- _n_a_m_e_, which is usually a user's or service's name. The second is the
- _i_n_s_t_a_n_c_e_, which in the case of a user is usually null. Some users may
- have privileged instances, however, such as ``root'' or ``admin''. In
- the case of a service, the instance is the name of the machine on
- which it runs; i.e. there can be an _r_l_o_g_i_n service running on the
- machine ABC, which is different from the rlogin service running on the
- machine XYZ. The third part of a Kerberos name is the _r_e_a_l_m_. The
- realm corresponds to the Kerberos service providing authentication for
- the principal. For example, at MIT there is a Kerberos running at the
- Laboratory for Computer Science and one running at Project Athena.
-
- When writing a Kerberos name, the principal name is separated from the
- instance (if not null) by a period, and the realm (if not the local
- realm) follows, preceded by an ``@'' sign. The following are examples
- of valid Kerberos names:
-
- billb
- jis.admin
- srz@lcs.mit.edu
- treese.root@athena.mit.edu
-
- When you authenticate yourself with Kerberos, through either the
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((11)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- workstation _t_o_e_h_o_l_d system or the _k_i_n_i_t command, Kerberos gives you an
- initial Kerberos _t_i_c_k_e_t. (A Kerberos ticket is an encrypted protocol
- message that provides authentication.) Kerberos uses this ticket for
- network utilities such as _r_l_o_g_i_n and _r_c_p. The ticket transactions are
- done transparently, so you don't have to worry about their management.
-
- Note, however, that tickets expire. Privileged tickets, such as root
- instance tickets, expire in a few minutes, while tickets that carry
- more ordinary privileges may be good for several hours or a day,
- depending on the installation's policy. If your login session extends
- beyond the time limit, you will have to re-authenticate yourself to
- Kerberos to get new tickets. Use the _k_i_n_i_t command to re-authenticate
- yourself.
-
- If you use the _k_i_n_i_t command to get your tickets, make sure you use
- the _k_d_e_s_t_r_o_y command to destroy your tickets before you end your login
- session. You should probably put the _k_d_e_s_t_r_o_y command in your _._l_o_g_o_u_t
- file so that your tickets will be destroyed automatically when you
- logout. For more information about the _k_i_n_i_t and _k_d_e_s_t_r_o_y commands,
- see the _k_i_n_i_t_(_1_) and _k_d_e_s_t_r_o_y_(_1_) manual pages.
-
- Currently, Kerberos supports the following network services: _r_l_o_g_i_n,
- _r_s_h, _r_c_p, _p_o_p, _f_t_p, _t_e_l_n_e_t, _A_F_S and _N_F_S_.
-
-
- SSEEEE AALLSSOO
- kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3),
- kerberos(3), kadmin(8)
-
- BBUUGGSS
- Kerberos will not do authentication forwarding. In other words, if
- you use _r_l_o_g_i_n to login to a remote host, you cannot use Kerberos
- services from that host until you authenticate yourself explicitly on
- that host. Although you may need to authenticate yourself on the
- remote host, be aware that when you do so, _r_l_o_g_i_n sends your password
- across the network in clear text.
-
-
- AAUUTTHHOORRSS
- Steve Miller, MIT Project Athena/Digital Equipment Corporation
- Clifford Neuman, MIT Project Athena
-
- The following people helped out on various aspects of the system:
-
- Jeff Schiller designed and wrote the administration server and its
- user interface, kadmin. He also wrote the dbm version of the database
- management system.
-
- Mark Colan developed the Kerberos versions of _r_l_o_g_i_n, _r_s_h, and _r_c_p, as
- well as contributing work on the servers.
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((11)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- John Ostlund developed the Kerberos versions of _p_a_s_s_w_d and _u_s_e_r_r_e_g.
-
- Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), and made
- many contributions based on that experience.
-
- Many people contributed code and/or useful ideas, including Jim
- Aspnes, Bob Baldwin, John Barba, Richard Basch, Jim Bloom, Bill
- Bryant, Rob French, Dan Geer, David Jedlinsky, John Kohl, John
- Kubiatowicz, Bob McKie, Brian Murphy, Ken Raeburn, Chris Reed, Jon
- Rochlis, Mike Shanzer, Bill Sommerfeld, Jennifer Steiner, Ted Ts'o,
- and Win Treese.
-
-
- RREESSTTRRIICCTTIIOONNSS
- COPYRIGHT 1985,1986 Massachusetts Institute of Technology
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kerberos.cat3 b/kerberosIV/src/man/kerberos.cat3
deleted file mode 100644
index a46a8376a73..00000000000
--- a/kerberosIV/src/man/kerberos.cat3
+++ /dev/null
@@ -1,396 +0,0 @@
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
- krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
- krb_rd_err, krb_ck_repl - Kerberos authentication library
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<ddeess..hh>>
- ##iinncclluuddee <<kkrrbb..hh>>
-
- eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
-
- iinntt kkrrbb__mmkk__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cchheecckkssuumm))
- KKTTEEXXTT aauutthheenntt;;
- cchhaarr **sseerrvviiccee;;
- cchhaarr **iinnssttaannccee;;
- cchhaarr **rreeaallmm;;
- uu__lloonngg cchheecckkssuumm;;
-
- iinntt kkrrbb__rrdd__rreeqq((aauutthheenntt,,sseerrvviiccee,,iinnssttaannccee,,ffrroomm__aaddddrr,,aadd,,ffnn))
- KKTTEEXXTT aauutthheenntt;;
- cchhaarr **sseerrvviiccee;;
- cchhaarr **iinnssttaannccee;;
- uu__lloonngg ffrroomm__aaddddrr;;
- AAUUTTHH__DDAATT **aadd;;
- cchhaarr **ffnn;;
-
- iinntt kkrrbb__kknnttoollnn((aadd,,llnnaammee))
- AAUUTTHH__DDAATT **aadd;;
- cchhaarr **llnnaammee;;
-
- iinntt kkrrbb__sseett__kkeeyy((kkeeyy,,ccvvtt))
- cchhaarr **kkeeyy;;
- iinntt ccvvtt;;
-
- iinntt kkrrbb__ggeett__ccrreedd((sseerrvviiccee,,iinnssttaannccee,,rreeaallmm,,cc))
- cchhaarr **sseerrvviiccee;;
- cchhaarr **iinnssttaannccee;;
- cchhaarr **rreeaallmm;;
- CCRREEDDEENNTTIIAALLSS **cc;;
-
- lloonngg kkrrbb__mmkk__pprriivv((iinn,,oouutt,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
- uu__cchhaarr **iinn;;
- uu__cchhaarr **oouutt;;
- uu__lloonngg iinn__lleennggtthh;;
- ddeess__ccbblloocckk kkeeyy;;
- ddeess__kkeeyy__sscchheedduullee sscchheedduullee;;
- ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
- ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
-
- lloonngg kkrrbb__rrdd__pprriivv((iinn,,iinn__lleennggtthh,,sscchheedduullee,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
- uu__cchhaarr **iinn;;
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- uu__lloonngg iinn__lleennggtthh;;
- KKeeyy__sscchheedduullee sscchheedduullee;;
- ddeess__ccbblloocckk kkeeyy;;
- ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
- ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
- MMSSGG__DDAATT **mmssgg__ddaattaa;;
-
- lloonngg kkrrbb__mmkk__ssaaffee((iinn,,oouutt,,iinn__lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr))
- uu__cchhaarr **iinn;;
- uu__cchhaarr **oouutt;;
- uu__lloonngg iinn__lleennggtthh;;
- ddeess__ccbblloocckk kkeeyy;;
- ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
- ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
-
- lloonngg kkrrbb__rrdd__ssaaffee((iinn,,lleennggtthh,,kkeeyy,,sseennddeerr,,rreecceeiivveerr,,mmssgg__ddaattaa))
- uu__cchhaarr **iinn;;
- uu__lloonngg lleennggtthh;;
- ddeess__ccbblloocckk kkeeyy;;
- ssttrruucctt ssoocckkaaddddrr__iinn **sseennddeerr;;
- ssttrruucctt ssoocckkaaddddrr__iinn **rreecceeiivveerr;;
- MMSSGG__DDAATT **mmssgg__ddaattaa;;
-
- lloonngg kkrrbb__mmkk__eerrrr((oouutt,,ccooddee,,ssttrriinngg))
- uu__cchhaarr **oouutt;;
- lloonngg ccooddee;;
- cchhaarr **ssttrriinngg;;
-
- lloonngg kkrrbb__rrdd__eerrrr((iinn,,lleennggtthh,,ccooddee,,mmssgg__ddaattaa))
- uu__cchhaarr **iinn;;
- uu__lloonngg lleennggtthh;;
- lloonngg ccooddee;;
- MMSSGG__DDAATT **mmssgg__ddaattaa;;
-
- DDEESSCCRRIIPPTTIIOONN
- This library supports network authentication and various related
- operations. The library contains many routines beyond those described
- in this man page, but they are not intended to be used directly.
- Instead, they are called by the routines that are described, the
- authentication server and the login program.
-
- _k_r_b___e_r_r___t_x_t_[_] contains text string descriptions of various Kerberos
- error codes returned by some of the routines below.
-
- _k_r_b___m_k___r_e_q takes a pointer to a text structure in which an
- authenticator is to be built. It also takes the name, instance, and
- realm of the service to be used and an optional checksum. It is up to
- the application to decide how to generate the checksum. _k_r_b___m_k___r_e_q
- then retrieves a ticket for the desired service and creates an
- authenticator. The authenticator is built in _a_u_t_h_e_n_t and is
- accessible to the calling procedure.
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- It is up to the application to get the authenticator to the service
- where it will be read by _k_r_b___r_d___r_e_q_. Unless an attacker posesses the
- session key contained in the ticket, it will be unable to modify the
- authenticator. Thus, the checksum can be used to verify the
- authenticity of the other data that will pass through a connection.
-
- _k_r_b___r_d___r_e_q takes an authenticator of type KKTTEEXXTT,, a service name, an
- instance, the address of the host originating the request, and a
- pointer to a structure of type AAUUTTHH__DDAATT which is filled in with
- information obtained from the authenticator. It also optionally takes
- the name of the file in which it will find the secret key(s) for the
- service. If the supplied _i_n_s_t_a_n_c_e contains "*", then the first
- service key with the same service name found in the service key file
- will be used, and the _i_n_s_t_a_n_c_e argument will be filled in with the
- chosen instance. This means that the caller must provide space for
- such an instance name.
-
- It is used to find out information about the principal when a request
- has been made to a service. It is up to the application protocol to
- get the authenticator from the client to the service. The
- authenticator is then passed to _k_r_b___r_d___r_e_q to extract the desired
- information.
-
- _k_r_b___r_d___r_e_q returns zero (RD_AP_OK) upon successful authentication. If
- a packet was forged, modified, or replayed, authentication will fail.
- If the authentication fails, a non-zero value is returned indicating
- the particular problem encountered. See _k_r_b_._h for the list of error
- codes.
-
- If the last argument is the null string (""), krb_rd_req will use the
- file /etc/srvtab to find its keys. If the last argument is NULL, it
- will assume that the key has been set by _k_r_b___s_e_t___k_e_y and will not
- bother looking further.
-
- _k_r_b___k_n_t_o_l_n converts a Kerberos name to a local name. It takes a
- structure of type AUTH_DAT and uses the name and instance to look in
- the database /etc/aname to find the corresponding local name. The
- local name is returned and can be used by an application to change
- uids, directories, or other parameters. It is not an integral part of
- Kerberos, but is instead provided to support the use of Kerberos in
- existing utilities.
-
- _k_r_b___s_e_t___k_e_y takes as an argument a des key. It then creates a key
- schedule from it and saves the original key to be used as an
- initialization vector. It is used to set the server's key which must
- be used to decrypt tickets.
-
- If called with a non-zero second argument, _k_r_b___s_e_t___k_e_y will first
- convert the input from a string of arbitrary length to a DES key by
- encrypting it with a one-way function.
-
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- In most cases it should not be necessary to call _k_r_b___s_e_t___k_e_y_. The
- necessary keys will usually be obtained and set inside _k_r_b___r_d___r_e_q_.
- _k_r_b___s_e_t___k_e_y is provided for those applications that do not wish to
- place the application keys on disk.
-
- _k_r_b___g_e_t___c_r_e_d searches the caller's ticket file for a ticket for the
- given service, instance, and realm; and, if a ticket is found, fills
- in the given CREDENTIALS structure with the ticket information.
-
- If the ticket was found, _k_r_b___g_e_t___c_r_e_d returns GC_OK. If the ticket
- file can't be found, can't be read, doesn't belong to the user (other
- than root), isn't a regular file, or is in the wrong mode, the error
- GC_TKFIL is returned.
-
- _k_r_b___m_k___p_r_i_v creates an encrypted, authenticated message from any
- arbitrary application data, pointed to by _i_n and _i_n___l_e_n_g_t_h bytes long.
- The private session key, pointed to by _k_e_y and the key schedule,
- _s_c_h_e_d_u_l_e_, are used to encrypt the data and some header information
- using _p_c_b_c___e_n_c_r_y_p_t_. _s_e_n_d_e_r and _r_e_c_e_i_v_e_r point to the Internet address
- of the two parties. In addition to providing privacy, this protocol
- message protects against modifications, insertions or replays. The
- encapsulated message and header are placed in the area pointed to by
- _o_u_t and the routine returns the length of the output, or -1 indicating
- an error.
-
- _k_r_b___r_d___p_r_i_v decrypts and authenticates a received _k_r_b___m_k___p_r_i_v message.
- _i_n points to the beginning of the received message, whose length is
- specified in _i_n___l_e_n_g_t_h_. The private session key, pointed to by _k_e_y_,
- and the key schedule, _s_c_h_e_d_u_l_e_, are used to decrypt and verify the
- received message. _m_s_g___d_a_t_a is a pointer to a _M_S_G___D_A_T struct, defined
- in _k_r_b_._h_. The routine fills in the _a_p_p___d_a_t_a field with a pointer to
- the decrypted application data, _a_p_p___l_e_n_g_t_h with the length of the
- _a_p_p___d_a_t_a field, _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the
- message, and _s_w_a_p with a 1 if the byte order of the receiver is
- different than that of the sender. (The application must still
- determine if it is appropriate to byte-swap application data; the
- Kerberos protocol fields are already taken care of). The _h_a_s_h field
- returns a value useful as input to the _k_r_b___c_k___r_e_p_l routine.
-
- The routine returns zero if ok, or a Kerberos error code. Modified
- messages and old messages cause errors, but it is up to the caller to
- check the time sequence of messages, and to check against recently
- replayed messages using _k_r_b___c_k___r_e_p_l if so desired.
-
- _k_r_b___m_k___s_a_f_e creates an authenticated, but unencrypted message from any
- arbitrary application data, pointed to by _i_n and _i_n___l_e_n_g_t_h bytes long.
- The private session key, pointed to by _k_e_y_, is used to seed the
- _q_u_a_d___c_k_s_u_m_(_) checksum algorithm used as part of the authentication.
- _s_e_n_d_e_r and _r_e_c_e_i_v_e_r point to the Internet address of the two parties.
- This message does not provide privacy, but does protect (via
- detection) against modifications, insertions or replays. The
-
-
-
- - 4 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- encapsulated message and header are placed in the area pointed to by
- _o_u_t and the routine returns the length of the output, or -1 indicating
- an error. The authentication provided by this routine is not as
- strong as that provided by _k_r_b___m_k___p_r_i_v or by computing the checksum
- using _c_b_c___c_k_s_u_m instead, both of which authenticate via DES.
-
- _k_r_b___r_d___s_a_f_e authenticates a received _k_r_b___m_k___s_a_f_e message. _i_n points
- to the beginning of the received message, whose length is specified in
- _i_n___l_e_n_g_t_h_. The private session key, pointed to by _k_e_y_, is used to
- seed the quad_cksum() routine as part of the authentication. _m_s_g___d_a_t_a
- is a pointer to a _M_S_G___D_A_T struct, defined in _k_r_b_._h _. The routine
- fills in these _M_S_G___D_A_T fields: the _a_p_p___d_a_t_a field with a pointer to
- the application data, _a_p_p___l_e_n_g_t_h with the length of the _a_p_p___d_a_t_a
- field, _t_i_m_e___s_e_c and _t_i_m_e___5_m_s with the timestamps in the message, and
- _s_w_a_p with a 1 if the byte order of the receiver is different than that
- of the sender. (The application must still determine if it is
- appropriate to byte-swap application data; the Kerberos protocol
- fields are already taken care of). The _h_a_s_h field returns a value
- useful as input to the _k_r_b___c_k___r_e_p_l routine.
-
- The routine returns zero if ok, or a Kerberos error code. Modified
- messages and old messages cause errors, but it is up to the caller to
- check the time sequence of messages, and to check against recently
- replayed messages using _k_r_b___c_k___r_e_p_l if so desired.
-
- _k_r_b___m_k___e_r_r constructs an application level error message that may be
- used along with _k_r_b___m_k___p_r_i_v or _k_r_b___m_k___s_a_f_e_. _o_u_t is a pointer to the
- output buffer, _c_o_d_e is an application specific error code, and _s_t_r_i_n_g
- is an application specific error string.
-
-
- _k_r_b___r_d___e_r_r unpacks a received _k_r_b___m_k___e_r_r message. _i_n points to the
- beginning of the received message, whose length is specified in
- _i_n___l_e_n_g_t_h_. _c_o_d_e is a pointer to a value to be filled in with the
- error value provided by the application. _m_s_g___d_a_t_a is a pointer to a
- _M_S_G___D_A_T struct, defined in _k_r_b_._h _. The routine fills in these _M_S_G___D_A_T
- fields: the _a_p_p___d_a_t_a field with a pointer to the application error
- text, _a_p_p___l_e_n_g_t_h with the length of the _a_p_p___d_a_t_a field, and _s_w_a_p with
- a 1 if the byte order of the receiver is different than that of the
- sender. (The application must still determine if it is appropriate to
- byte-swap application data; the Kerberos protocol fields are already
- taken care of).
-
- The routine returns zero if the error message has been successfully
- received, or a Kerberos error code.
-
- The _K_T_E_X_T structure is used to pass around text of varying lengths.
- It consists of a buffer for the data, and a length. krb_rd_req takes
- an argument of this type containing the authenticator, and krb_mk_req
- returns the authenticator in a structure of this type. KTEXT itself
- is really a pointer to the structure. The actual structure is of
-
-
-
- - 5 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKEERRBBEERROOSS((33)) MMIITT PPrroojjeecctt AAtthheennaa KKEERRBBEERROOSS((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- type KTEXT_ST.
-
- The _A_U_T_H___D_A_T structure is filled in by krb_rd_req. It must be
- allocated before calling krb_rd_req, and a pointer to it is passed.
- The structure is filled in with data obtained from Kerberos. _M_S_G___D_A_T
- structure is filled in by either krb_rd_priv, krb_rd_safe, or
- krb_rd_err. It must be allocated before the call and a pointer to it
- is passed. The structure is filled in with data obtained from
- Kerberos.
-
- FFIILLEESS
- /usr/include/krb.h
- /usr/lib/libkrb.a
- /usr/include/des.h
- /usr/lib/libdes.a
- /etc/aname
- /etc/srvtab
- /tmp/tkt[uid]
-
- SSEEEE AALLSSOO
- kerberos(1), des_crypt(3)
-
- DDIIAAGGNNOOSSTTIICCSS
- BBUUGGSS
- The caller of _k_r_b___r_d___r_e_q_, _k_r_b___r_d___p_r_i_v_, _a_n_d _k_r_b___r_d___s_a_f_e must check time
- order and for replay attempts. _k_r_b___c_k___r_e_p_l is not implemented yet.
