xref: /freebsd/crypto/heimdal/kpasswd/kpasswdd.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" $Id: kpasswdd.8,v 1.8 2003/02/04 21:48:01 lha Exp $
2.\"
3.Dd April 19, 1999
4.Dt KPASSWDD 8
5.Os HEIMDAL
6.Sh NAME
7.Nm kpasswdd
8.Nd Kerberos 5 password changing server
9.Sh SYNOPSIS
10.Nm
11.Op Fl -check-library= Ns Ar library
12.Op Fl -check-function= Ns Ar function
13.Oo Fl k Ar kspec \*(Ba Xo
14.Fl -keytab= Ns Ar kspec
15.Xc
16.Oc
17.Oo Fl r Ar realm \*(Ba Xo
18.Fl -realm= Ns Ar realm
19.Xc
20.Oc
21.Oo Fl p Ar string \*(Ba Xo
22.Fl -port= Ns Ar string
23.Xc
24.Oc
25.Op Fl -version
26.Op Fl -help
27.Sh DESCRIPTION
28.Nm
29serves request for password changes. It listens on UDP port 464
30(service kpasswd) and processes requests when they arrive. It changes
31the database directly and should thus only run on the master KDC.
32.Pp
33Supported options:
34.Bl -tag -width Ds
35.It Xo
36.Fl -check-library= Ns Ar library
37.Xc
38If your system has support for dynamic loading of shared libraries,
39you can use an external function to check password quality. This
40option specifies which library to load.
41.It Xo
42.Fl -check-function= Ns Ar function
43.Xc
44This is the function to call in the loaded library. The function
45should look like this:
46.Pp
47.Ft const char *
48.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
49.Pp
50.Fa context
51is an initialized context;
52.Fa principal
53is the one who tries to change passwords, and
54.Fa password
55is the new password. Note that the password (in
56.Fa password->data )
57is not zero terminated.
58.It Xo
59.Fl k Ar kspec ,
60.Fl -keytab= Ns Ar kspec
61.Xc
62Keytab to get authentication key from
63.It Xo
64.Fl r Ar realm ,
65.Fl -realm= Ns Ar realm
66.Xc
67Default realm
68.It Xo
69.Fl p Ar string ,
70.Fl -port= Ns Ar string
71.Xc
72Port to listen on (default service kpasswd - 464).
73.El
74.Sh DIAGNOSTICS
75If an error occurs, the error message is returned to the user and/or
76logged to syslog.
77.Sh BUGS
78The default password quality checks are too basic.
79.Sh SEE ALSO
80.Xr kpasswd 1 ,
81.Xr kdc 8
82.\".Sh ENVIRONMENT
83.\".Sh FILES
84.\".Sh EXAMPLES
85.\".Sh SEE ALSO
86.\".Sh STANDARDS
87.\".Sh HISTORY
88.\".Sh AUTHORS
89