xref: /freebsd/crypto/heimdal/kpasswd/kpasswdd.8 (revision 8fc257994d0ce2396196d7a06d50d20c8015f4b7) 
1.\" $Id: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $
2.\"
3.Dd April 19, 1999
4.Dt KPASSWDD 8
5.Os HEIMDAL
6.Sh NAME
7.Nm kpasswdd
8.Nd Kerberos 5 password changing server
9.Sh SYNOPSIS
10.Nm
11.Bk -words
12.Op Fl -addresses= Ns Ar address
13.Op Fl -check-library= Ns Ar library
14.Op Fl -check-function= Ns Ar function
15.Oo Fl k Ar kspec \*(Ba Xo
16.Fl -keytab= Ns Ar kspec
17.Xc
18.Oc
19.Oo Fl r Ar realm \*(Ba Xo
20.Fl -realm= Ns Ar realm
21.Xc
22.Oc
23.Oo Fl p Ar string \*(Ba Xo
24.Fl -port= Ns Ar string
25.Xc
26.Oc
27.Op Fl -version
28.Op Fl -help
29.Ek
30.Sh DESCRIPTION
31.Nm
32serves request for password changes. It listens on UDP port 464
33(service kpasswd) and processes requests when they arrive. It changes
34the database directly and should thus only run on the master KDC.
35.Pp
36Supported options:
37.Bl -tag -width Ds
38.It Xo
39.Fl -addresses= Ns Ar address
40.Xc
41For each till the argument is given, add the address to what kpasswdd
42should listen too.
43.It Xo
44.Fl -check-library= Ns Ar library
45.Xc
46If your system has support for dynamic loading of shared libraries,
47you can use an external function to check password quality. This
48option specifies which library to load.
49.It Xo
50.Fl -check-function= Ns Ar function
51.Xc
52This is the function to call in the loaded library. The function
53should look like this:
54.Pp
55.Ft const char *
56.Fn passwd_check "krb5_context context" "krb5_principal principal" "krb5_data *password"
57.Pp
58.Fa context
59is an initialized context;
60.Fa principal
61is the one who tries to change passwords, and
62.Fa password
63is the new password. Note that the password (in
64.Fa password->data )
65is not zero terminated.
66.It Xo
67.Fl k Ar kspec ,
68.Fl -keytab= Ns Ar kspec
69.Xc
70Keytab to get authentication key from.
71.It Xo
72.Fl r Ar realm ,
73.Fl -realm= Ns Ar realm
74.Xc
75Default realm.
76.It Xo
77.Fl p Ar string ,
78.Fl -port= Ns Ar string
79.Xc
80Port to listen on (default service kpasswd - 464).
81.El
82.Sh DIAGNOSTICS
83If an error occurs, the error message is returned to the user and/or
84logged to syslog.
85.Sh BUGS
86The default password quality checks are too basic.
87.Sh SEE ALSO
88.Xr kpasswd 1 ,
89.Xr kdc 8
90.\".Sh ENVIRONMENT
91.\".Sh FILES
92.\".Sh EXAMPLES
93.\".Sh SEE ALSO
94.\".Sh STANDARDS
95.\".Sh HISTORY
96.\".Sh AUTHORS
97