-
- AAUUTTHHOORRSS
- Clifford Neuman, MIT Project Athena
- Steve Miller, MIT Project Athena/Digital Equipment Corporation
-
- RREESSTTRRIICCTTIIOONNSS
- COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 6 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kerberos.cat8 b/kerberosIV/src/man/kerberos.cat8
deleted file mode 100644
index 531b030aa14..00000000000
--- a/kerberosIV/src/man/kerberos.cat8
+++ /dev/null
@@ -1,147 +0,0 @@
-
-KERBEROS(8) UNIX System Manager's Manual KERBEROS(8)
-
-NNAAMMEE
- kkeerrbbeerrooss - The kerberos daemon
-
-SSYYNNPPOOSSIISS
- kkeerrbbeerrooss [--mmnnss] [--aa _m_a_x _a_g_e] [--ii _a_d_d_r_e_s_s] [--ll _l_o_g] [--pp _p_a_u_s_e] [--PP
- _p_o_r_t_s_p_e_c] [--rr _r_e_a_l_m] [_d_a_t_a_b_a_s_e]
-
-DDEESSCCRRIIPPTTIIOONN
- This is the kkeerrbbeerrooss daemon.
-
- Options:
-
- --aa Set the _m_a_x _a_g_e before the database is considered stale.
-
- --ii Only listen on _a_d_d_r_e_s_s. Normally, the kerberos server listens on
- all addresses of all interfaces.
-
- --ll Write the log to _l_o_g
-
- --mm Run manually and prompt for master key.
-
- --nn Do not check max age.
-
- --pp Pause for _p_a_u_s_e before dying.
-
- --PP Listen to the ports specified by _p_o_r_t_s_p_e_c. This should be a
- white-space separated list of port specificatios. A port specifi-
- cation follows the format: _p_o_r_t[/_p_r_o_t_o_c_o_l]. The _p_o_r_t can be ei-
- ther a symbolic port name (from _/_e_t_c_/_s_e_r_v_i_c_e_s_)_, _o_r _a _n_u_m_b_e_r_;
- _p_r_o_t_o_c_o_l _c_a_n _b_e _e_i_t_h_e_r udp, or tcp. If left out, the KDC will
- listen to both UDP and TCP sockets on the specified port.
- The special string + mean that the default set of ports (TCP and
- UDP on ports 88 and 750) should be included.
-
- --rr Run as a server for realm _r_e_a_l_m
-
- --ss Set slave parameters. This will enable check to see if data is
- getting too stale relative to the master.
-
- If no _d_a_t_a_b_a_s_e is given a default datbase will be used, normally
- _/_v_a_r_/_k_e_r_b_e_r_o_s_/_p_r_i_n_c_i_p_a_l.
-
-DDIIAAGGNNOOSSTTIICCSS
- The server logs several messages in a log file (_/_v_a_r_/_r_u_n_/_k_e_r_b_e_r_o_s_._l_o_g by
- default). The logging mechanism opens and closes the log file for each
- message, so you can safely rename the log file when the server is run-
- ning.
-
- OOppeerraattiioonnaall mmeessssaaggeess
- These are normal messages that you will see in the log. They might be
- followed by some error message.
-
- Getting key for _R_E_A_L_M
- The server fetched the key for `krbtgt.REALM' for the specific
- realm. You will see this at startup, and for every attempt to use
- cross realm authentication.
-
- Starting Kerberos for _R_E_A_L_M (kvno _k_v_n_o)
- You will see this also if you start with --mm.
-
- AS REQ _n_a_m_e_._i_n_s_t_a_n_c_e_@_R_E_A_L_M for _s_n_a_m_e_._s_i_n_s_t_a_n_c_e from _i_p_-_n_u_m_b_e_r
-
- An initial (password authenticated) request was received.
-
- APPL REQ _n_a_m_e_._i_n_s_t_a_n_c_e_@_R_E_A_L_M for _s_n_a_m_e_._s_i_n_s_t_a_n_c_e from _i_p_-_n_u_m_b_e_r
- A tgt-based request for a ticket was made.
-
-
- EErrrroorr mmeessssaaggeess
- These messages reflects misconfigured clients, invalid requests, or pos-
- sibly attepted attacks.
-
- UNKNOWN _n_a_m_e_._i_n_s_t_a_n_c_e
- The server received a request with an unknown principal. This is
- most likely because someone typed the wrong name at a login
- prompt. It could also be someone trying to get a list of possible
- users.
-
- Unknown realm _R_E_A_L_M from _i_p_-_n_u_m_b_e_r
- There isn't a principal for `krbtgt.REALM' in the database.
-
- Can't hop realms: _R_E_A_L_M_1 -> _R_E_A_L_M_2
- There was a request for a ticket for another realm. This might be
- because of a misconfigured client.
-
- Principal not unique _n_a_m_e_._i_n_s_t_a_n_c_e
- There is more than one entry for this principal in the database.
- This is not very good.
-
- Null key _n_a_m_e_._i_n_s_t_a_n_c_e
- Someone tried to use a principal that for some reason doesn't have
- a key.
-
- Incorrect master key version for _n_a_m_e_._i_n_s_t_a_n_c_e : _n_u_m_b_e_r (should be _n_u_m_-
- _b_e_r)
- The principal has it's key encrypted with the wrong master key.
-
- Principal _n_a_m_e_._i_n_s_t_a_n_c_e expired at _d_a_t_e
- The principal's key has expired.
-
- krb_rd_req from _i_p_-_n_u_m_b_e_r: _e_r_r_o_r_-_m_e_s_s_a_g_e
- The message couldn't be decoded properly. The error message will
- give you further hints. You will see this if someone is trying to
- use expired tickets.
-
- Unknown message type: _n_u_m_b_e_r from _i_p_-_n_u_m_b_e_r
- The message received was not one that is understood by this serv-
- er.
-
- Can't authorize password changed based on TGT
- Someone tried to get a `changepw.kerberos' via a tgt exchange.
- This is because of a broken client, or possibly an attack.
-
- KRB protocol version mismatch (_n_u_m_b_e_r)
- The server received a request with an unknown version number.
-
-
- FFaattaall eerrrroorr mmeessssaaggeess
- The following messages indicate problems when starting the server.
-
- Database unavailable!
- There was some problem reading the database.
-
- Database currently being updated!
- Someone is currently updating the database (possibly via krop).
-
- Database out of date!
-
- The database is older than the maximum age specified.
-
- Couldn't get master key.
- The master key file wasn't found or the file is damaged.
-
- Can't verify master key.
- The key in the keyfile doesn't match the current databse.
-
- Ticket granting ticket service unknown
- The database doesn't contain a `krbtgt.REALM' for the local realm.
-
-
-SSEEEE AALLSSOO
- kprop(8), kpropd(8)
-
- KTH-KRB September 26, 1997 3
diff --git a/kerberosIV/src/man/kinit.cat1 b/kerberosIV/src/man/kinit.cat1
deleted file mode 100644
index edb1f628472..00000000000
--- a/kerberosIV/src/man/kinit.cat1
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- KKIINNIITT((11)) MMIITT PPrroojjeecctt AAtthheennaa KKIINNIITT((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kinit - Kerberos login utility
-
- SSYYNNOOPPSSIISS
- kkiinniitt [ --iirrvvllpp ]
-
- DDEESSCCRRIIPPTTIIOONN
- The _k_i_n_i_t command is used to login to the Kerberos authentication and
- authorization system. Note that only registered Kerberos users can
- use the Kerberos system. For information about registering as a
- Kerberos user, see the _k_e_r_b_e_r_o_s_(_1_) manual page.
-
- If you are logged in to a workstation that is running the _t_o_e_h_o_l_d
- service, you do not have to use _k_i_n_i_t_. The _t_o_e_h_o_l_d login procedure
- will log you into Kerberos automatically. You will need to use _k_i_n_i_t
- only in those situations in which your original tickets have expired.
- (Tickets expire in about a day.) Note as well that _t_o_e_h_o_l_d will
- automatically destroy your tickets when you logout from the
- workstation.
-
- When you use _k_i_n_i_t without options, the utility prompts for your
- username and Kerberos password, and tries to authenticate your login
- with the local Kerberos server.
-
- If Kerberos authenticates the login attempt, _k_i_n_i_t retrieves your
- initial ticket and puts it in the ticket file specified by your
- KRBTKFILE environment variable. If this variable is undefined, your
- ticket will be stored in the _/_t_m_p directory, in the file _t_k_t_u_i_d _,
- where _u_i_d specifies your user identification number.
-
- If you have logged in to Kerberos without the benefit of the
- workstation _t_o_e_h_o_l_d system, make sure you use the _k_d_e_s_t_r_o_y command to
- destroy any active tickets before you end your login session. You may
- want to put the _k_d_e_s_t_r_o_y command in your _._l_o_g_o_u_t file so that your
- tickets will be destroyed automatically when you logout.
-
- The options to _k_i_n_i_t are as follows:
-
- --ii _k_i_n_i_t prompts you for a Kerberos instance.
-
- --rr _k_i_n_i_t prompts you for a Kerberos realm. This option lets you
- authenticate yourself with a remote Kerberos server.
-
- --vv Verbose mode. _k_i_n_i_t prints the name of the ticket file used,
- and a status message indicating the success or failure of your
- login attempt.
-
- --ll _k_i_n_i_t prompts you for a ticket lifetime in minutes. Due to
- protocol restrictions in Kerberos Version 4, this value must be
- between 5 and 1275 minutes.
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKIINNIITT((11)) MMIITT PPrroojjeecctt AAtthheennaa KKIINNIITT((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- --pp _k_i_n_i_t will acquires a ticket for changepw.kerberos.
-
- SSEEEE AALLSSOO
- kerberos(1), kdestroy(1), klist(1), toehold(1)
-
- BBUUGGSS
- The --rr option has not been fully implemented.
-
- AAUUTTHHOORRSS
- Steve Miller, MIT Project Athena/Digital Equipment Corporation
- Clifford Neuman, MIT Project Athena
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/klist.cat1 b/kerberosIV/src/man/klist.cat1
deleted file mode 100644
index 5a55a2eb506..00000000000
--- a/kerberosIV/src/man/klist.cat1
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKLLIISSTT((11)) MMIITT PPrroojjeecctt AAtthheennaa KKLLIISSTT((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- klist - list currently held Kerberos tickets
-
- SSYYNNOOPPSSIISS
- kklliisstt [ --ss | --tt ] [ --ffiillee name ] [ --ssrrvvttaabb ]
-
- DDEESSCCRRIIPPTTIIOONN
- _k_l_i_s_t prints the name of the tickets file and the identity of the
- principal the tickets are for (as listed in the tickets file), and
- lists the principal names of all Kerberos tickets currently held by
- the user, along with the issue and expire time for each authenticator.
- Principal names are listed in the form _n_a_m_e_._i_n_s_t_a_n_c_e_@_r_e_a_l_m_, with the
- '.' omitted if the instance is null, and the '@' omitted if the realm
- is null.
-
- If given the --ss option, _k_l_i_s_t does not print the issue and expire
- times, the name of the tickets file, or the identity of the principal.
-
- If given the --tt option, kklliisstt checks for the existence of a non-
- expired ticket-granting-ticket in the ticket file. If one is present,
- it exits with status 0, else it exits with status 1. No output is
- generated when this option is specified.
-
- If given the --ffiillee option, the following argument is used as the
- ticket file. Otherwise, if the KKRRBBTTKKFFIILLEE environment variable is set,
- it is used. If this environment variable is not set, the file
- //ttmmpp//ttkktt[[uuiidd]] is used, where uuiidd is the current user-id of the user.
-
- If given the --ssrrvvttaabb option, the file is treated as a service key
- file, and the names of the keys contained therein are printed. If no
- file is specified with a --ffiillee option, the default is _/_e_t_c_/_s_r_v_t_a_b.
-
- FFIILLEESS
- /etc/krb.conf to get the name of the local realm
-
- /tmp/tkt[uid] as the default ticket file ([uid] is the decimal
- UID of the user).
-
- /etc/srvtab as the default service key file
-
- SSEEEE AALLSSOO
- kerberos(1), kinit(1), kdestroy(1)
-
- BBUUGGSS
- When reading a file as a service key file, very little sanity or error
- checking is performed.
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kpasswd.cat1 b/kerberosIV/src/man/kpasswd.cat1
deleted file mode 100644
index 6f8de0f8999..00000000000
--- a/kerberosIV/src/man/kpasswd.cat1
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKPPAASSSSWWDD((11)) MMIITT PPrroojjeecctt AAtthheennaa KKPPAASSSSWWDD((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kpasswd - change a user's Kerberos password
-
- SSYYNNOOPPSSIISS
- kkppaasssswwdd [ --hh ] [ --nn _n_a_m_e ] [ --ii _i_n_s_t_a_n_c_e ] [ --rr _r_e_a_l_m ] [ -u
- _u_s_e_r_n_a_m_e_[_._i_n_s_t_a_n_c_e_]_[_@_r_e_a_l_m_]]
-
- DDEESSCCRRIIPPTTIIOONN
- The _k_p_a_s_s_w_d command is used to change a Kerberos principal's password.
-
- If the _-_h option is specified, a brief summary of the options is
- printed, and _k_p_a_s_s_w_d then exits.
-
- If the _-_n option is specified, _n_a_m_e is used as the principal name
- rather than the username of the user running _k_p_a_s_s_w_d. (This is
- determined from the ticket file if it exists; otherwise, it is
- determined from the unix user id.)
-
- If the _-_i option is specified, _i_n_s_t_a_n_c_e is used as the instance rather
- than a null instance.
-
- If the _-_r option is specified, _r_e_a_l_m is used as the realm rather than
- the local realm.
-
- If the _-_u option is specified, a fully qualified kerberos principal
- can be given.
-
- The utility prompts for the current Kerberos password (printing the
- name of the principal for which it intends to change the password),
- which is verified by the Kerberos server. If the old password is
- correct, the user is prompted twice for the new password. A message
- is printed indicating the success or failure of the password changing
- operation.
-
-
- BBUUGGSS
- _k_p_a_s_s_w_d does not handle names, instances, or realms with special
- characters in them when the -n, -i, or -r options are used. Any valid
- fullname is accepted, however, if the -u option is used.
-
- If the principal whose password you are trying to change does not
- exist, you will not be told until after you have entered the old
- password.
-
-
- SSEEEE AALLSSOO
- kerberos(1), kinit(1), passwd(1), kadmin(8)
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kprop.cat8 b/kerberosIV/src/man/kprop.cat8
deleted file mode 100644
index 66f6d13043e..00000000000
--- a/kerberosIV/src/man/kprop.cat8
+++ /dev/null
@@ -1,44 +0,0 @@
-
-KPROP(8) UNIX System Manager's Manual KPROP(8)
-
-NNAAMMEE
- kkpprroopp - the kerberos slave server update client
-
-SSYYNNOOPPSSIISS
- kkpprroopp [--ffoorrccee] [--rreeaallmm _r_e_a_l_m] [_d_u_m_p_-_f_i_l_e] [_s_l_a_v_e_-_f_i_l_e]
-
-DDEESSCCRRIIPPTTIIOONN
- Changes to the database, such as changed passwords, are only made to the
- master server through the kkaaddmmiinndd service. To propagate these changes to
- the slave servers, kkpprroopp should be run regularly on the master server.
-
- The following options are recognised.
-
-
- --ffoorrccee Propagate even if there hasn't been an update to the dump file
- since last time.
-
- --rreeaallmm Realm if other than the default.
-
- dump-file
- is a file created with kkddbb__uuttiill ssllaavvee__dduummpp, default is
- _/_v_a_r_/_k_e_r_b_e_r_o_s_/_s_l_a_v_e___d_u_m_p.
-
- slave-file
- Contains the names of the slave servers. Default is
- _/_v_a_r_/_k_e_r_b_e_r_o_s_/_s_l_a_v_e_s.
-
- kkpprroopp will use the principal rrccmmdd..kkeerrbbeerrooss to authenticate to the master
- servers. This principal has to be added to the database, and it should
- also be put into the service key file on the master server.
-
-
-FFIILLEESS
- /var/kerberos/slave_dump
- /var/kerberos/slaves
- /etc/srvtab
-
-SSEEEE AALLSSOO
- kpropd(8), kerberos(8), kadmind(8)
-
- KTH-KRB June 7, 1996 1
diff --git a/kerberosIV/src/man/kpropd.cat8 b/kerberosIV/src/man/kpropd.cat8
deleted file mode 100644
index 3882f01d74e..00000000000
--- a/kerberosIV/src/man/kpropd.cat8
+++ /dev/null
@@ -1,42 +0,0 @@
-
-KPROPD(8) UNIX System Manager's Manual KPROPD(8)
-
-NNAAMMEE
- kkpprrooppdd - the kerberos slave server update facility
-
-SSYYNNOOPPSSIISS
- kkpprrooppdd [--ii] [--dd _d_a_t_a_b_a_s_e] [--ll _l_o_g_f_i_l_e] [--mm] [--pp _k_d_b___u_t_i_l] [--rr _r_e_a_l_m] [--ss
- _s_r_v_t_a_b]
-
-DDEESSCCRRIIPPTTIIOONN
- The kkpprrooppdd responds to database update requests from the kkpprroopp command.
- It can either be started from iinneettdd or as an ordinary program.
-
- The following options are recognised:
-
-
- --ii Run stand-alone. If this flag is not given, it is assumed to have
- been started by iinneettdd.
-
- --dd What database file to use, default is _/_v_a_r_/_k_e_r_b_e_r_o_s_/_p_r_i_n_c_i_p_a_l.
-
- --ll Logfile to use, default is _/_v_a_r_/_l_o_g_/_k_p_r_o_p_d_._l_o_g.
-
- --mm Treat data as changes to the database rather than a complete
- database.
-
- --pp The path to kkddbb__uuttiill, default is _/_u_s_r_/_a_t_h_e_n_a_/_s_b_i_n_/_k_d_b___u_t_i_l.
-
- --rr Realm if other than the default realm.
-
- --ss Srvtab if other than _/_e_t_c_/_s_r_v_t_a_b.
-
-FFIILLEESS
- /var/kerberos/principal.{db,dir,pag}
- /var/log/kpropd.log
- /etc/srvtab
-
-SSEEEE AALLSSOO
- kprop(8), kerberos(8), kadmind(8)
-
- KTH-KRB June 7, 1996 1
diff --git a/kerberosIV/src/man/krb.conf.cat5 b/kerberosIV/src/man/krb.conf.cat5
deleted file mode 100644
index f579759f225..00000000000
--- a/kerberosIV/src/man/krb.conf.cat5
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKRRBB..CCOONNFF((55)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB..CCOONNFF((55))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- /etc/krb.conf - Kerberos configuration file
-
- DDEESSCCRRIIPPTTIIOONN
- _k_r_b_._c_o_n_f contains configuration information describing the Kerberos
- realm(s) and the Kerberos key distribution center (KDC) servers for
- known realms.
-
- _k_r_b_._c_o_n_f starts with a definition of the local realm on the first
- line, this is followed by any number lines defining supplementary
- local realms. The rest of the file consists of lines indicating
- realm/host entries. The first token is a realm name, and the second is
- a server specification of a host running a KDC for that realm. The
- words "admin server" following the hostname indicate that the host
- also provides an administrative database server.
-
- To be able to communicate with the KDC through a firewall it is
- sometimes necessary to tunnel requests over HTTP or TCP. Tunnel
- protocols and port numbers are specified in the server specification
- using the syntax [(UDP|TCP|HTTP)/]hostname[:port].
-
- For example:
- SICS.SE
- NADA.KTH.SE
- SICS.SE TCP/kerberos.sics.se:88 admin server
- NADA.KTH.SE kerberos.nada.kth.se admin server
- NADA.KTH.SE kerberos-1.nada.kth.se
- NADA.KTH.SE kerberos-2.nada.kth.se
- NADA.KTH.SE HTTP/kerberos-3.nada.kth.se
- KTH.SE kerberos.kth.se admin server
-
- SSEEEE AALLSSOO
- krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/krb.equiv.cat5 b/kerberosIV/src/man/krb.equiv.cat5
deleted file mode 100644
index 6cab9155ace..00000000000
--- a/kerberosIV/src/man/krb.equiv.cat5
+++ /dev/null
@@ -1,24 +0,0 @@
-
-KRB.EQUIV(5) UNIX Programmer's Manual KRB.EQUIV(5)
-
-NNAAMMEE
- kkrrbb..eeqquuiivv - Kerberos equivalent hosts file
-
-DDEESSCCRRIIPPTTIIOONN
- kkrrbb..eeqquuiivv contains a list of IP addresses that is to be considered being
- the same host for Kerberos purposes. Plain addresses match a single host.
- Addresses followed by a slash (/) and a number is taken as a sub-network
- that should be considered equal.
-
- Hash (#) starts a comment. Backslash (\) is a continuation character.
-
-EEXXAAMMPPLLEESS
- # A machine with two interfaces.
- 130.237.232.113 130.237.221.42 # emma emma-ether
- # A machine with *many* interfaces
- 193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps
-
-SSEEEE AALLSSOO
- krb_equiv(3), krb.conf(5), krb.realms(5)
-
- KTH-KRB June 18, 1996 1
diff --git a/kerberosIV/src/man/krb.realms.cat5 b/kerberosIV/src/man/krb.realms.cat5
deleted file mode 100644
index 8f4ecc0087b..00000000000
--- a/kerberosIV/src/man/krb.realms.cat5
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKRRBB..RREEAALLMMSS((55)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB..RREEAALLMMSS((55))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- /etc/krb.realms - host to Kerberos realm translation file
-
- DDEESSCCRRIIPPTTIIOONN
- _k_r_b_._r_e_a_l_m_s provides a translation from a hostname to the Kerberos
- realm name for the services provided by that host.
-
- Each line of the translation file is in one of the following forms
- (domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU):
- host_name kerberos_realm
- domain_name kerberos_realm
- If a hostname exactly matches the _h_o_s_t___n_a_m_e field in a line of the
- first form, the corresponding realm is the realm of the host. If a
- hostname does not match any _h_o_s_t___n_a_m_e in the file, but its domain
- exactly matches the _d_o_m_a_i_n___n_a_m_e field in a line of the second form,
- the corresponding realm is the realm of the host.
-
- If no translation entry applies, the host's realm is considered to be
- the hostname's domain portion converted to upper case.
-
- SSEEEE AALLSSOO
- krb_realmofhost(3)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/krb_realmofhost.cat3 b/kerberosIV/src/man/krb_realmofhost.cat3
deleted file mode 100644
index 7baea911360..00000000000
--- a/kerberosIV/src/man/krb_realmofhost.cat3
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- KKRRBB__RREEAALLMMOOFFHHOOSSTT((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__RREEAALLMMOOFFHHOOSSTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst,
- krb_get_lrealm - additional Kerberos utility routines
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkrrbb..hh>>
- ##iinncclluuddee <<ddeess..hh>>
- ##iinncclluuddee <<nneettiinneett//iinn..hh>>
-
- cchhaarr **kkrrbb__rreeaallmmooffhhoosstt((hhoosstt))
- cchhaarr **hhoosstt;;
-
- cchhaarr **kkrrbb__ggeett__pphhoosstt((aalliiaass))
- cchhaarr **aalliiaass;;
-
- kkrrbb__ggeett__kkrrbbhhsstt((hhoosstt,,rreeaallmm,,nn))
- cchhaarr **hhoosstt;;
- cchhaarr **rreeaallmm;;
- iinntt nn;;
-
- kkrrbb__ggeett__aaddmmhhsstt((hhoosstt,,rreeaallmm,,nn))
- cchhaarr **hhoosstt;;
- cchhaarr **rreeaallmm;;
- iinntt nn;;
-
- kkrrbb__ggeett__llrreeaallmm((rreeaallmm,,nn))
- cchhaarr **rreeaallmm;;
- iinntt nn;;
-
- DDEESSCCRRIIPPTTIIOONN
- _k_r_b___r_e_a_l_m_o_f_h_o_s_t returns the Kerberos realm of the host _h_o_s_t, as
- determined by the translation table _/_e_t_c_/_k_r_b_._r_e_a_l_m_s. _h_o_s_t should be
- the fully-qualified domain-style primary host name of the host in
- question. In order to prevent certain security attacks, this routine
- must either have _a _p_r_i_o_r_i knowledge of a host's realm, or obtain such
- information securely.
-
- The format of the translation file is described by _k_r_b_._r_e_a_l_m_s(5). If
- _h_o_s_t exactly matches a host_name line, the corresponding realm is
- returned. Otherwise, if the domain portion of _h_o_s_t matches a
- domain_name line, the corresponding realm is returned. If _h_o_s_t
- contains a domain, but no translation is found, _h_o_s_t's domain is
- converted to upper-case and returned. If _h_o_s_t contains no discernable
- domain, or an error occurs, the local realm name, as supplied by
- _k_r_b___g_e_t___l_r_e_a_l_m(3), is returned.
-
- _k_r_b___g_e_t___p_h_o_s_t converts the hostname _a_l_i_a_s (which can be either an
- official name or an alias) into the instance name to be used in
- obtaining Kerberos tickets for most services, including the Berkeley
- rcmd suite (rlogin, rcp, rsh).
- The current convention is to return the first segment of the official
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKRRBB__RREEAALLMMOOFFHHOOSSTT((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__RREEAALLMMOOFFHHOOSSTT((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- domain-style name after conversion to lower case.
-
- _k_r_b___g_e_t___k_r_b_h_s_t fills in _h_o_s_t with the hostname of the _nth host running
- a Kerberos key distribution center (KDC) for realm _r_e_a_l_m, as specified
- in the configuration file (_/_e_t_c_/_k_r_b_._c_o_n_f). The configuration file is
- described by _k_r_b_._c_o_n_f(5). If the host is successfully filled in, the
- routine returns KSUCCESS. If the file cannot be opened, and _n equals
- 1, then the value of KRB_HOST as defined in _<_k_r_b_._h_> is filled in, and
- KSUCCESS is returned. If there are fewer than _n hosts running a
- Kerberos KDC for the requested realm, or the configuration file is
- malformed, the routine returns KFAILURE.
-
- _k_r_b___g_e_t___a_d_m_h_s_t fills in _h_o_s_t with the hostname of the _nth host running
- a Kerberos KDC database administration server for realm _r_e_a_l_m, as
- specified in the configuration file (_/_e_t_c_/_k_r_b_._c_o_n_f). If the file
- cannot be opened or is malformed, or there are fewer than _n hosts
- running a Kerberos KDC database administration server, the routine
- returns KFAILURE.
-
- The character arrays used as return values for _k_r_b___g_e_t___k_r_b_h_s_t,
- _k_r_b___g_e_t___a_d_m_h_s_t, should be large enough to hold any hostname
- (MAXHOSTNAMELEN from <sys/param.h>).
-
- _k_r_b___g_e_t___l_r_e_a_l_m fills in _r_e_a_l_m with the _nth realm of the local host, as
- specified in the configuration file. _r_e_a_l_m should be at least
- REALM_SZ (from _<_k_r_b_._h_>_)characters_l_o_n_g_.
-
- SSEEEE AALLSSOO
- kerberos(3), krb.conf(5), krb.realms(5)
-
- FFIILLEESS
- /etc/krb.realms translation file for host-to-realm mapping.
-
- /etc/krb.conf local realm-name and realm/server configuration
- file.
-
- BBUUGGSS
- The current convention for instance names is too limited; the full
- domain name should be used.
-
- _k_r_b___g_e_t___l_r_e_a_l_m currently only supports _n = 1. It should really
- consult the user's ticket cache to determine the user's current realm,
- rather than consulting a file on the host.
-
-
-
-
-
-
-
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/krb_sendauth.cat3 b/kerberosIV/src/man/krb_sendauth.cat3
deleted file mode 100644
index e4513c84a67..00000000000
--- a/kerberosIV/src/man/krb_sendauth.cat3
+++ /dev/null
@@ -1,264 +0,0 @@
-
-
-
- KKRRBB__SSEENNDDAAUUTTHH((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__SSEENNDDAAUUTTHH((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- krb_sendauth, krb_recvauth, krb_net_write, krb_net_read - Kerberos
- routines for sending authentication via network stream sockets
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkrrbb..hh>>
- ##iinncclluuddee <<ddeess..hh>>
- ##iinncclluuddee <<nneettiinneett//iinn..hh>>
-
- iinntt kkrrbb__sseennddaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, rreeaallmm,, cchheecckkssuumm,,
- mmssgg__ddaattaa,, ccrreedd,, sscchheedduullee,, llaaddddrr,, ffaaddddrr,, vveerrssiioonn))
- lloonngg ooppttiioonnss;;
- iinntt ffdd;;
- KKTTEEXXTT kktteexxtt;;
- cchhaarr **sseerrvviiccee,, **iinnsstt,, **rreeaallmm;;
- uu__lloonngg cchheecckkssuumm;;
- MMSSGG__DDAATT **mmssgg__ddaattaa;;
- CCRREEDDEENNTTIIAALLSS **ccrreedd;;
- KKeeyy__sscchheedduullee sscchheedduullee;;
- ssttrruucctt ssoocckkaaddddrr__iinn **llaaddddrr,, **ffaaddddrr;;
- cchhaarr **vveerrssiioonn;;
-
- iinntt kkrrbb__rreeccvvaauutthh((ooppttiioonnss,, ffdd,, kktteexxtt,, sseerrvviiccee,, iinnsstt,, ffaaddddrr,, llaaddddrr,,
- aauutthh__ddaattaa,, ffiilleennaammee,, sscchheedduullee,, vveerrssiioonn))
- lloonngg ooppttiioonnss;;
- iinntt ffdd;;
- KKTTEEXXTT kktteexxtt;;
- cchhaarr **sseerrvviiccee,, **iinnsstt;;
- ssttrruucctt ssoocckkaaddddrr__iinn **ffaaddddrr,, **llaaddddrr;;
- AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
- cchhaarr **ffiilleennaammee;;
- KKeeyy__sscchheedduullee sscchheedduullee;;
- cchhaarr **vveerrssiioonn;;
-
- iinntt kkrrbb__nneett__wwrriittee((ffdd,, bbuuff,, lleenn))
- iinntt ffdd;;
- cchhaarr **bbuuff;;
- iinntt lleenn;;
-
- iinntt kkrrbb__nneett__rreeaadd((ffdd,, bbuuff,, lleenn))
- iinntt ffdd;;
- cchhaarr **bbuuff;;
- iinntt lleenn;;
-
- DDEESSCCRRIIPPTTIIOONN
- These functions, which are built on top of the core Kerberos library,
- provide a convenient means for client and server programs to send
- authentication messages to one another through network connections.
- The _k_r_b___s_e_n_d_a_u_t_h function sends an authenticated ticket from the
- client program to the server program by writing the ticket to a
- network socket. The _k_r_b___r_e_c_v_a_u_t_h function receives the ticket from
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKRRBB__SSEENNDDAAUUTTHH((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__SSEENNDDAAUUTTHH((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- the client by reading from a network socket.
-
-
- KKRRBB__SSEENNDDAAUUTTHH
- This function writes the ticket to the network socket specified by the
- file descriptor _f_d_, returning KSUCCESS if the write proceeds
- successfully, and an error code if it does not.
-
- The _k_t_e_x_t argument should point to an allocated KTEXT_ST structure.
- The _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments specify the server program's
- Kerberos principal name, instance, and realm. If you are writing a
- client that uses the local realm exclusively, you can set the _r_e_a_l_m
- argument to NULL.
-
- The _v_e_r_s_i_o_n argument allows the client program to pass an application-
- specific version string that the server program can then match against
- its own version string. The _v_e_r_s_i_o_n string can be up to KSEND_VNO_LEN
- (see _<_k_r_b_._h_>) characters in length.
-
- The _c_h_e_c_k_s_u_m argument can be used to pass checksum information to the
- server program. The client program is responsible for specifying this
- information. This checksum information is difficult to corrupt
- because _k_r_b___s_e_n_d_a_u_t_h passes it over the network in encrypted form.
- The _c_h_e_c_k_s_u_m argument is passed as the checksum argument to
- _k_r_b___m_k___r_e_q.
-
- You can set _k_r_b___s_e_n_d_a_u_t_h_'_s other arguments to NULL unless you want the
- client and server programs to mutually authenticate themselves. In
- the case of mutual authentication, the client authenticates itself to
- the server program, and demands that the server in turn authenticate
- itself to the client.
-
-
- KKRRBB__SSEENNDDAAUUTTHH AANNDD MMUUTTUUAALL AAUUTTHHEENNTTIICCAATTIIOONN
- If you want mutual authentication, make sure that you read all pending
- data from the local socket before calling _k_r_b___s_e_n_d_a_u_t_h_. Set
- _k_r_b___s_e_n_d_a_u_t_h_'_s _o_p_t_i_o_n_s argument to KKOOPPTT__DDOO__MMUUTTUUAALL (this macro is
- defined in the _k_r_b_._h file); make sure that the _l_a_d_d_r argument points
- to the address of the local socket, and that _f_a_d_d_r points to the
- foreign socket's network address.
-
- _K_r_b___s_e_n_d_a_u_t_h fills in the other arguments-- _m_s_g___d_a_t_a, _c_r_e_d, and
- _s_c_h_e_d_u_l_e--before sending the ticket to the server program. You must,
- however, allocate space for these arguments before calling the
- function.
-
- _K_r_b___s_e_n_d_a_u_t_h supports two other options: KKOOPPTT__DDOONNTT__MMKK__RREEQQ,, and
- KKOOPPTT__DDOONNTT__CCAANNOONN.. If called with _o_p_t_i_o_n_s set as KOPT_DONT_MK_REQ,
- _k_r_b___s_e_n_d_a_u_t_h will not use the _k_r_b___m_k___r_e_q function to retrieve the
- ticket from the Kerberos server. The _k_t_e_x_t argument must point to an
- existing ticket and authenticator (such as would be created by
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKRRBB__SSEENNDDAAUUTTHH((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__SSEENNDDAAUUTTHH((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- _k_r_b___m_k___r_e_q), and the _s_e_r_v_i_c_e_, _i_n_s_t_, and _r_e_a_l_m arguments can be set to
- NULL.
-
- If called with _o_p_t_i_o_n_s set as KOPT_DONT_CANON, _k_r_b___s_e_n_d_a_u_t_h will not
- convert the service's instance to canonical form using
- _k_r_b___g_e_t___p_h_o_s_t(3).
-
- If you want to call _k_r_b___s_e_n_d_a_u_t_h with a multiple _o_p_t_i_o_n_s
- specification, construct _o_p_t_i_o_n_s as a bitwise-OR of the options you
- want to specify.
-
-
- KKRRBB__RREECCVVAAUUTTHH
- The _k_r_b___r_e_c_v_a_u_t_h function reads a ticket/authenticator pair from the
- socket pointed to by the _f_d argument. Set the _o_p_t_i_o_n_s argument as a
- bitwise-OR of the options desired. Currently only KOPT_DO_MUTUAL is
- useful to the receiver.
-
- The _k_t_e_x_t argument should point to an allocated KTEXT_ST structure.
- _K_r_b___r_e_c_v_a_u_t_h fills _k_t_e_x_t with the ticket/authenticator pair read from
- _f_d, then passes it to _k_r_b___r_d___r_e_q.
-
- The _s_e_r_v_i_c_e and _i_n_s_t arguments specify the expected service and
- instance for which the ticket was generated. They are also passed to
- _k_r_b___r_d___r_e_q_. The _i_n_s_t argument may be set to "*" if the caller wishes
- _k_r_b___m_k___r_e_q to fill in the instance used (note that there must be space
- in the _i_n_s_t argument to hold a full instance name, see _k_r_b___m_k___r_e_q(3)).
-
- The _f_a_d_d_r argument should point to the address of the peer which is
- presenting the ticket. It is also passed to _k_r_b___r_d___r_e_q.
-
- If the client and server plan to mutually authenticate one another,
- the _l_a_d_d_r argument should point to the local address of the file
- descriptor. Otherwise you can set this argument to NULL.
-
- The _a_u_t_h___d_a_t_a argument should point to an allocated AUTH_DAT area. It
- is passed to and filled in by _k_r_b___r_d___r_e_q. The checksum passed to the
- corresponding _k_r_b___s_e_n_d_a_u_t_h is available as part of the filled-in
- AUTH_DAT area.
-
- The _f_i_l_e_n_a_m_e argument specifies the filename which the service program
- should use to obtain its service key. _K_r_b___r_e_c_v_a_u_t_h passes _f_i_l_e_n_a_m_e to
- the _k_r_b___r_d___r_e_q function. If you set this argument to "", _k_r_b___r_d___r_e_q
- looks for the service key in the file _/_e_t_c_/_s_r_v_t_a_b_.
-
- If the client and server are performing mutual authenication, the
- _s_c_h_e_d_u_l_e argument should point to an allocated Key_schedule.
- Otherwise it is ignored and may be NULL.
-
- The _v_e_r_s_i_o_n argument should point to a character array of at least
- KSEND_VNO_LEN characters. It is filled in with the version string
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
-
-
-
- KKRRBB__SSEENNDDAAUUTTHH((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__SSEENNDDAAUUTTHH((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- passed by the client to _k_r_b___s_e_n_d_a_u_t_h_.
-
- KKRRBB__NNEETT__WWRRIITTEE AANNDD KKRRBB__NNEETT__RREEAADD
- The _k_r_b___n_e_t___w_r_i_t_e function emulates the write(2) system call, but
- guarantees that all data specified is written to _f_d before returning,
- unless an error condition occurs.
-
- The _k_r_b___n_e_t___r_e_a_d function emulates the read(2) system call, but
- guarantees that the requested amount of data is read from _f_d before
- returning, unless an error condition occurs.
-
- BBUUGGSS
- _k_r_b___s_e_n_d_a_u_t_h_, _k_r_b___r_e_c_v_a_u_t_h_, _k_r_b___n_e_t___w_r_i_t_e_, and _k_r_b___n_e_t___r_e_a_d will not
- work properly on sockets set to non-blocking I/O mode.
-
-
- SSEEEE AALLSSOO
- krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
-
-
- AAUUTTHHOORR
- John T. Kohl, MIT Project Athena
-
- RREESSTTRRIICCTTIIOONNSS
- Copyright 1988, Massachusetts Instititute of Technology. For copying
- and distribution information, please see the file <mit-copyright.h>.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 4 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/krb_set_tkt_string.cat3 b/kerberosIV/src/man/krb_set_tkt_string.cat3
deleted file mode 100644
index 685a27e050b..00000000000
--- a/kerberosIV/src/man/krb_set_tkt_string.cat3
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKRRBB__SSEETT__TTKKTT__SSTTRRIINNGG((33)) MMIITT PPrroojjeecctt AAtthheennaa KKRRBB__SSEETT__TTKKTT__SSTTRRIINNGG((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- krb_set_tkt_string - set Kerberos ticket cache file name
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkrrbb..hh>>
-
- vvooiidd kkrrbb__sseett__ttkktt__ssttrriinngg((ffiilleennaammee))
- cchhaarr **ffiilleennaammee;;
-
- DDEESSCCRRIIPPTTIIOONN
- _k_r_b___s_e_t___t_k_t___s_t_r_i_n_g sets the name of the file that holds the user's
- cache of Kerberos server tickets and associated session keys.
-
- The string _f_i_l_e_n_a_m_e passed in is copied into local storage. Only
- MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are copied
- in for use as the cache file name.
-
- This routine should be called during initialization, before other
- Kerberos routines are called; otherwise the routines which fetch the
- ticket cache file name may be called and return an undesired ticket
- file name until this routine is called.
-
- FFIILLEESS
- /tmp/tkt[uid] default ticket file name, unless the environment
- variable KRBTKFILE is set. [uid] denotes the
- user's uid, in decimal.
-
- SSEEEE AALLSSOO
- kerberos(3), setenv(3)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/ksrvtgt.cat1 b/kerberosIV/src/man/ksrvtgt.cat1
deleted file mode 100644
index 90e9b4e6254..00000000000
--- a/kerberosIV/src/man/ksrvtgt.cat1
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKSSRRVVTTGGTT((11)) MMIITT PPrroojjeecctt AAtthheennaa KKSSRRVVTTGGTT((11))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- ksrvtgt - fetch and store Kerberos ticket-granting-ticket using a
- service key
-
- SSYYNNOOPPSSIISS
- kkssrrvvttggtt name instance [[realm] srvtab]
-
- DDEESSCCRRIIPPTTIIOONN
- _k_s_r_v_t_g_t retrieves a ticket-granting ticket with a lifetime of five (5)
- minutes for the principal _n_a_m_e_._i_n_s_t_a_n_c_e_@_r_e_a_l_m (or
- _n_a_m_e_._i_n_s_t_a_n_c_e_@_l_o_c_a_l_r_e_a_l_m if _r_e_a_l_m is not supplied on the command
- line), decrypts the response using the service key found in _s_r_v_t_a_b (or
- in //eettcc//ssrrvvttaabb if _s_r_v_t_a_b is not specified on the command line), and
- stores the ticket in the standard ticket cache.
-
- This command is intended primarily for use in shell scripts and other
- batch-type facilities.
-
- DDIIAAGGNNOOSSTTIICCSS
- "Generic kerberos failure (kfailure)" can indicate a whole range of
- problems, the most common of which is the inability to read the
- service key file.
-
- FFIILLEESS
- /etc/krb.conf to get the name of the local realm.
-
- /tmp/tkt[uid] The default ticket file.
-
- /etc/srvtab The default service key file.
-
- SSEEEE AALLSSOO
- kerberos(1), kinit(1), kdestroy(1)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/ksrvutil.cat8 b/kerberosIV/src/man/ksrvutil.cat8
deleted file mode 100644
index e7353701bc9..00000000000
--- a/kerberosIV/src/man/ksrvutil.cat8
+++ /dev/null
@@ -1,70 +0,0 @@
-
-
-KSRVUTIL(8) UNIX System Manager's Manual KSRVUTIL(8)
-
-NNAAMMEE
- kkssrrvvuuttiill host kerberos keyfile (srvtab) manipulation utility
-
-SSYYNNOOPPSSIISS
- kkssrrvvuuttiill [--ff _k_e_y_f_i_l_e] [--ii] [--kk] [--pp _p_r_i_n_c_i_p_a_l] [--rr _r_e_a_l_m] _o_p_e_r_a_t_i_o_n
-
-
-DDEESSCCRRIIPPTTIIOONN
- kkssrrvvuuttiill allows a system manager to list or change keys currently in his
- keyfile or to add new keys to the keyfile.
-
- Operation must be one of the following:
-
- list lists the keys in a keyfile showing version number and principal
- name. If the --kk option is given, keys will also be shown.
-
- change changes all the keys in the keyfile by using the regular admin
- protocol. If the --ii flag is given, kkssrrvvuuttiill will prompt for yes
- or no before changing each key. If the --kk option is used, the
- old and new keys will be displayed.
-
- add allows the user to add a key. add prompts for name, instance,
- realm, and key version number, asks for confirmation, and then
- asks for a password. kkssrrvvuuttiill then converts the password to a
- key and appends the keyfile with the new information. If the --kk
- option is used, the key is displayed.
-
- get gets a service from the Kerberos server, possibly creating the
- principal. Names, instances and realms for the service keys to
- get are prompted for. The default principal used in the kadmin
- transcation is your root instance. This can be changed with the
- --pp option.
-
- In all cases, the default file used is KEY_FILE as defined in krb.h un-
- less this is overridden by the --ff option.
-
- A good use for kkssrrvvuuttiill would be for adding keys to a keyfile. A system
- manager could ask a kerberos administrator to create a new service key
- with kadmin(8) and could supply an initial password. Then, he could use
- kkssrrvvuuttiill to add the key to the keyfile and then to change the key so that
- it will be random and unknown to either the system manager or the ker-
- beros administrator.
-
- kkssrrvvuuttiill always makes a backup copy of the keyfile before making any
- changes.
-
-
-DDIIAAGGNNOOSSTTIICCSS
- If kkssrrvvuuttiill should exit on an error condition at any time during a change
- or add, a copy of the original keyfile can be found in _f_i_l_e_n_a_m_e.old where
- _f_i_l_e_n_a_m_e is the name of the keyfile, and a copy of the file with all new
- keys changed or added so far can be found in _f_i_l_e_n_a_m_e.work. The original
- keyfile is left unmodified until the program exits at which point it is
- removed and replaced it with the workfile. Appending the workfile to the
- backup copy and replacing the keyfile with the result should always give
- a usable keyfile, although the resulting keyfile will have some out of
- date keys in it.
-
-
-SSEEEE AALLSSOO
- kadmin(8), ksrvtgt(1)
-
-AAUUTTHHOORR
- Emanuel Jay Berkenbilt, MIT Project Athena
-
- KTH-KRB May 4, 1996 2
diff --git a/kerberosIV/src/man/kstash.cat8 b/kerberosIV/src/man/kstash.cat8
deleted file mode 100644
index d26d4ee0bed..00000000000
--- a/kerberosIV/src/man/kstash.cat8
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKSSTTAASSHH((88)) MMIITT PPrroojjeecctt AAtthheennaa KKSSTTAASSHH((88))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kstash - stash Kerberos key distribution center database master key
-
- SSYYNNOOPPSSIISS
- kstash
-
- DDEESSCCRRIIPPTTIIOONN
- _k_s_t_a_s_h saves the Kerberos key distribution center (KDC) database
- master key in the master key cache file.
-
- The user is prompted to enter the key, to verify the authenticity of
- the key and the authorization to store the key in the file.
-
- DDIIAAGGNNOOSSTTIICCSS
- "verify_master_key: Invalid master key, does not match database."
- The master key string entered was incorrect.
-
- "kstash: Unable to open master key file"
- The attempt to open the cache file for writing
- failed (probably due to a system or access
- permission error).
-
- "kstash: Write I/O error on master key file"
- The wwrriittee(2) system call returned an error while
- _k_s_t_a_s_h was attempting to write the key to the
- file.
-
- FFIILLEESS
- /var/kerberos/principal.pag, /var/kerberos/principal.dir
- DBM files containing database
-
- /.k Master key cache file.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kuserok.cat3 b/kerberosIV/src/man/kuserok.cat3
deleted file mode 100644
index 45079697d98..00000000000
--- a/kerberosIV/src/man/kuserok.cat3
+++ /dev/null
@@ -1,66 +0,0 @@
-
-
-
- KKUUSSEERROOKK((33)) MMIITT PPrroojjeecctt AAtthheennaa KKUUSSEERROOKK((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- kuserok - Kerberos version of ruserok
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkrrbb..hh>>
-
- kkuusseerrookk((kkddaattaa,, llooccaalluusseerr))
- AAUUTTHH__DDAATT **aauutthh__ddaattaa;;
- cchhaarr **llooccaalluusseerr;;
-
- DDEESSCCRRIIPPTTIIOONN
- _k_u_s_e_r_o_k determines whether a Kerberos principal described by the
- structure _a_u_t_h___d_a_t_a is authorized to login as user _l_o_c_a_l_u_s_e_r according
- to the authorization file ("~_l_o_c_a_l_u_s_e_r/.klogin" by default). It
- returns 0 (zero) if authorized, 1 (one) if not authorized.
-
- If there is no account for _l_o_c_a_l_u_s_e_r on the local machine,
- authorization is not granted. If there is no authorization file, and
- the Kerberos principal described by _a_u_t_h___d_a_t_a translates to _l_o_c_a_l_u_s_e_r
- (using _k_r_b___k_n_t_o_l_n(3)), authorization is granted. If the authorization
- file can't be accessed, or the file is not owned by _l_o_c_a_l_u_s_e_r_,
- authorization is denied. Otherwise, the file is searched for a
- matching principal name, instance, and realm. If a match is found,
- authorization is granted, else authorization is denied.
-
- The file entries are in the format:
- name.instance@realm
- with one entry per line.
-
- For convenience ~localuser@LOCALREALM is always considered to be an
- entry in the file even when there is no file or the file is
- unreadable.
-
- SSEEEE AALLSSOO
- kerberos(3), ruserok(3), krb_kntoln(3)
-
- FFIILLEESS
- ~_l_o_c_a_l_u_s_e_r/.klogin authorization list
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/kx.cat1 b/kerberosIV/src/man/kx.cat1
deleted file mode 100644
index ce22926ec6a..00000000000
--- a/kerberosIV/src/man/kx.cat1
+++ /dev/null
@@ -1,39 +0,0 @@
-
-KX(1) UNIX Reference Manual KX(1)
-
-NNAAMMEE
- kkxx - securely forward X conections
-
-SSYYNNOOPPSSIISS
- _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
-
-DDEESSCCRRIIPPTTIIOONN
- The kkxx program forwards a X connection from a remote client to a local
- screen through an authenticated and encrypted stream. Options supported
- by kkxx:
-
- --ll Log in on remote the host as user _u_s_e_r_n_a_m_e.
-
- --kk Do not enable keep-alives on the TCP connections.
-
- --dd Do not fork. This is mainly useful for debugging.
-
- --tt Listen not only on a UNIX-domain socket but on a TCP socket as
- well.
-
- --pp Use the port _p_o_r_t.
-
- --PP Force passive mode.
-
- This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
- run it directly.
-
- It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
- from the remote X clients to the local server. When started, it prints
- the display and Xauthority-file to be used on host _h_o_s_t and then goes to
- the background, waiting for connections from the remote kkxxdd..
-
-SSEEEE AALLSSOO
- rxtelnet(1), rxterm(1), kxd(8)
-
- KTH-KRB September 27, 1996 1
diff --git a/kerberosIV/src/man/kxd.cat8 b/kerberosIV/src/man/kxd.cat8
deleted file mode 100644
index 51ba99d2b4e..00000000000
--- a/kerberosIV/src/man/kxd.cat8
+++ /dev/null
@@ -1,38 +0,0 @@
-
-KXD(8) UNIX System Manager's Manual KXD(8)
-
-NNAAMMEE
- kkxxdd - securely forward X conections
-
-SSYYNNOOPPSSIISS
- _k_x_d [--tt] [--ii] [--pp _p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
- This is the daemon for kkxx.
-
- Options supported by kkxxdd:
-
- --tt TCP. Normally kkxxdd will only listen for X connections on a UNIX
- socket, but some machines (for example, Cray) have X libraries
- that are not able to use UNIX sockets and thus you need to use
- TCP to talk to the pseudo-xserver created by kkxxdd.. This option de-
- creases the security significantly and should only be used when
- it is necessary and you have considered the consequences of doing
- so.
-
- --ii Interactive. Do not expect to be started by iinneettdd,, but allocate
- and listen to the socket yourself. Handy for testing and debug-
- ging.
-
- --pp Port. Listen on the port _p_o_r_t. Only usable with --ii.
-
-
-EEXXAAMMPPLLEESS
- Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
-
- kx stream tcp nowait root /usr/athena/libexec/kxd kxd
-
-SSEEEE AALLSSOO
- kx(1), rxtelnet(1), rxterm(1)
-
- KTH-KRB September 27, 1996 1
diff --git a/kerberosIV/src/man/login.access.cat5 b/kerberosIV/src/man/login.access.cat5
deleted file mode 100644
index d849951e4ae..00000000000
--- a/kerberosIV/src/man/login.access.cat5
+++ /dev/null
@@ -1,44 +0,0 @@
-
-SKEY.ACCESS(5) UNIX Programmer's Manual SKEY.ACCESS(5)
-
-NNAAMMEE
- llooggiinn..aacccceessss - Login access control table
-
-DDEESSCCRRIIPPTTIIOONN
- The llooggiinn..aacccceessss file specifies (user, host) combinations and/or (user,
- tty) combinations for which a login will be either accepted or refused.
-
- When someone logs in, the llooggiinn..aacccceessss is scanned for the first entry
- that matches the (user, host) combination, or, in case of non-networked
- logins, the first entry that matches the (user, tty) combination. The
- permissions field of that table entry determines whether the login will
- be accepted or refused.
-
- Each line of the login access control table has three fields separated by
- a ":" character: permission : users : origins
-
- The first field should be a "+" (access granted) or "-" (access denied)
- character. The second field should be a list of one or more login names,
- group names, or ALL (always matches). The third field should be a list
- of one or more tty names (for non-networked logins), host names, domain
- names (begin with "."), host addresses, internet network numbers (end
- with "."), ALL (always matches) or LOCAL (matches any string that does
- not contain a "." character). If you run NIS you can use @netgroupname in
- host or user patterns.
-
- The EXCEPT operator makes it possible to write very compact rules.
-
- The group file is searched only when a name does not match that of the
- logged-in user. Only groups are matched in which users are explicitly
- listed: the program does not look at a user's primary group id value.
-
-FFIILLEESS
- /etc/login.access The llooggiinn..aacccceessss file resides in _/_e_t_c.
-
-SSEEEE AALLSSOO
- login(1)
-
-AAUUTTHHOORR
- Guido van Rooij
-
- FreeBSD April 30, 1994 1
diff --git a/kerberosIV/src/man/login.cat1 b/kerberosIV/src/man/login.cat1
deleted file mode 100644
index 8c35ea1e709..00000000000
--- a/kerberosIV/src/man/login.cat1
+++ /dev/null
@@ -1,73 +0,0 @@
-
-LOGIN(1) UNIX Reference Manual LOGIN(1)
-
-NNAAMMEE
- llooggiinn - log into the computer
-
-SSYYNNOOPPSSIISS
- llooggiinn [--ffpp] [--hh _h_o_s_t_n_a_m_e] [_u_s_e_r]
-
-DDEESSCCRRIIPPTTIIOONN
- NNoottee:: this manual page describes the original login program for NetBSD.
- Everything in here might not be true.
-
- The llooggiinn utility logs users (and pseudo-users) into the computer system.
-
- If no user is specified, or if a user is specified and authentication of
- the user fails, llooggiinn prompts for a user name. Authentication of users
- is done via passwords.
-
- The options are as follows:
-
- --ff The --ff option is used when a user name is specified to indicate
- that proper authentication has already been done and that no
- password need be requested. This option may only be used by the
- super-user or when an already logged in user is logging in as
- themselves.
-
- --hh The --hh option specifies the host from which the connection was
- received. It is used by various daemons such as telnetd(8).
- This option may only be used by the super-user.
-
- --pp By default, llooggiinn discards any previous environment. The --pp op-
- tion disables this behavior.
-
- If the file _/_e_t_c_/_n_o_l_o_g_i_n exists, llooggiinn dislays its contents to the user
- and exits. This is used by shutdown(8) to prevent users from logging in
- when the system is about to go down.
-
- If the file _/_e_t_c_/_f_b_t_a_b exists, llooggiinn changes the protection and ownership
- of certain devices specified in this file.
-
- Immediately after logging a user in, llooggiinn displays the system copyright
- notice, the date and time the user last logged in, the message of the day
- as well as other information. If the file ``_._h_u_s_h_l_o_g_i_n'' exists in the
- user's home directory, all of these messages are suppressed. This is to
- simplify logins for non-human users, such as uucp(1). LLooggiinn then records
- an entry in the wtmp(5) and utmp(5) files and executes the user's command
- interpretor.
-
- Login enters information into the environment (see environ(7)) specify-
- ing the user's home directory (HOME), command interpreter (SHELL), search
- path (PATH), terminal type (TERM) and user name (both LOGNAME and USER).
-
- The standard shells, csh(1) and sh(1), do not fork before executing the
- llooggiinn utility.
-
-FFIILLEESS
- /etc/fbtab changes device protections
- /etc/motd message-of-the-day
- /etc/nologin disallows logins
- /var/run/utmp current logins
- /var/log/wtmp login account records
- /var/mail/user system mailboxes
- .hushlogin makes login quieter
-
-SSEEEE AALLSSOO
- chpass(1), passwd(1), rlogin(1), getpass(3), fbtab(5), utmp(5), en-
- viron(7)
-
-HHIISSTTOORRYY
- A llooggiinn appeared in Version 6 AT&T UNIX.
-
-4th Berkeley Distribution June 9, 1993 2
diff --git a/kerberosIV/src/man/movemail.cat1 b/kerberosIV/src/man/movemail.cat1
deleted file mode 100644
index a11c6dee734..00000000000
--- a/kerberosIV/src/man/movemail.cat1
+++ /dev/null
@@ -1,27 +0,0 @@
-
-MOVEMAIL(1) UNIX Reference Manual MOVEMAIL(1)
-
-NNAAMMEE
- mmoovveemmaaiill - Fetch mail from a spool file or using the KPOP protocol
-
-SSYYNNPPOOSSYYSS
- mmoovveemmaaiill _i_n_b_o_x _d_e_s_t_f_i_l_e
-
-DDEESSCCRRIIPPTTIIOONN
- The mmoovveemmaaiill program fetches mail from _i_n_b_o_x, which can be a file name or
- po:username meaning fetch the mails with KPOP from the host MAILHOST.
-
- This program is intended to be called from mail user agents that are
- themselves not able to fetch the mail. The primary example of this is
- Emacs.
-
-EENNVVIIRROONNMMEENNTT
- MAILHOST The host from which to fetch the mail.
-
-SSEEEE AALLSSOO
- popper(8)
-
-HHIISSTTOORRYY
- movemail comes from Emacs 19.30
-
- KTH-KRB November 14, 1996 1
diff --git a/kerberosIV/src/man/otp.cat1 b/kerberosIV/src/man/otp.cat1
deleted file mode 100644
index 76ffa02c360..00000000000
--- a/kerberosIV/src/man/otp.cat1
+++ /dev/null
@@ -1,44 +0,0 @@
-
-OTP(1) UNIX Reference Manual OTP(1)
-
-NNAAMMEE
- oottpp - manages one-time passwords
-
-SSYYNNOOPPSSIISS
- _o_t_p [--rr] [--dd] [--oo] [--ll] [--hh] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r
- _s_e_e_d
-
-DDEESSCCRRIIPPTTIIOONN
- The oottpp program initializes and updates your current series of one-time
- passwords (OTPs).
-
- Use this to set a new series of one-time passwords. Only perform this on
- the console or over an encrypted link as you will have to supply your
- pass-phrase. The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
-
- Options are:
-
- --rr To renew a one-time password series. This operation can be per-
- formed over an potentially eavesdropped link because you do not
- supply the pass-phrase. First you need to supply the current
- one-time password and then the new one corresponding to the sup-
- plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
-
- --dd To delete a one-time password.
-
- --oo To open (unlock) the otp-entry for a user.
-
- --ll List the current table of one-time passwords.
-
- --hh For getting a help message.
-
- --ff Choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any of:
- md4, md5, and sha.
-
- --uu To choose a different _u_s_e_r to set one-time passwords for. This
- only works when running oottpp as root.
-
-SSEEEE AALLSSOO
- otpprint(1)
-
- KTH-KRB November 17, 1996 1
diff --git a/kerberosIV/src/man/otpprint.cat1 b/kerberosIV/src/man/otpprint.cat1
deleted file mode 100644
index e31e70ed139..00000000000
--- a/kerberosIV/src/man/otpprint.cat1
+++ /dev/null
@@ -1,36 +0,0 @@
-
-OTP(1) UNIX Reference Manual OTP(1)
-
-NNAAMMEE
- oottpppprriinntt - print lists of one-time passwords
-
-SSYYNNOOPPSSIISS
- _o_t_p [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
-
-DDEESSCCRRIIPPTTIIOONN
- The oottpppprriinntt program prints lists of OTPs.
-
- Use this to print out a series of one-time passwords. You will have to
- supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program
- will prompt you for your pass-phrase.
-
- There are several different print formats. The default is to print each
- password with six short english words.
-
- Options are:
-
- --nn Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and
- going backwards. The default is 10.
-
- --hh Print the passwords in hex.
-
- --ee Print the passwords in ``extended'' format. In this format a
- prefix that says ``hex:'' or ``word:'' is included.
-
- --ff To choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any
- of: md4, md5, and sha.
-
-SSEEEE AALLSSOO
- otp(1)
-
- KTH-KRB November 17, 1996 1
diff --git a/kerberosIV/src/man/pagsh.cat1 b/kerberosIV/src/man/pagsh.cat1
deleted file mode 100644
index 623c5b9c08f..00000000000
--- a/kerberosIV/src/man/pagsh.cat1
+++ /dev/null
@@ -1,17 +0,0 @@
-
-PAGSH(1) UNIX Reference Manual PAGSH(1)
-
-NNAAMMEE
- ppaaggsshh - execute a command without authentication
-
-SSYYNNOOPPSSIISS
- ppaaggsshh [[--cc]ccoommmmaanndd _a_r_g_s]
-
-DDEESSCCRRIIPPTTIIOONN
- Starts a new subprocess that is detached from any Kerberos ticket cache
- and AFS tokens. Without ccoommmmaanndd a new shell is started.
-
-EENNVVIIRROONNMMEENNTT
- $SHELL Default shell.
-
- KTH-KRB April 27, 1996 1
diff --git a/kerberosIV/src/man/popper.cat8 b/kerberosIV/src/man/popper.cat8
deleted file mode 100644
index 7753d5e747b..00000000000
--- a/kerberosIV/src/man/popper.cat8
+++ /dev/null
@@ -1,198 +0,0 @@
-
-
-
- ppooppppeerr((88)) ppooppppeerr((88))
- AAuugguusstt 11999900
-
-
-
- NNAAMMEE
- popper - pop 3 server
-
- SSYYNNOOPPSSIISS
- //uussrr//eettcc//ppooppppeerr [ -d ] [ -a ] [ -k ] [ -t trace-file] [ -i ] [ -p
- portnum]
-
- DDEESSCCRRIIPPTTIIOONN
- _P_o_p_p_e_r is an implementation of the Post Office Protocol server that
- runs on a variety of Unix computers to manage electronic mail for
- Macintosh and MS-DOS computers. The server was developed at the
- University of California at Berkeley and conforms fully to the
- specifications in RFC 1081 and RFC 1082. The Berkeley server also has
- extensions to send electronic mail on behalf of a client.
-
- The --dd flag sets the socket to debugging and turns on debugging. All
- debugging information is saved using syslog(8).
-
- The --tt ttrraaccee--ffiillee flag turns on debugging and saves the trace
- information in _t_r_a_c_e_-_f_i_l_e using fprintf(s).
-
- The --kk flag tells popper to talk the kerberised POP protocol (KPOP).
-
- The --aa flag tells popper not to accept any cleartext passwords, but
- only OTPs.
-
- The --ii flag tells popper it has not been started by inetd and should
- create its own socket and listen on it. This is useful for debugging.
-
- The --pp ppoorrttnnuumm flag tells popper on which port it should listen for
- connections when creating a socket.
-
- HHOOWW TTOO OOBBTTAAIINN TTHHEE SSEERRVVEERR
- The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
- (128.32.136.9, 128.32.206.12). It is in two files in the pub
- directory: a compressed tar file popper.tar.Z and a Macintosh StuffIt
- archive in BinHex format called MacPOP.sit.hqx.
-
- TTHHEE PPOOPP TTRRAANNSSAACCTTIIOONN CCYYCCLLEE
- The Berkeley POP server is a single program (called popper) that is
- launched by inetd when it gets a service request on the POP TCP port.
- (The official port number specified in RFC 1081 for POP version 3 is
- port 110. However, some POP3 clients attempt to contact the server at
- port 109, the POP version 2 port. Unless you are running both POP2
- and POP3 servers, you can simply define both ports for use by the POP3
- server. This is explained in the installation instructions later on.)
- The popper program initializes and verifies that the peer IP address
- is registered in the local domain, logging a warning message when a
- connection is made to a client whose IP address does not have a
- canonical name. For systems using BSD 4.3 bind, it also checks to see
- if a cannonical name lookup for the client returns the same peer IP
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- ppooppppeerr((88)) ppooppppeerr((88))
- AAuugguusstt 11999900
-
-
-
- address, logging a warning message if it does not. The the server
- enters the authorization state, during which the client must correctly
- identify itself by providing a valid Unix userid and password on the
- server's host machine. No other exchanges are allowed during this
- state (other than a request to quit.) If authentication fails, a
- warning message is logged and the session ends. Once the user is
- identified, popper changes its user and group ids to match that of the
- user and enters the transaction state. The server makes a temporary
- copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
- used for all subsequent transactions. These include the bulk of POP
- commands to retrieve mail, delete mail, undelete mail, and so forth.
- A Berkeley extension also allows the user to submit a mail parcel to
- the server who mails it using the sendmail program (this extension is
- supported in the HyperMail client distributed with the server). When
- the client quits, the server enters the final update state during
- which the network connection is terminated and the user's maildrop is
- updated with the (possibly) modified temporary maildrop.
-
- LLOOGGGGIINNGG
- The POP server uses syslog to keep a record of its activities. On
- systems with BSD 4.3 syslogging, the server logs (by default) to the
- "local0" facility at priority "notice" for all messages except
- debugging which is logged at priority "debug". The default log file
- is /usr/spool/mqueue/POPlog. These can be changed, if desired. On
- systems with 4.2 syslogging all messages are logged to the local log
- file, usually /usr/spool/mqueue/syslog.
-
- DDEEBBUUGGGGIINNGG
- The popper program will log debugging information when the -d
- parameter is specified after its invocation in the inetd.conf file.
- Care should be exercised in using this option since it generates
- considerable output in the syslog file. Alternatively, the "-t <file-
- name>" option will place debugging information into file "<file-name>"
- using fprintf instead of syslog.
-
- For SunOS version 3.5, the popper program is launched by inetd from
- /etc/servers. This file does not allow you to specify command line
- arguments. Therefore, if you want to enable debugging, you can
- specify a shell script in /etc/servers to be launched instead of
- popper and in this script call popper with the desired arguments.
-
- You can confirm that the POP server is running on Unix by telneting to
- port 110 (or 109 if you set it up that way). For example:
-
- %telnet myhost 110
- Trying...
- Connected to myhost.berkeley.edu.
- Escape character is '^]'.
- +OK UCB Pop server (version 1.6) at myhost starting.
- quit
- Connection closed by foreign host.
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
-
-
-
- ppooppppeerr((88)) ppooppppeerr((88))
- AAuugguusstt 11999900
-
-
-
- VVEERRSSIIOONN 11..77 RREELLEEAASSEE NNOOTTEESS
- Extensive re-write of the maildrop processing code contributed by
- Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
- possibility that the maildrop can be corrupted as the result of
- simultaneous access by two or more processes.
-
- Added "pop_dropcopy" module to create a temporary maildrop from the
- existing, standard maildrop as root before the setuid and setgid for
- the user is done. This allows the temporary maildrop to be created in
- a mail spool area that is not world read-writable.
-
- This version does *not* send the sendmail "From " delimiter line in
- response to a TOP or RETR command.
-
- Encased all debugging code in #ifdef DEBUG constructs. This code can
- be included by specifying the DEGUG compiler flag. Note: You still
- need to use the -d or -t option to obtain debugging output.
-
- LLIIMMIITTAATTIIOONNSS
- The POP server copies the user's entire maildrop to /tmp and then
- operates on that copy. If the maildrop is particularly large, or
- inadequate space is available in /tmp, then the server will refuse to
- continue and terminate the connection.
-
- Simultaneous modification of a single maildrop can result in confusing
- results. For example, manipulating messages in a maildrop using the
- Unix /usr/ucb/mail command while a copy of it is being processed by
- the POP server can cause the changes made by one program to be lost
- when the other terminates. This problem is being worked on and will
- be fixed in a later release.
-
- FFIILLEESS
- /usr/spool/mail mail files
- /etc/inetd.conf pop program invocation
- /etc/syslog.conf logging specifications
-
- SSEEEE AALLSSOO
- inetd(8), RFC1081, RFC1082
-
- AAUUTTHHOORRSS
- Bob Campbell, Edward Moy, Austin Shelton, Marshall T Rose, and cast of
- thousands at Rand, UDel, UCI, and elsewhere
-
-
-
-
-
-
-
-
-
-
-
-
- - 3 - Formatted: December 16, 1999
-
-
-
diff --git a/kerberosIV/src/man/rcp.cat1 b/kerberosIV/src/man/rcp.cat1
deleted file mode 100644
index c7f866ce309..00000000000
--- a/kerberosIV/src/man/rcp.cat1
+++ /dev/null
@@ -1,66 +0,0 @@
-
-RCP(1) UNIX Reference Manual RCP(1)
-
-NNAAMMEE
- rrccpp - remote file copy
-
-SSYYNNOOPPSSIISS
- rrccpp [--KKppxx] [--kk _r_e_a_l_m] _f_i_l_e_1 _f_i_l_e_2
- rrccpp [--KKpprrxx] [--kk _r_e_a_l_m] _f_i_l_e _._._. _d_i_r_e_c_t_o_r_y
-
-DDEESSCCRRIIPPTTIIOONN
- RRccpp copies files between machines. Each _f_i_l_e or _d_i_r_e_c_t_o_r_y argument is
- either a remote file name of the form ``rname@rhost:path'', or a local
- file name (containing no `:' characters, or a `/' before any `:'s).
-
- --KK The --KK option turns off all Kerberos authentication.
-
- --kk The --kk option requests rrccpp to obtain tickets for the remote host in
- realm _r_e_a_l_m instead of the remote host's realm as determined by
- krb_realmofhost(3).
-
- --pp The --pp option causes rrccpp to attempt to preserve (duplicate) in its
- copies the modification times and modes of the source files, ignor-
- ing the _u_m_a_s_k. By default, the mode and owner of _f_i_l_e_2 are pre-
- served if it already existed; otherwise the mode of the source file
- modified by the umask(2) on the destination host is used.
-
- --rr If any of the source files are directories, rrccpp copies each subtree
- rooted at that name; in this case the destination must be a direc-
- tory.
-
- --xx The --xx option turns on DES encryption for all data passed by rrccpp.
- This may impact response time and CPU utilization, but provides in-
- creased security.
-
- If _p_a_t_h is not a full path name, it is interpreted relative to the login
- directory of the specified user _r_u_s_e_r on _r_h_o_s_t, or your current user name
- if no other remote user name is specified. A _p_a_t_h on a remote host may
- be quoted (using \, ", or ') so that the metacharacters are interpreted
- remotely.
-
- RRccpp does not prompt for passwords; it performs remote execution via
- rsh(1), and requires the same authorization.
-
- RRccpp handles third party copies, where neither source nor target files are
- on the current machine.
-
-SSEEEE AALLSSOO
- cp(1), ftp(1), rsh(1), rlogin(1)
-
-HHIISSTTOORRYY
- The rrccpp command appeared in 4.2BSD. The version of rrccpp described here has
- been reimplemented with Kerberos in 4.3BSD-Reno.
-
-BBUUGGSS
- Doesn't detect all cases where the target of a copy might be a file in
- cases where only a directory should be legal.
-
- Is confused by any output generated by commands in a _._l_o_g_i_n, _._p_r_o_f_i_l_e, or
- _._c_s_h_r_c file on the remote host.
-
- The destination user and hostname may have to be specified as
- ``rhost.rname'' when the destination machine is running the 4.2BSD ver-
- sion of rrccpp.
-
-4.3-Reno Berkeley Distribution May 31, 1993 1
diff --git a/kerberosIV/src/man/rlogin.cat1 b/kerberosIV/src/man/rlogin.cat1
deleted file mode 100644
index 59e15bfe0ab..00000000000
--- a/kerberosIV/src/man/rlogin.cat1
+++ /dev/null
@@ -1,92 +0,0 @@
-
-RLOGIN(1) UNIX Reference Manual RLOGIN(1)
-
-NNAAMMEE
- rrllooggiinn - remote login
-
-SSYYNNOOPPSSIISS
- _r_l_o_g_i_n [--88EEKKLLddxx] [--ee _c_h_a_r] [--kk _r_e_a_l_m] [--ll _u_s_e_r_n_a_m_e] [--pp _p_o_r_t_n_u_m_b_e_r] _h_o_s_t
-
-DDEESSCCRRIIPPTTIIOONN
- RRllooggiinn starts a terminal session on a remote host _h_o_s_t.
-
- RRllooggiinn first attempts to use the Kerberos authorization mechanism, de-
- scribed below. If the remote host does not supporting Kerberos the stan-
- dard Berkeley _r_h_o_s_t_s authorization mechanism is used. The options are as
- follows:
-
- --88 The --88 option allows an eight-bit input data path at all times;
- otherwise parity bits are stripped except when the remote side's
- stop and start characters are other than ^S/^Q .
-
- --EE The --EE option stops any character from being recognized as an es-
- cape character. When used with the --88 option, this provides a com-
- pletely transparent connection.
-
- --KK The --KK option turns off all Kerberos authentication.
-
- --LL The --LL option allows the rlogin session to be run in ``litout''
- (see tty(4)) mode.
-
- --dd The --dd option turns on socket debugging (see setsockopt(2)) on the
- TCP sockets used for communication with the remote host.
-
- --ee The --ee option allows user specification of the escape character,
- which is ``~'' by default. This specification may be as a literal
- character, or as an octal value in the form \nnn.
-
- --kk The option requests rlogin to obtain tickets for the remote host in
- realm _r_e_a_l_m instead of the remote host's realm as determined by
- krb_realmofhost(3).
-
- --xx The --xx option turns on DES encryption for all data passed via the
- rlogin session. This may impact response time and CPU utilization,
- but provides increased security.
-
- --DD Use the TCP nodelay option (see setsockopt(2)).
-
- --pp --ppoorrttnnuummbbeerr
- Specifies the port number to connect to on the remote host.
-
- A line of the form ``<escape char>.'' disconnects from the remote host.
- Similarly, the line ``<escape char>^Z'' will suspend the rrllooggiinn session,
- and ``<escape char><delayed-suspend char>'' suspends the send portion of
- the rlogin, but allows output from the remote system. By default, the
- tilde (``~'') character is the escape character, and normally control-Y
- (``^Y'') is the delayed-suspend character.
-
- All echoing takes place at the remote site, so that (except for delays)
- the rrllooggiinn is transparent. Flow control via ^S/^Q and flushing of input
- and output on interrupts are handled properly.
-
-KKEERRBBEERROOSS AAUUTTHHEENNTTIICCAATTIIOONN
- Each user may have a private authorization list in the file _._k_l_o_g_i_n in
- their home directory. Each line in this file should contain a Kerberos
- principal name of the form _p_r_i_n_c_i_p_a_l_._i_n_s_t_a_n_c_e_@_r_e_a_l_m. If the originating
- user is authenticated to one of the principals named in _._k_l_o_g_i_n, access
- is granted to the account. The principal _a_c_c_o_u_n_t_n_a_m_e_._@_l_o_c_a_l_r_e_a_l_m is
- granted access if there is no _._k_l_o_g_i_n file. Otherwise a login and pass-
- word will be prompted for on the remote machine as in login(1). To avoid
- certain security problems, the _._k_l_o_g_i_n file must be owned by the remote
- user.
-
- If Kerberos authentication fails, a warning message is printed and the
- standard Berkeley rrllooggiinn is used instead.
-
-EENNVVIIRROONNMMEENNTT
- The following environment variable is utilized by rrllooggiinn:
-
- TERM Determines the user's terminal type.
-
-SSEEEE AALLSSOO
- rsh(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3)
-
-HHIISSTTOORRYY
- The rrllooggiinn command appeared in 4.2BSD.
-
-BBUUGGSS
- RRllooggiinn will be replaced by telnet(1) in the near future.
-
- More of the environment should be propagated.
-
-4.2 Berkeley Distribution June 6, 1993 2
diff --git a/kerberosIV/src/man/rlogind.cat8 b/kerberosIV/src/man/rlogind.cat8
deleted file mode 100644
index f3fa8921da1..00000000000
--- a/kerberosIV/src/man/rlogind.cat8
+++ /dev/null
@@ -1,103 +0,0 @@
-
-RLOGIND(8) UNIX System Manager's Manual RLOGIND(8)
-
-NNAAMMEE
- rrllooggiinndd - remote login server
-
-SSYYNNOOPPSSIISS
- rrllooggiinndd [--aaiillnnkkvvxxDD] [--pp _p_o_r_t_n_u_m_b_e_r] [--LL _/_b_i_n_/_l_o_g_i_n]
-
-DDEESSCCRRIIPPTTIIOONN
- RRllooggiinndd is the server for the rlogin(1) program. The server provides a
- remote login facility with kerberos-based authentication or traditional
- pseudo-authentication with privileged port numbers from trusted hosts.
-
- Options supported by rrllooggiinndd:
-
- --aa No-op. For backwards compatibility. Hostnames are always veri-
- fied.
-
- --ll Prevent any authentication based on the user's ``_._r_h_o_s_t_s'' file,
- unless the user is logging in as the superuser.
-
- --nn Disable keep-alive messages.
-
- --kk Enable kerberos authentication.
-
- --ii Do not expect to be spawned by inetd and create a socket and lis-
- ten on it yourself.
-
- --pp --ppoorrttnnuummbbeerr
- Specifies the port number it should listen on in case the
-
- --ii flag has been given.
-
- --vv Vacuous, echo "Remote host requires Kerberos authentication" and
- exit.
-
- --xx Provides an encrypted communications channel. This options re-
- quires the --kk flag.
-
- --LL --ppaatthhnnaammee
- Specify pathname to an alternative login program.
-
- --DD Use the TCP nodelay option (see setsockopt(2)).
-
- When a service request is received, rrllooggiinndd verifies the kerberos ticket
- supplied by the user.
-
- For non-kerberised connections, the following protocol is initiated:
-
- 1. The server checks the client's source port. If the port is not in
- the range 512-1023, the server aborts the connection.
-
- 2. The server checks the client's source address and requests the cor-
- responding host name (see gethostbyaddr(3), hosts(5) and named(8)).
- If the hostname cannot be determined, the dot-notation representa-
- tion of the host address is used. The addresses for the hostname
- are requested, verifying that the name and address correspond. Nor-
- mal authentication is bypassed if the address verification fails.
-
- Once the source port and address have been checked, rrllooggiinndd proceeds with
- the authentication process described in rshd(8).
-
- It then allocates a pseudo terminal (see pty(4)), and manipulates file
- descriptors so that the slave half of the pseudo terminal becomes the
- _s_t_d_i_n, _s_t_d_o_u_t, and _s_t_d_e_r_r for a login process. The login process is an
- instance of the login(1) program, invoked with the --ff option if authenti-
- cation has succeeded. If automatic authentication fails, the user is
- prompted to log in as if on a standard terminal line.
-
- The parent of the login process manipulates the master side of the pseudo
- terminal, operating as an intermediary between the login process and the
- client instance of the rlogin program. In normal operation, the packet
- protocol described in pty(4) is invoked to provide `^S/^Q' type facili-
- ties and propagate interrupt signals to the remote programs. The login
- process propagates the client terminal's baud rate and terminal type, as
- found in the environment variable, `TERM'; see environ(7). The screen or
- window size of the terminal is requested from the client, and window size
- changes from the client are propagated to the pseudo terminal.
-
- Transport-level keepalive messages are enabled unless the --nn option is
- present. The use of keepalive messages allows sessions to be timed out
- if the client crashes or becomes unreachable.
-
-DDIIAAGGNNOOSSTTIICCSS
- All initial diagnostic messages are indicated by a leading byte with a
- value of 1, after which any network connections are closed. If there are
- no errors before login is invoked, a null byte is returned as in indica-
- tion of success.
-
- TTrryy aaggaaiinn..
- A fork by the server failed.
-
-SSEEEE AALLSSOO
- login(1), ruserok(3), rshd(8)
-
-BBUUGGSS
- A more extensible protocol should be used.
-
-HHIISSTTOORRYY
- The rrllooggiinndd command appeared in 4.2BSD.
-
-4.2 Berkeley Distribution August 25, 1996 2
diff --git a/kerberosIV/src/man/rsh.cat1 b/kerberosIV/src/man/rsh.cat1
deleted file mode 100644
index 7e1b72a2f23..00000000000
--- a/kerberosIV/src/man/rsh.cat1
+++ /dev/null
@@ -1,75 +0,0 @@
-
-RSH(1) UNIX Reference Manual RSH(1)
-
-NNAAMMEE
- rrsshh - remote shell
-
-SSYYNNOOPPSSIISS
- rrsshh [--KKddnnxx] [--kk _r_e_a_l_m] [--ll _u_s_e_r_n_a_m_e] _h_o_s_t [command]
-
-DDEESSCCRRIIPPTTIIOONN
- RRsshh executes _c_o_m_m_a_n_d on _h_o_s_t.
-
- RRsshh copies its standard input to the remote command, the standard output
- of the remote command to its standard output, and the standard error of
- the remote command to its standard error. Interrupt, quit and terminate
- signals are propagated to the remote command; rrsshh normally terminates
- when the remote command does. The options are as follows:
-
- --KK The --KK option turns off all Kerberos authentication.
-
- --dd The --dd option turns on socket debugging (using setsockopt(2)) on
- the TCP sockets used for communication with the remote host.
-
- --kk The --kk option causes rrsshh to obtain tickets for the remote host in
- _r_e_a_l_m instead of the remote host's realm as determined by
- krb_realmofhost(3).
-
- --ll By default, the remote username is the same as the local username.
- The --ll option allows the remote name to be specified. Kerberos au-
- thentication is used, and authorization is determined as in
- rlogin(1).
-
- --nn The --nn option redirects input from the special device _/_d_e_v_/_n_u_l_l
- (see the _B_U_G_S section of this manual page).
-
- --xx The --xx option turns on DES encryption for all data exchange. This
- may introduce a significant delay in response time.
-
- If no _c_o_m_m_a_n_d is specified, you will be logged in on the remote host us-
- ing rlogin(1).
-
- Shell metacharacters which are not quoted are interpreted on local ma-
- chine, while quoted metacharacters are interpreted on the remote machine.
- For example, the command
-
- rsh otherhost cat remotefile >> localfile
-
- appends the remote file _r_e_m_o_t_e_f_i_l_e to the local file _l_o_c_a_l_f_i_l_e, while
-
- rsh otherhost cat remotefile ">>" other_remotefile
-
- appends _r_e_m_o_t_e_f_i_l_e to _o_t_h_e_r___r_e_m_o_t_e_f_i_l_e.
-
-FFIILLEESS
- /etc/hosts
-
-SSEEEE AALLSSOO
- rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3)
-
-HHIISSTTOORRYY
- The rrsshh command appeared in 4.2BSD.
-
-BBUUGGSS
- If you are using csh(1) and put a rrsshh in the background without redirect-
- ing its input away from the terminal, it will block even if no reads are
- posted by the remote command. If no input is desired you should redirect
- the input of rrsshh to _/_d_e_v_/_n_u_l_l using the --nn option.
-
- You cannot run an interactive command (like rogue(6) or vi(1)) using
- rrsshh; use rlogin(1) instead.
-
- Stop signals stop the local rrsshh process only; this is arguably wrong, but
- currently hard to fix for reasons too complicated to explain here.
-
-4.2 Berkeley Distribution July 24, 1991 2
diff --git a/kerberosIV/src/man/rshd.cat8 b/kerberosIV/src/man/rshd.cat8
deleted file mode 100644
index 3ff1b405ba3..00000000000
--- a/kerberosIV/src/man/rshd.cat8
+++ /dev/null
@@ -1,138 +0,0 @@
-
-RSHD(8) UNIX System Manager's Manual RSHD(8)
-
-NNAAMMEE
- rrsshhdd - remote shell server
-
-SSYYNNOOPPSSIISS
- rrsshhdd [--aaiillnnkkvvxxLLPP] [--pp _p_o_r_t_n_u_m_b_e_r]
-
-DDEESSCCRRIIPPTTIIOONN
- The rrsshhdd server is the server for the rcmd(3) routine and, consequently,
- for the rsh(1) program. The server provides remote execution facilities
- with kerberos-based authentication or traditional pseudo-authentication
- with privileged port numbers from trusted hosts.
-
- The rrsshhdd server listens for service requests at the port indicated in the
- ``cmd'' service specification; see services(5). When a service request
- is received rrsshhdd verifies the kerberos ticket supplied by the user.
-
- For non-kerberised connections, the following protocol is initiated:
-
- 1. The server checks the client's source port. If the port is not in
- the range 512-1023, the server aborts the connection.
-
- 2. The server reads characters from the socket up to a null (`\0')
- byte. The resultant string is interpreted as an ASCII number, base
- 10.
-
- 3. If the number received in step 2 is non-zero, it is interpreted as
- the port number of a secondary stream to be used for the _s_t_d_e_r_r. A
- second connection is then created to the specified port on the
- client's machine. The source port of this second connection is also
- in the range 512-1023.
-
- 4. The server checks the client's source address and requests the cor-
- responding host name (see gethostbyaddr(3), hosts(5) and named(8)).
- If the hostname cannot be determined, the dot-notation representa-
- tion of the host address is used. The addresses for the hostname
- are requested, verifying that the name and address correspond. If
- address verification fails, the connection is aborted with the mes-
- sage, ``Host address mismatch.''
-
- 5. A null terminated user name of at most 16 characters is retrieved on
- the initial socket. This user name is interpreted as the user iden-
- tity on the _c_l_i_e_n_t's machine.
-
- 6. A null terminated user name of at most 16 characters is retrieved on
- the initial socket. This user name is interpreted as a user identi-
- ty to use on the sseerrvveerr's machine.
-
- 7. A null terminated command to be passed to a shell is retrieved on
- the initial socket. The length of the command is limited by the up-
- per bound on the size of the system's argument list.
-
- 8. RRsshhdd then validates the user using ruserok(3), which uses the file
- _/_e_t_c_/_h_o_s_t_s_._e_q_u_i_v and the _._r_h_o_s_t_s file found in the user's home di-
- rectory. The --ll option prevents ruserok(3) from doing any valida-
- tion based on the user's ``.rhosts'' file, unless the user is the
- superuser.
-
- 9. If the file _/_e_t_c_/_n_o_l_o_g_i_n exists and the user is not the superuser,
- the connection is closed.
-
- 10. A null byte is returned on the initial socket and the command line
- is passed to the normal login shell of the user. The shell inherits
- the network connections established by rrsshhdd.
-
- Transport-level keepalive messages are enabled unless the --nn option is
- present. The use of keepalive messages allows sessions to be timed out
- if the client crashes or becomes unreachable.
-
- The --LL option causes all successful accesses to be logged to syslogd(8)
- as auth.info messages.
-
- --kk Enable kerberos authentication.
-
- --ii Do not expect to be spawned by inetd and create a socket and lis-
- ten on it yourself.
-
- --pp --ppoorrttnnuummbbeerr
- Specifies the port number it should listen on in case the
-
- --ii flag has been given.
-
- --vv Vacuous, echo "Remote host requires Kerberos authentication" and
- exit.
-
- --xx Provides an encrypted communications channel. This option re-
- quires the --kk flag.
-
- --PP AFS only! Doesn't put the remote proccess in a new PAG.
-
-DDIIAAGGNNOOSSTTIICCSS
- Except for the last one listed below, all diagnostic messages are re-
- turned on the initial socket, after which any network connections are
- closed. An error is indicated by a leading byte with a value of 1 (0 is
- returned in step 10 above upon successful completion of all the steps
- prior to the execution of the login shell).
-
- LLooccuusseerr ttoooo lloonngg..
- The name of the user on the client's machine is longer than 16
- characters.
-
- RRuusseerr ttoooo lloonngg..
- The name of the user on the remote machine is longer than 16
- characters.
-
- CCoommmmaanndd ttoooo lloonngg.
- The command line passed exceeds the size of the argument list (as
- configured into the system).
-
- LLooggiinn iinnccoorrrreecctt..
- No password file entry for the user name existed.
-
- RReemmoottee ddiirreeccttoorryy..
- The chdir command to the home directory failed.
-
- PPeerrmmiissssiioonn ddeenniieedd..
- The authentication procedure described above failed.
-
- CCaann''tt mmaakkee ppiippee..
- The pipe needed for the _s_t_d_e_r_r, wasn't created.
-
- CCaann''tt ffoorrkk;; ttrryy aaggaaiinn..
- A fork by the server failed.
-
- <<sshheellllnnaammee>>:: ......
- The user's login shell could not be started. This message is re-
- turned on the connection associated with the _s_t_d_e_r_r, and is not
- preceded by a flag byte.
-
-SSEEEE AALLSSOO
- rsh(1), rcmd(3), ruserok(3)
-
-BBUUGGSS
- A more extensible protocol (such as Telnet) should be used.
-
-4.2 Berkeley Distribution August 25, 1996 3
diff --git a/kerberosIV/src/man/rxtelnet.cat1 b/kerberosIV/src/man/rxtelnet.cat1
deleted file mode 100644
index e822ea8ef76..00000000000
--- a/kerberosIV/src/man/rxtelnet.cat1
+++ /dev/null
@@ -1,43 +0,0 @@
-
-RXTELNET(1) UNIX Reference Manual RXTELNET(1)
-
-NNAAMMEE
- rrxxtteellnneett - start a telnet and forward X-connections.
-
-SSYYNNOOPPSSIISS
- rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk ] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
- _t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
- The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
- From this window you will also be able to run X clients that will be able
- to connect securily to your X server. If _p_o_r_t is given, that port will be
- used instead of the default.
-
- The supported options are:
-
- --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
-
- --kk Disables keep-alives
-
- --tt Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
-
- --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
-
- --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
-
- --nn Do not start any terminal emulator.
-
-EEXXAAMMPPLLEE
- To login from host _f_o_o (where your display is) to host _b_a_r, you might do
- the following.
-
- 1. On foo: rrxxtteellnneett _b_a_r
-
- 2. You will get a new window with a tteellnneett to _b_a_r. In this window you
- will be able to start X clients.
-
-SSEEEE AALLSSOO
- rxterm(1), tenletxr(1), kx(1), kxd(8), telnet(1)
-
- KTH_KRB September 27, 1996 1
diff --git a/kerberosIV/src/man/rxterm.cat1 b/kerberosIV/src/man/rxterm.cat1
deleted file mode 100644
index 56eec66236b..00000000000
--- a/kerberosIV/src/man/rxterm.cat1
+++ /dev/null
@@ -1,41 +0,0 @@
-
-RXTERM(1) UNIX Reference Manual RXTERM(1)
-
-NNAAMMEE
- rrxxtteerrmm - start a secure remote xterm
-
-SSYYNNOOPPSSIISS
- rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
- _t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
- The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window
- you will also be able to run X clients that will be able to connect se-
- curily to your X server. If _p_o_r_t is given, that port will be used instead
- of the default.
-
- The supported options are:
-
- --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
-
- --kk Disable keep-alives
-
- --rr Send _r_s_h___a_r_g_s as arguments to rrsshh
-
- --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
-
- --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
-
-EEXXAAMMPPLLEE
- To login from host _f_o_o (where your display is) to host _b_a_r, you might do
- the following.
-
- 1. On foo: rrxxtteerrmm _b_a_r
-
- 2. You will get a new window running an xxtteerrmm on host _b_a_r. In this win-
- dow you will be able to start X clients.
-
-SSEEEE AALLSSOO
- rxtelnet(1), tenletxr(1), kx(1), kxd(8), rsh(1)
-
- KTH_KRB September 27, 1996 1
diff --git a/kerberosIV/src/man/su.cat1 b/kerberosIV/src/man/su.cat1
deleted file mode 100644
index a61b16a9991..00000000000
--- a/kerberosIV/src/man/su.cat1
+++ /dev/null
@@ -1,85 +0,0 @@
-
-SU(1) UNIX Reference Manual SU(1)
-
-NNAAMMEE
- ssuu - substitute user identity
-
-SSYYNNOOPPSSIISS
- ssuu [--KKffllmmii] [_l_o_g_i_n [_s_h_e_l_l _a_r_g_u_m_e_n_t_s]]
-
-DDEESSCCRRIIPPTTIIOONN
- SSuu requests the Kerberos password for _l_o_g_i_n (or for ``_l_o_g_i_n.root'', if no
- login is provided), and switches to that user and group ID after obtain-
- ing a Kerberos ticket granting ticket. A shell is then executed, and any
- additional _s_h_e_l_l _a_r_g_u_m_e_n_t_s after the login name are passed to the shell.
- SSuu will resort to the local password file to find the password for _l_o_g_i_n
- if there is a Kerberos error. If ssuu is executed by root, no password is
- requested and a shell with the appropriate user ID is executed; no addi-
- tional Kerberos tickets are obtained.
-
- Alternately, if the user enters the password "s/key", they will be au-
- thenticated using the S/Key one-time password system as described in
- skey(1). S/Key is a Trademark of Bellcore.
-
- By default, the environment is unmodified with the exception of USER,
- HOME, and SHELL. HOME and SHELL are set to the target login's default
- values. USER is set to the target login, unless the target login has a
- user ID of 0, in which case it is unmodified. The invoked shell is the
- target login's. This is the traditional behavior of ssuu.
-
- The options are as follows:
-
- --KK Do not attempt to use Kerberos to authenticate the user.
-
- --ff If the invoked shell is csh(1), this option prevents it from
- reading the ``_._c_s_h_r_c'' file.
-
- --ll Simulate a full login. The environment is discarded except for
- HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified as
- above. USER is set to the target login. PATH is set to
- ``_/_b_i_n_:_/_u_s_r_/_b_i_n''. TERM is imported from your current environ-
- ment. The invoked shell is the target login's, and ssuu will
- change directory to the target login's home directory.
-
- --mm Leave the environment unmodified. The invoked shell is your lo-
- gin shell, and no directory changes are made. As a security pre-
- caution, if the target user's shell is a non-standard shell (as
- defined by getusershell(3)) and the caller's real uid is non-ze-
- ro, ssuu will fail.
-
- --ii If the kerberos root instance is not root any other value can be
- passed using this switch.
-
- The --ll and --mm options are mutually exclusive; the last one specified
- overrides any previous ones.
-
- Only users mentioned in ``_~_r_o_o_t_/_._k_l_o_g_i_n'' (or in group 0 when not doing
- kerberos) can ssuu to ``root''.
-
- By default (unless the prompt is reset by a startup file) the super-user
- prompt is set to ``##'' to remind one of its awesome power.
-
-SSEEEE AALLSSOO
- csh(1), login(1), sh(1), skey(1), kinit(1), kerberos(1), passwd(5),
- group(5), environ(7)
-
-EENNVVIIRROONNMMEENNTT
- Environment variables used by ssuu:
-
- HOME Default home directory of real user ID unless modified as specified
- above.
-
- PATH Default search path of real user ID unless modified as specified
- above.
-
- TERM Provides terminal type which may be retained for the substituted
- user ID.
-
- USER The user ID is always the effective ID (the target user ID) after
- an ssuu unless the user ID is 0 (root).
-
-HHIISSTTOORRYY
- A ssuu command appeared in Version 7 AT&T UNIX. The version described here
- is an adaptation of the MIT Athena Kerberos command.
-
-BSD Experimental July 29, 1991 2
diff --git a/kerberosIV/src/man/telnet.cat1 b/kerberosIV/src/man/telnet.cat1
deleted file mode 100644
index 06a055b58ab..00000000000
--- a/kerberosIV/src/man/telnet.cat1
+++ /dev/null
@@ -1,722 +0,0 @@
-
-TELNET(1) UNIX Reference Manual TELNET(1)
-
-NNAAMMEE
- tteellnneett - user interface to the TELNET protocol
-
-SSYYNNOOPPSSIISS
- tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m]
- [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]]
-
-DDEESSCCRRIIPPTTIIOONN
- The tteellnneett command is used to communicate with another host using the
- TELNET protocol. If tteellnneett is invoked without the _h_o_s_t argument, it en-
- ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it
- accepts and executes the commands listed below. If it is invoked with
- arguments, it performs an ooppeenn command with those arguments.
-
- Options:
-
- --88 Specifies an 8-bit data path. This causes an attempt to negoti-
- ate the TELNET BINARY option on both input and output.
-
- --77 Do not try to negotiate TELNET BINARY option.
-
- --EE Stops any character from being recognized as an escape character.
-
- --FF If Kerberos V5 authentication is being used, the --FF option allows
- the local credentials to be forwarded to the remote system, in-
- cluding any credentials that have already been forwarded into the
- local environment.
-
- --KK Specifies no automatic login to the remote system.
-
- --LL Specifies an 8-bit data path on output. This causes the BINARY
- option to be negotiated on output.
-
- --SS _t_o_s Sets the IP type-of-service (TOS) option for the telnet connec-
- tion to the value _t_o_s_, which can be a numeric TOS value or, on
- systems that support it, a symbolic TOS name found in the
- /etc/iptos file.
-
- --XX _a_t_y_p_e
- Disables the _a_t_y_p_e type of authentication.
-
- --aa Attempt automatic login. Currently, this sends the user name via
- the USER variable of the ENVIRON option if supported by the re-
- mote system. The name used is that of the current user as re-
- turned by getlogin(2) if it agrees with the current user ID, oth-
- erwise it is the name associated with the user ID.
-
- --cc Disables the reading of the user's _._t_e_l_n_e_t_r_c file. (See the
- ttooggggllee sskkiipprrcc command on this man page.)
-
- --dd Sets the initial value of the ddeebbuugg toggle to TRUE
-
- --ee _e_s_c_a_p_e _c_h_a_r
- Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r_.
- If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
- ter.
-
- --ff If Kerberos V5 authentication is being used, the --ff option allows
-
-
-
-
-
- the local credentials to be forwarded to the remote system.
-
- --kk _r_e_a_l_m
- If Kerberos authentication is being used, the --kk option requests
- that telnet obtain tickets for the remote host in realm realm in-
- stead of the remote host's realm, as determined by
- krb_realmofhost(3).
-
- --ll _u_s_e_r
- When connecting to the remote system, if the remote system under-
- stands the ENVIRON option, then _u_s_e_r will be sent to the remote
- system as the value for the variable USER. This option implies
- the --aa option. This option may also be used with the ooppeenn com-
- mand.
-
- --nn _t_r_a_c_e_f_i_l_e
- Opens _t_r_a_c_e_f_i_l_e for recording trace information. See the sseett
- ttrraacceeffiillee command below.
-
- --rr Specifies a user interface similar to rlogin(1). In this mode,
- the escape character is set to the tilde (~) character, unless
- modified by the -e option.
-
- --xx Turns on encryption of the data stream if possible. This is cur-
- rently the default and when it fails a warning is issued.
-
- _h_o_s_t Indicates the official name, an alias, or the Internet address of
- a remote host.
-
- _p_o_r_t Indicates a port number (address of an application). If a number
- is not specified, the default tteellnneett port is used.
-
- When in rlogin mode, a line of the form ~. disconnects from the remote
- host; ~ is the telnet escape character. Similarly, the line ~^Z suspends
- the telnet session. The line ~^] escapes to the normal telnet escape
- prompt.
-
- Once a connection has been opened, tteellnneett will attempt to enable the
- TELNET LINEMODE option. If this fails, then tteellnneett will revert to one of
- two input modes: either ``character at a time'' or ``old line by line''
- depending on what the remote system supports.
-
- When LINEMODE is enabled, character processing is done on the local sys-
- tem, under the control of the remote system. When input editing or char-
- acter echoing is to be disabled, the remote system will relay that infor-
- mation. The remote system will also relay changes to any special charac-
- ters that happen on the remote system, so that they can take effect on
- the local system.
-
- In ``character at a time'' mode, most text typed is immediately sent to
- the remote host for processing.
-
- In ``old line by line'' mode, all text is echoed locally, and (normally)
- only completed lines are sent to the remote host. The ``local echo char-
- acter'' (initially ``^E'') may be used to turn off and on the local echo
- (this would mostly be used to enter passwords without the password being
- echoed).
-
- If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
- (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
- and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
- quences to the remote side. If LINEMODE has ever been enabled, then the
- user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
- is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
- aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
- subsequent output to the terminal (until the remote host acknowledges the
- TELNET sequence) and flush previous terminal input (in the case of qquuiitt
- and iinnttrr).
-
- While connected to a remote host, tteellnneett command mode may be entered by
- typing the tteellnneett ``escape character'' (initially ``^]''). When in com-
- mand mode, the normal terminal editing conventions are available.
-
- The following tteellnneett commands are available. Only enough of each command
- to uniquely identify it need be typed (this is also true for arguments to
- the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
-
- aauutthh _a_r_g_u_m_e_n_t _._._.
- The auth command manipulates the information sent through the
- TELNET AUTHENTICATE option. Valid arguments for the auth com-
- mand are as follows:
-
- ddiissaabbllee _t_y_p_e Disables the specified type of authentication.
- To obtain a list of available types, use the
- aauutthh ddiissaabbllee ?? command.
-
- eennaabbllee _t_y_p_e Enables the specified type of authentication.
- To obtain a list of available types, use the
- aauutthh eennaabbllee ?? command.
-
- ssttaattuuss Lists the current status of the various types of
- authentication.
-
- cclloossee Close a TELNET session and return to command mode.
-
- ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
- Displays all, or some, of the sseett and ttooggggllee values (see be-
- low).
-
- eennccrryypptt _a_r_g_u_m_e_n_t _._._.
- The encrypt command manipulates the information sent through
- the TELNET ENCRYPT option.
-
- Note: Because of export controls, the TELNET ENCRYPT option
- is not supported outside of the United States and Canada.
-
- Valid arguments for the encrypt command are as follows:
-
- ddiissaabbllee _t_y_p_e [[iinnppuutt||oouuttppuutt]]
- Disables the specified type of encryption. If
- you omit the input and output, both input and
- output are disabled. To obtain a list of avail-
- able types, use the eennccrryypptt ddiissaabbllee ?? command.
-
- eennaabbllee _t_y_p_e [[iinnppuutt||oouuttppuutt]]
- Enables the specified type of encryption. If
- you omit input and output, both input and output
- are enabled. To obtain a list of available
- types, use the eennccrryypptt eennaabbllee ?? command.
-
- iinnppuutt This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
- mand.
-
- --iinnppuutt This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
- mand.
-
- oouuttppuutt This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
- command.
-
- --oouuttppuutt This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
-
- mand.
-
- ssttaarrtt [[iinnppuutt||oouuttppuutt]]
- Attempts to start encryption. If you omit iinnppuutt
- and oouuttppuutt,, both input and output are enabled.
- To obtain a list of available types, use the
- eennccrryypptt eennaabbllee ?? command.
-
- ssttaattuuss Lists the current status of encryption.
-
- ssttoopp [[iinnppuutt||oouuttppuutt]]
- Stops encryption. If you omit input and output,
- encryption is on both input and output.
-
- ttyyppee _t_y_p_e Sets the default type of encryption to be used
- with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
- mands.
-
- eennvviirroonn _a_r_g_u_m_e_n_t_s_._._.
- The eennvviirroonn command is used to manipulate the the variables
- that my be sent through the TELNET ENVIRON option. The ini-
- tial set of variables is taken from the users environment,
- with only the DISPLAY and PRINTER variables being exported by
- default. The USER variable is also exported if the --aa or --ll
- options are used.
- Valid arguments for the eennvviirroonn command are:
-
- ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
- Define the variable _v_a_r_i_a_b_l_e to have a value of
- _v_a_l_u_e_. Any variables defined by this command are
- automatically exported. The _v_a_l_u_e may be enclosed
- in single or double quotes so that tabs and spaces
- may be included.
-
- uunnddeeffiinnee _v_a_r_i_a_b_l_e
- Remove _v_a_r_i_a_b_l_e from the list of environment vari-
- ables.
-
- eexxppoorrtt _v_a_r_i_a_b_l_e
- Mark the variable _v_a_r_i_a_b_l_e to be exported to the
- remote side.
-
- uunneexxppoorrtt _v_a_r_i_a_b_l_e
- Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
- less explicitly asked for by the remote side.
-
- lliisstt List the current set of environment variables.
- Those marked with a ** will be sent automatically,
- other variables will only be sent if explicitly
- requested.
-
- ?? Prints out help information for the eennvviirroonn com-
- mand.
-
- llooggoouutt Sends the TELNET LOGOUT option to the remote side. This com-
- mand is similar to a cclloossee command; however, if the remote
- side does not support the LOGOUT option, nothing happens. If,
- however, the remote side does support the LOGOUT option, this
- command should cause the remote side to close the TELNET con-
- nection. If the remote side also supports the concept of sus-
- pending a user's session for later reattachment, the logout
- argument indicates that you should terminate the session imme-
- diately.
-
- mmooddee _t_y_p_e _T_y_p_e is one of several options, depending on the state of the
- TELNET session. The remote host is asked for permission to go
- into the requested mode. If the remote host is capable of en-
- tering that mode, the requested mode will be entered.
-
- cchhaarraacctteerr Disable the TELNET LINEMODE option, or, if the
- remote side does not understand the LINEMODE op-
- tion, then enter ``character at a time`` mode.
-
- lliinnee Enable the TELNET LINEMODE option, or, if the
- remote side does not understand the LINEMODE op-
- tion, then attempt to enter ``old-line-by-line``
- mode.
-
- iissiigg (--iissiigg) Attempt to enable (disable) the TRAPSIG mode of
- the LINEMODE option. This requires that the
- LINEMODE option be enabled.
-
- eeddiitt (--eeddiitt) Attempt to enable (disable) the EDIT mode of the
- LINEMODE option. This requires that the
- LINEMODE option be enabled.
-
- ssooffttttaabbss (--ssooffttttaabbss)
- Attempt to enable (disable) the SOFT_TAB mode of
- the LINEMODE option. This requires that the
- LINEMODE option be enabled.
-
- lliitteecchhoo (--lliitteecchhoo)
- Attempt to enable (disable) the LIT_ECHO mode of
- the LINEMODE option. This requires that the
- LINEMODE option be enabled.
-
- ?? Prints out help information for the mmooddee com-
- mand.
-
- ooppeenn _h_o_s_t [[--ll] _u_s_e_r][--_p_o_r_t]
- Open a connection to the named host. If no port number is
- specified, tteellnneett will attempt to contact a TELNET server at
- the default port. The host specification may be either a host
- name (see hosts(5)) or an Internet address specified in the
- ``dot notation'' (see inet(3)). The [--ll] option may be used
- to specify the user name to be passed to the remote system via
- the ENVIRON option. When connecting to a non-standard port,
- tteellnneett omits any automatic initiation of TELNET options. When
- the port number is preceded by a minus sign, the initial op-
- tion negotiation is done. After establishing a connection,
- the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
- Lines beginning with a # are comment lines. Blank lines are
- ignored. Lines that begin without white space are the start
- of a machine entry. The first thing on the line is the name
- of the machine that is being connected to. The rest of the
- line, and successive lines that begin with white space are as-
- sumed to be tteellnneett commands and are processed as if they had
- been typed in manually to the tteellnneett command prompt.
-
- qquuiitt Close any open TELNET session and exit tteellnneett. An end of file
- (in command mode) will also close a session and exit.
-
- sseenndd _a_r_g_u_m_e_n_t_s
- Sends one or more special character sequences to the remote
- host. The following are the arguments which may be specified
- (more than one argument may be specified at a time):
-
- aabboorrtt Sends the TELNET ABORT (Abort processes) sequence.
-
- aaoo Sends the TELNET AO (Abort Output) sequence, which
- should cause the remote system to flush all output
-
- _f_r_o_m the remote system _t_o the user's terminal.
-
- aayytt Sends the TELNET AYT (Are You There) sequence, to
- which the remote system may or may not choose to re-
- spond.
-
- bbrrkk Sends the TELNET BRK (Break) sequence, which may have
- significance to the remote system.
-
- eecc Sends the TELNET EC (Erase Character) sequence, which
- should cause the remote system to erase the last char-
- acter entered.
-
- eell Sends the TELNET EL (Erase Line) sequence, which
- should cause the remote system to erase the line cur-
- rently being entered.
-
- eeooff Sends the TELNET EOF (End Of File) sequence.
-
- eeoorr Sends the TELNET EOR (End of Record) sequence.
-
- eessccaappee Sends the current tteellnneett escape character (initially
- ``^'').
-
- ggaa Sends the TELNET GA (Go Ahead) sequence, which likely
- has no significance to the remote system.
-
- ggeettssttaattuuss
- If the remote side supports the TELNET STATUS command,
- ggeettssttaattuuss will send the subnegotiation to request that
- the server send its current option status.
-
- iipp Sends the TELNET IP (Interrupt Process) sequence,
- which should cause the remote system to abort the cur-
- rently running process.
-
- nnoopp Sends the TELNET NOP (No OPeration) sequence.
-
- ssuusspp Sends the TELNET SUSP (SUSPend process) sequence.
-
- ssyynncchh Sends the TELNET SYNCH sequence. This sequence causes
- the remote system to discard all previously typed (but
- not yet read) input. This sequence is sent as TCP ur-
- gent data (and may not work if the remote system is a
- 4.2BSD system -- if it doesn't work, a lower case
- ``r'' may be echoed on the terminal).
-
- ddoo _c_m_d
-
- ddoonntt _c_m_d
-
- wwiillll _c_m_d
-
- wwoonntt _c_m_d
- Sends the TELNET DO _c_m_d sequence. _C_m_d can be either a
- decimal number between 0 and 255, or a symbolic name
- for a specific TELNET command. _C_m_d can also be either
- hheellpp or ?? to print out help information, including a
- list of known symbolic names.
-
- ?? Prints out help information for the sseenndd command.
-
- sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
-
- uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
- The sseett command will set any one of a number of tteellnneett vari-
- ables to a specific value or to TRUE. The special value ooffff
- turns off the function associated with the variable, this is
- equivalent to using the uunnsseett command. The uunnsseett command will
- disable or set to FALSE any of the specified functions. The
- values of variables may be interrogated with the ddiissppllaayy com-
- mand. The variables which may be set or unset, but not tog-
- gled, are listed here. In addition, any of the variables for
- the ttooggggllee command may be explicitly set or unset using the
- sseett and uunnsseett commands.
-
- aayytt If TELNET is in localchars mode, or LINEMODE is en-
- abled, and the status character is typed, a TELNET AYT
- sequence (see sseenndd aayytt preceding) is sent to the re-
- mote host. The initial value for the "Are You There"
- character is the terminal's status character.
-
- eecchhoo This is the value (initially ``^E'') which, when in
- ``line by line'' mode, toggles between doing local
- echoing of entered characters (for normal processing),
- and suppressing echoing of entered characters (for en-
- tering, say, a password).
-
- eeooff If tteellnneett is operating in LINEMODE or ``old line by
- line'' mode, entering this character as the first
- character on a line will cause this character to be
- sent to the remote system. The initial value of the
- eof character is taken to be the terminal's eeooff char-
- acter.
-
- eerraassee If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
- below), aanndd if tteellnneett is operating in ``character at a
- time'' mode, then when this character is typed, a
- TELNET EC sequence (see sseenndd eecc above) is sent to the
- remote system. The initial value for the erase char-
- acter is taken to be the terminal's eerraassee character.
-
- eessccaappee This is the tteellnneett escape character (initially ``^['')
- which causes entry into tteellnneett command mode (when con-
- nected to a remote system).
-
- fflluusshhoouuttppuutt
- If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
- below) and the fflluusshhoouuttppuutt character is typed, a
- TELNET AO sequence (see sseenndd aaoo above) is sent to the
- remote host. The initial value for the flush charac-
- ter is taken to be the terminal's fflluusshh character.
-
- ffoorrww11
-
- ffoorrww22 If TELNET is operating in LINEMODE, these are the
- characters that, when typed, cause partial lines to be
- forwarded to the remote system. The initial value for
- the forwarding characters are taken from the termi-
- nal's eol and eol2 characters.
-
- iinntteerrrruupptt
- If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
- below) and the iinntteerrrruupptt character is typed, a TELNET
- IP sequence (see sseenndd iipp above) is sent to the remote
- host. The initial value for the interrupt character
- is taken to be the terminal's iinnttrr character.
-
- kkiillll If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
- below), aanndd if tteellnneett is operating in ``character at a
- time'' mode, then when this character is typed, a
- TELNET EL sequence (see sseenndd eell above) is sent to the
- remote system. The initial value for the kill charac-
- ter is taken to be the terminal's kkiillll character.
-
- llnneexxtt If tteellnneett is operating in LINEMODE or ``old line by
- line`` mode, then this character is taken to be the
- terminal's llnneexxtt character. The initial value for the
- lnext character is taken to be the terminal's llnneexxtt
- character.
-
- qquuiitt If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
- below) and the qquuiitt character is typed, a TELNET BRK
- sequence (see sseenndd bbrrkk above) is sent to the remote
- host. The initial value for the quit character is
- taken to be the terminal's qquuiitt character.
-
- rreepprriinntt
- If tteellnneett is operating in LINEMODE or ``old line by
- line`` mode, then this character is taken to be the
- terminal's rreepprriinntt character. The initial value for
- the reprint character is taken to be the terminal's
- rreepprriinntt character.
-
- rrllooggiinn This is the rlogin escape character. If set, the nor-
- mal TELNET escape character is ignored unless it is
- preceded by this character at the beginning of a line.
- This character, at the beginning of a line followed by
- a "." closes the connection; when followed by a ^Z it
- suspends the telnet command. The initial state is to
- disable the rlogin escape character.
-
- ssttaarrtt If the TELNET TOGGLE-FLOW-CONTROL option has been en-
- abled, then this character is taken to be the termi-
- nal's ssttaarrtt character. The initial value for the kill
- character is taken to be the terminal's ssttaarrtt charac-
- ter.
-
- ssttoopp If the TELNET TOGGLE-FLOW-CONTROL option has been en-
- abled, then this character is taken to be the termi-
- nal's ssttoopp character. The initial value for the kill
- character is taken to be the terminal's ssttoopp charac-
- ter.
-
- ssuusspp If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
- abled, and the ssuussppeenndd character is typed, a TELNET
- SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
- mote host. The initial value for the suspend charac-
- ter is taken to be the terminal's ssuussppeenndd character.
-
- ttrraacceeffiillee
- This is the file to which the output, caused by
- nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
- If it is set to ``--'', then tracing information will
- be written to standard output (the default).
-
- wwoorrddeerraassee
- If tteellnneett is operating in LINEMODE or ``old line by
- line`` mode, then this character is taken to be the
- terminal's wwoorrddeerraassee character. The initial value for
- the worderase character is taken to be the terminal's
- wwoorrddeerraassee character.
-
- ?? Displays the legal sseett (uunnsseett) commands.
-
- ssllcc _s_t_a_t_e The ssllcc command (Set Local Characters) is used to set or
- change the state of the the special characters when the TELNET
- LINEMODE option has been enabled. Special characters are
- characters that get mapped to TELNET commands sequences (like
- iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
- By default, the local special characters are exported.
-
- cchheecckk Verify the current settings for the current spe-
- cial characters. The remote side is requested to
- send all the current special character settings,
- and if there are any discrepancies with the local
- side, the local side will switch to the remote
- value.
-
- eexxppoorrtt Switch to the local defaults for the special char-
- acters. The local default characters are those of
- the local terminal at the time when tteellnneett was
- started.
-
- iimmppoorrtt Switch to the remote defaults for the special
- characters. The remote default characters are
- those of the remote system at the time when the
- TELNET connection was established.
-
- ?? Prints out help information for the ssllcc command.
-
- ssttaattuuss Show the current status of tteellnneett. This includes the peer one
- is connected to, as well as the current mode.
-
- ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
- Toggle (between TRUE and FALSE) various flags that control how
- tteellnneett responds to events. These flags may be set explicitly
- to TRUE or FALSE using the sseett and uunnsseett commands listed
- above. More than one argument may be specified. The state of
- these flags may be interrogated with the ddiissppllaayy command.
- Valid arguments are:
-
- aauutthhddeebbuugg Turns on debugging information for the authenti-
- cation code.
-
- aauuttoofflluusshh If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
- when the aaoo, or qquuiitt characters are recognized
- (and transformed into TELNET sequences; see sseett
- above for details), tteellnneett refuses to display
- any data on the user's terminal until the remote
- system acknowledges (via a TELNET TIMING MARK
- option) that it has processed those TELNET se-
- quences. The initial value for this toggle is
- TRUE if the terminal user had not done an "stty
- noflsh", otherwise FALSE (see stty(1)).
-
- aauuttooddeeccrryypptt When the TELNET ENCRYPT option is negotiated, by
- default the actual encryption (decryption) of
- the data stream does not start automatically.
- The autoencrypt (autodecrypt) command states
- that encryption of the output (input) stream
- should be enabled as soon as possible.
-
-
- Note: Because of export controls, the TELNET
- ENCRYPT option is not supported outside the
- United States and Canada.
-
- aauuttoollooggiinn If the remote side supports the TELNET
- AUTHENTICATION option TELNET attempts to use it
- to perform automatic authentication. If the
- AUTHENTICATION option is not supported, the us-
- er's login name are propagated through the
- TELNET ENVIRON option. This command is the same
-
- as specifying _a option on the ooppeenn command.
-
- aauuttoossyynncchh If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
- when either the iinnttrr or qquuiitt characters is typed
- (see sseett above for descriptions of the iinnttrr and
- qquuiitt characters), the resulting TELNET sequence
- sent is followed by the TELNET SYNCH sequence.
- This procedure sshhoouulldd cause the remote system to
- begin throwing away all previously typed input
- until both of the TELNET sequences have been
- read and acted upon. The initial value of this
- toggle is FALSE.
-
- bbiinnaarryy Enable or disable the TELNET BINARY option on
- both input and output.
-
- iinnbbiinnaarryy Enable or disable the TELNET BINARY option on
- input.
-
- oouuttbbiinnaarryy Enable or disable the TELNET BINARY option on
- output.
-
- ccrrllff If this is TRUE, then carriage returns will be
- sent as <CR><LF>. If this is FALSE, then car-
- riage returns will be send as <CR><NUL>. The
- initial value for this toggle is FALSE.
-
- ccrrmmoodd Toggle carriage return mode. When this mode is
- enabled, most carriage return characters re-
- ceived from the remote host will be mapped into
- a carriage return followed by a line feed. This
- mode does not affect those characters typed by
- the user, only those received from the remote
- host. This mode is not very useful unless the
- remote host only sends carriage return, but nev-
- er line feed. The initial value for this toggle
- is FALSE.
-
- ddeebbuugg Toggles socket level debugging (useful only to
- the ssuuppeerr uusseerr). The initial value for this tog-
- gle is FALSE.
-
- eennccddeebbuugg Turns on debugging information for the encryp-
- tion code.
-
- llooccaallcchhaarrss If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
- qquuiitt, eerraassee, and kkiillll characters (see sseett above)
- are recognized locally, and transformed into
- (hopefully) appropriate TELNET control sequences
- (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
- above). The initial value for this toggle is
- TRUE in ``old line by line'' mode, and FALSE in
- ``character at a time'' mode. When the LINEMODE
- option is enabled, the value of llooccaallcchhaarrss is
- ignored, and assumed to always be TRUE. If
- LINEMODE has ever been enabled, then qquuiitt is
- sent as aabboorrtt, and eeooff aanndd are sent as eeooff aanndd
- ssuusspp, see sseenndd above).
-
- nneettddaattaa Toggles the display of all network data (in hex-
- adecimal format). The initial value for this
- toggle is FALSE.
-
- ooppttiioonnss Toggles the display of some internal tteellnneett pro-
- tocol processing (having to do with TELNET op-
- tions). The initial value for this toggle is
- FALSE.
-
- pprreettttyydduummpp When the nneettddaattaa toggle is enabled, if
- pprreettttyydduummpp is enabled the output from the
- nneettddaattaa command will be formatted in a more user
- readable format. Spaces are put between each
- character in the output, and the beginning of
- any TELNET escape sequence is preceded by a '*'
- to aid in locating them.
-
- sskkiipprrcc When the skiprc toggle is TRUE, TELNET skips the
- reading of the _._t_e_l_n_e_t_r_c file in the users home
- directory when connections are opened. The ini-
- tial value for this toggle is FALSE.
-
- tteerrmmddaattaa Toggles the display of all terminal data (in
- hexadecimal format). The initial value for this
- toggle is FALSE.
-
- vveerrbboossee__eennccrryypptt
- When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
- prints out a message each time encryption is en-
- abled or disabled. The initial value for this
- toggle is FALSE. Note: Because of export con-
- trols, data encryption is not supported outside
- of the United States and Canada.
-
- ?? Displays the legal ttooggggllee commands.
-
- zz Suspend tteellnneett. This command only works when the user is using
- the csh(1).
-
- !! [_c_o_m_m_a_n_d]
- Execute a single command in a subshell on the local system.
- If ccoommmmaanndd is omitted, then an interactive subshell is in-
- voked.
-
- ?? [_c_o_m_m_a_n_d]
- Get help. With no arguments, tteellnneett prints a help summary.
- If a command is specified, tteellnneett will print the help informa-
- tion for just that command.
-
-EENNVVIIRROONNMMEENNTT
- TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
- ables. Other environment variables may be propagated to the other side
- via the TELNET ENVIRON option.
-
-FFIILLEESS
- ~/.telnetrc user customized telnet startup values
-
-HHIISSTTOORRYY
- The TTeellnneett command appeared in 4.2BSD.
-
-NNOOTTEESS
- On some remote systems, echo has to be turned off manually when in ``old
- line by line'' mode.
-
- In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
- only recognized (and sent to the remote system) when it is the first
- character on a line.
-
-4.2 Berkeley Distribution June 1, 1994 11
diff --git a/kerberosIV/src/man/telnetd.cat8 b/kerberosIV/src/man/telnetd.cat8
deleted file mode 100644
index e4709d4b6e8..00000000000
--- a/kerberosIV/src/man/telnetd.cat8
+++ /dev/null
@@ -1,297 +0,0 @@
-
-TELNETD(8) UNIX System Manager's Manual TELNETD(8)
-
-NNAAMMEE
- tteellnneettdd - DARPA TELNET protocol server
-
-SSYYNNOOPPSSIISS
- tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e]
- [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
- The tteellnneettdd command is a server which supports the DARPA standard TELNET
- virtual terminal protocol. TTeellnneettdd is normally invoked by the internet
- server (see inetd(8)) for requests to connect to the TELNET port as in-
- dicated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)). The --ddeebbuugg option
- may be used to start up tteellnneettdd manually, instead of through inetd(8).
- If started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alter-
- nate TCP port number.
-
- The tteellnneettdd command accepts the following options:
-
- --aa _a_u_t_h_m_o_d_e This option may be used for specifying what mode should be
- used for authentication. Note that this option is only use-
- ful if tteellnneettdd has been compiled with support for the
- AUTHENTICATION option. There are several valid values for
- _a_u_t_h_m_o_d_e_:
-
- debug Turns on authentication debugging code.
-
- user Only allow connections when the remote user can pro-
- vide valid authentication information to identify the
- remote user, and is allowed access to the specified
- account without providing a password.
-
- valid Only allow connections when the remote user can pro-
- vide valid authentication information to identify the
- remote user. The login(1) command will provide any
- additional user verification needed if the remote us-
- er is not allowed automatic access to the specified
- account.
-
- other Only allow connections that supply some authentica-
- tion information. This option is currently not sup-
- ported by any of the existing authentication mecha-
- nisms, and is thus the same as specifying --aa vvaalliidd.
-
- otp Only allow authenticated connections (as with --aa
- uusseerr) and also logins with one-time passwords (OTPs).
- This option will call login with an option so that
- only OTPs are accepted. The user can of course still
- type secret information at the prompt.
-
- none This is the default state. Authentication informa-
- tion is not required. If no or insufficient authen-
- tication information is provided, then the login(1)
- program will provide the necessary user verification.
-
- off This disables the authentication code. All user ver-
- ification will happen through the login(1) program.
-
- --BB Ignored.
-
- --DD _d_e_b_u_g_m_o_d_e
- This option may be used for debugging purposes. This allows
- tteellnneettdd to print out debugging information to the connec-
- tion, allowing the user to see what tteellnneettdd is doing. There
- are several possible values for _d_e_b_u_g_m_o_d_e_:
-
- ooppttiioonnss Prints information about the negotiation of TELNET
- options.
-
- rreeppoorrtt Prints the ooppttiioonnss information, plus some addi-
- tional information about what processing is going
- on.
-
- nneettddaattaa Displays the data stream received by tteellnneettdd..
-
- ppttyyddaattaa Displays data written to the pty.
-
- eexxeerrcciissee Has not been implemented yet.
-
- --hh Disables the printing of host-specific information before
- login has been completed.
-
- --kk
-
- --ll Ignored.
-
- --nn Disable TCP keep-alives. Normally tteellnneettdd enables the TCP
- keep-alive mechanism to probe connections that have been
- idle for some period of time to determine if the client is
- still there, so that idle connections from machines that
- have crashed or can no longer be reached may be cleaned up.
-
- --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
- This option is only enabled when tteellnneettdd is compiled for
- UNICOS. It specifies an inclusive range of pseudo-terminal
- devices to use. If the system has sysconf variable
- _SC_CRAY_NPTY configured, the default pty search range is 0
- to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
- Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
- either end of the search range. If _l_o_w_p_t_y is omitted, the -
- character is still required so that tteellnneettdd can differenti-
- ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
-
- --SS _t_o_s
-
- --uu _l_e_n This option is used to specify the size of the field in the
- utmp structure that holds the remote host name. If the re-
- solved host name is longer than _l_e_n, the dotted decimal val-
- ue will be used instead. This allows hosts with very long
- host names that overflow this field to still be uniquely
- identified. Specifying --uu00 indicates that only dotted deci-
- mal addresses should be put into the _u_t_m_p file.
-
- --UU This option causes tteellnneettdd to refuse connections from ad-
- dresses that cannot be mapped back into a symbolic name via
- the gethostbyaddr(3) routine.
-
- --XX _a_u_t_h_t_y_p_e This option is only valid if tteellnneettdd has been built with
- support for the authentication option. It disables the use
- of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
- disable a specific authentication type without having to re-
- compile tteellnneettdd.
-
- --LL --ppaatthhnnaammee
- Specify pathname to an alternative login program.
-
- TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for
- a client, then creating a login process which has the slave side of the
- pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the mas-
- ter side of the pseudo-terminal, implementing the TELNET protocol and
- passing characters between the remote client and the login process.
-
- When a TELNET session is started up, tteellnneettdd sends TELNET options to the
- client side indicating a willingness to do the following TELNET options,
- which are described in more detail below:
-
- DO AUTHENTICATION
- WILL ENCRYPT
- DO TERMINAL TYPE
- DO TSPEED
- DO XDISPLOC
- DO NEW-ENVIRON
- DO ENVIRON
- WILL SUPPRESS GO AHEAD
- DO ECHO
- DO LINEMODE
- DO NAWS
- WILL STATUS
- DO LFLOW
- DO TIMING-MARK
-
- The pseudo-terminal allocated to the client is configured to operate in
- cooked mode, and with XTABS and CRMOD enabled (see tty(4)).
-
- TTeellnneettdd has support for enabling locally the following TELNET options:
-
- WILL ECHO When the LINEMODE option is enabled, a WILL ECHO or
- WONT ECHO will be sent to the client to indicate the
- current state of terminal echoing. When terminal echo
- is not desired, a WILL ECHO is sent to indicate that
- telnetd will take care of echoing any data that needs
- to be echoed to the terminal, and then nothing is
- echoed. When terminal echo is desired, a WONT ECHO is
- sent to indicate that telnetd will not be doing any
- terminal echoing, so the client should do any terminal
- echoing that is needed.
-
- WILL BINARY Indicates that the client is willing to send a 8 bits
- of data, rather than the normal 7 bits of the Network
- Virtual Terminal.
-
- WILL SGA Indicates that it will not be sending IAC GA, go
- ahead, commands.
-
- WILL STATUS Indicates a willingness to send the client, upon re-
- quest, of the current status of all TELNET options.
-
- WILL TIMING-MARK Whenever a DO TIMING-MARK command is received, it is
- always responded to with a WILL TIMING-MARK
-
- WILL LOGOUT When a DO LOGOUT is received, a WILL LOGOUT is sent in
- response, and the TELNET session is shut down.
-
- WILL ENCRYPT Only sent if tteellnneettdd is compiled with support for data
- encryption, and indicates a willingness to decrypt the
- data stream.
-
- TTeellnneettdd has support for enabling remotely the following TELNET options:
-
- DO BINARY Sent to indicate that telnetd is willing to receive an
- 8 bit data stream.
-
- DO LFLOW Requests that the client handle flow control charac-
-
-
- ters remotely.
-
- DO ECHO This is not really supported, but is sent to identify
- a 4.2BSD telnet(1) client, which will improperly re-
- spond with WILL ECHO. If a WILL ECHO is received, a
- DONT ECHO will be sent in response.
-
- DO TERMINAL-TYPE Indicates a desire to be able to request the name of
- the type of terminal that is attached to the client
- side of the connection.
-
- DO SGA Indicates that it does not need to receive IAC GA, the
- go ahead command.
-
- DO NAWS Requests that the client inform the server when the
- window (display) size changes.
-
- DO TERMINAL-SPEED Indicates a desire to be able to request information
- about the speed of the serial line to which the client
- is attached.
-
- DO XDISPLOC Indicates a desire to be able to request the name of
- the X windows display that is associated with the tel-
- net client.
-
- DO NEW-ENVIRON Indicates a desire to be able to request environment
- variable information, as described in RFC 1572.
-
- DO ENVIRON Indicates a desire to be able to request environment
- variable information, as described in RFC 1408.
-
- DO LINEMODE Only sent if tteellnneettdd is compiled with support for
- linemode, and requests that the client do line by line
- processing.
-
- DO TIMING-MARK Only sent if tteellnneettdd is compiled with support for both
- linemode and kludge linemode, and the client responded
- with WONT LINEMODE. If the client responds with WILL
- TM, the it is assumed that the client supports kludge
- linemode. Note that the [--kk] option can be used to
- disable this.
-
- DO AUTHENTICATION Only sent if tteellnneettdd is compiled with support for au-
- thentication, and indicates a willingness to receive
- authentication information for automatic login.
-
- DO ENCRYPT Only sent if tteellnneettdd is compiled with support for data
- encryption, and indicates a willingness to decrypt the
- data stream.
-
-EENNVVIIRROONNMMEENNTT
-FFIILLEESS
- _/_e_t_c_/_s_e_r_v_i_c_e_s
- _/_e_t_c_/_i_n_i_t_t_a_b (UNICOS systems only)
- _/_e_t_c_/_i_p_t_o_s (if supported)
-
-SSEEEE AALLSSOO
- telnet(1), login(1)
-
-SSTTAANNDDAARRDDSS
- RRFFCC--885544 TELNET PROTOCOL SPECIFICATION
- RRFFCC--885555 TELNET OPTION SPECIFICATIONS
- RRFFCC--885566 TELNET BINARY TRANSMISSION
- RRFFCC--885577 TELNET ECHO OPTION
-
-
- RRFFCC--885588 TELNET SUPPRESS GO AHEAD OPTION
- RRFFCC--885599 TELNET STATUS OPTION
- RRFFCC--886600 TELNET TIMING MARK OPTION
- RRFFCC--886611 TELNET EXTENDED OPTIONS - LIST OPTION
- RRFFCC--888855 TELNET END OF RECORD OPTION
- RRFFCC--11007733 Telnet Window Size Option
- RRFFCC--11007799 Telnet Terminal Speed Option
- RRFFCC--11009911 Telnet Terminal-Type Option
- RRFFCC--11009966 Telnet X Display Location Option
- RRFFCC--11112233 Requirements for Internet Hosts -- Application and Support
- RRFFCC--11118844 Telnet Linemode Option
- RRFFCC--11337722 Telnet Remote Flow Control Option
- RRFFCC--11441166 Telnet Authentication Option
- RRFFCC--11441111 Telnet Authentication: Kerberos Version 4
- RRFFCC--11441122 Telnet Authentication: SPX
- RRFFCC--11557711 Telnet Environment Option Interoperability Issues
- RRFFCC--11557722 Telnet Environment Option
-
-BBUUGGSS
- Some TELNET commands are only partially implemented.
-
- Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some
- dubious protocol exchanges to try to discover if the remote client is, in
- fact, a 4.2 BSD telnet(1).
-
- Binary mode has no common interpretation except between similar operating
- systems (Unix in this case).
-
- The terminal type name received from the remote client is converted to
- lower case.
-
- TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
-
-4.2 Berkeley Distribution June 1, 1994 5
diff --git a/kerberosIV/src/man/tenletxr.cat1 b/kerberosIV/src/man/tenletxr.cat1
deleted file mode 100644
index c1714e7a092..00000000000
--- a/kerberosIV/src/man/tenletxr.cat1
+++ /dev/null
@@ -1,37 +0,0 @@
-
-TENLETXR(1) UNIX Reference Manual TENLETXR(1)
-
-NNAAMMEE
- tteennlleettxxrr - forward X-connections backwards.
-
-SSYYNNOOPPSSIISS
- tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
-
-DDEESSCCRRIIPPTTIIOONN
- The tteennlleettxxrr program enables forwarding of X-connections from this ma-
- chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of
- the default.
-
- The supported options are:
-
- --ll Log in on the remote host as user _u_s_e_r_n_a_m_e
-
- --kk Disables keep-alives.
-
-EEXXAAMMPPLLEE
- To login from host _f_o_o to host _b_a_r (where your display is), you might do
- the following.
-
- 1. On foo: tteennlleettxxrr _b_a_r
-
- 2. You will get a new shell where you will be able to start X clients
- that will show their windows on _b_a_r.
-
-BBUUGGSS
- It currently checks if you have permission to run it by checking if you
- own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
-
-SSEEEE AALLSSOO
- rxtelnet(1), rxterm(1), kx(1), kxd(8), telnet(1)
-
- KTH_KRB March 31, 1997 1
diff --git a/kerberosIV/src/man/tf_util.cat3 b/kerberosIV/src/man/tf_util.cat3
deleted file mode 100644
index b1c3509a903..00000000000
--- a/kerberosIV/src/man/tf_util.cat3
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
- TTFF__UUTTIILL((33)) MMIITT PPrroojjeecctt AAtthheennaa TTFF__UUTTIILL((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- NNAAMMEE
- tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close - Routines
- for manipulating a Kerberos ticket file
-
- SSYYNNOOPPSSIISS
- ##iinncclluuddee <<kkrrbb..hh>>
-
- eexxtteerrnn cchhaarr **kkrrbb__eerrrr__ttxxtt[[]];;
-
- ttff__iinniitt((ttff__nnaammee,, rrww))
- cchhaarr **ttff__nnaammee;;
- iinntt rrww;;
-
- ttff__ggeett__ppnnaammee((ppnnaammee))
- cchhaarr **ppnnaammee;;
-
- ttff__ggeett__ppiinnsstt((ppiinnsstt))
- cchhaarr **ppiinnsstt;;
-
- ttff__ggeett__ccrreedd((cc))
- CCRREEDDEENNTTIIAALLSS **cc;;
-
- ttff__cclloossee(())
-
- DDEESSCCRRIIPPTTIIOONN
- This group of routines are provided to manipulate the Kerberos tickets
- file. A ticket file has the following format:
-
- principal's name (null-terminated string)
- principal's instance (null-terminated string)
- CREDENTIAL_1
- CREDENTIAL_2
- ...
- CREDENTIAL_n
- EOF
-
- Where "CREDENTIAL_x" consists of the following fixed-length
- fields from the CREDENTIALS structure (defined in <krb.h>):
-
- char service[ANAME_SZ]
- char instance[INST_SZ]
- char realm[REALM_SZ]
- des_cblock session
- int lifetime
- int kvno
- KTEXT_ST ticket_st
- long issue_date
-
-
- _t_f___i_n_i_t must be called before the other ticket file routines. It
- takes the name of the ticket file to use, and a read/write flag as
-
-
-
- - 1 - Formatted: December 16, 1999
-
-
-
-
-
-
- TTFF__UUTTIILL((33)) MMIITT PPrroojjeecctt AAtthheennaa TTFF__UUTTIILL((33))
- KKeerrbbeerrooss VVeerrssiioonn 44..00
-
-
-
- arguments. It tries to open the ticket file, checks the mode and if
- everything is okay, locks the file. If it's opened for reading, the
- lock is shared. If it's opened for writing, the lock is exclusive.
- KSUCCESS is returned if all went well, otherwise one of the following:
-
- NO_TKT_FIL - file wasn't there
- TKT_FIL_ACC - file was in wrong mode, etc.
- TKT_FIL_LCK - couldn't lock the file, even after a retry
-
-
- The _t_f___g_e_t___p_n_a_m_e reads the principal's name from a ticket file. It
- should only be called after tf_init has been called. The principal's
- name is filled into the _p_n_a_m_e parameter. If all goes well, KSUCCESS
- is returned. If tf_init wasn't called, TKT_FIL_INI is returned. If
- the principal's name was null, or EOF was encountered, or the name was
- longer than ANAME_SZ, TKT_FIL_FMT is returned.
-
- The _t_f___g_e_t___p_i_n_s_t reads the principal's instance from a ticket file.
- It should only be called after tf_init and tf_get_pname have been
- called. The principal's instance is filled into the _p_i_n_s_t parameter.
- If all goes well, KSUCCESS is returned. If tf_init wasn't called,
- TKT_FIL_INI is returned. If EOF was encountered, or the name was
- longer than INST_SZ, TKT_FIL_FMT is returned. Note that, unlike the
- principal name, the instance name may be null.
-
- The _t_f___g_e_t___c_r_e_d routine reads a CREDENTIALS record from a ticket file
- and fills in the given structure. It should only be called after
- tf_init, tf_get_pname, and tf_get_pinst have been called. If all goes
- well, KSUCCESS is returned. Possible error codes are:
-
- TKT_FIL_INI - tf_init wasn't called first
- TKT_FIL_FMT - bad format
- EOF - end of file encountered
-
-
- _t_f___c_l_o_s_e closes the ticket file and releases the lock on it.
-
- SSEEEE AALLSSOO
- krb(3)
-
- DDIIAAGGNNOOSSTTIICCSS
- BBUUGGSS
- The ticket file routines have to be called in a certain order.
-
- AAUUTTHHOORRSS
- Jennifer Steiner, MIT Project Athena
- Bill Bryant, MIT Project Athena
-
- RREESSTTRRIICCTTIIOONNSS
- Copyright 1987 Massachusetts Institute of Technology
-
-
-
-
- - 2 - Formatted: December 16, 1999
-
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 02:28:00 +0000