From a0c37ec3269a777ffff92ccadd3125430332d703 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Sat, 3 Apr 2004 21:31:10 +0000 Subject: [PATCH] Resolve conflicts after import of Heimdal 0.6.1. --- crypto/heimdal/TODO | 85 --- crypto/heimdal/acinclude.m4 | 9 - crypto/heimdal/admin/ktutil.cat8 | 81 -- crypto/heimdal/appl/ftp/ftp/ftp.cat1 | 644 ---------------- crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 | 297 -------- crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 | 26 - crypto/heimdal/appl/kf/kf.cat1 | 45 -- crypto/heimdal/appl/kf/kfd.cat8 | 30 - crypto/heimdal/appl/push/pfrom.cat1 | 16 - crypto/heimdal/appl/push/push.cat8 | 76 -- crypto/heimdal/appl/telnet/telnet/telnet.cat1 | 714 ------------------ .../heimdal/appl/telnet/telnetd/telnetd.cat8 | 293 ------- crypto/heimdal/kadmin/kadmin.cat8 | 121 --- crypto/heimdal/kadmin/kadmind.cat8 | 93 --- crypto/heimdal/kdc/hprop.cat8 | 98 --- crypto/heimdal/kdc/hpropd.cat8 | 42 -- crypto/heimdal/kdc/kdc.cat8 | 126 ---- crypto/heimdal/kdc/kstash.cat8 | 33 - crypto/heimdal/kdc/string2key.cat8 | 41 - crypto/heimdal/kpasswd/kpasswd.cat1 | 19 - crypto/heimdal/kpasswd/kpasswdd.cat8 | 53 -- crypto/heimdal/kuser/kdestroy.cat1 | 29 - crypto/heimdal/kuser/kgetcred.cat1 | 26 - crypto/heimdal/kuser/kinit.cat1 | 127 ---- crypto/heimdal/kuser/klist.cat1 | 87 --- crypto/heimdal/lib/hdb/hdb_locl.h | 5 +- crypto/heimdal/lib/kafs/kafs.cat3 | 97 --- crypto/heimdal/lib/krb5/crypto.c | 301 +++++--- crypto/heimdal/lib/roken/config.h.in | 1 - crypto/heimdal/tools/krb5-config.cat1 | 51 -- 30 files changed, 196 insertions(+), 3470 deletions(-) delete mode 100644 crypto/heimdal/TODO delete mode 100644 crypto/heimdal/acinclude.m4 delete mode 100644 crypto/heimdal/admin/ktutil.cat8 delete mode 100644 crypto/heimdal/appl/ftp/ftp/ftp.cat1 delete mode 100644 crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 delete mode 100644 crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 delete mode 100644 crypto/heimdal/appl/kf/kf.cat1 delete mode 100644 crypto/heimdal/appl/kf/kfd.cat8 delete mode 100644 crypto/heimdal/appl/push/pfrom.cat1 delete mode 100644 crypto/heimdal/appl/push/push.cat8 delete mode 100644 crypto/heimdal/appl/telnet/telnet/telnet.cat1 delete mode 100644 crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 delete mode 100644 crypto/heimdal/kadmin/kadmin.cat8 delete mode 100644 crypto/heimdal/kadmin/kadmind.cat8 delete mode 100644 crypto/heimdal/kdc/hprop.cat8 delete mode 100644 crypto/heimdal/kdc/hpropd.cat8 delete mode 100644 crypto/heimdal/kdc/kdc.cat8 delete mode 100644 crypto/heimdal/kdc/kstash.cat8 delete mode 100644 crypto/heimdal/kdc/string2key.cat8 delete mode 100644 crypto/heimdal/kpasswd/kpasswd.cat1 delete mode 100644 crypto/heimdal/kpasswd/kpasswdd.cat8 delete mode 100644 crypto/heimdal/kuser/kdestroy.cat1 delete mode 100644 crypto/heimdal/kuser/kgetcred.cat1 delete mode 100644 crypto/heimdal/kuser/kinit.cat1 delete mode 100644 crypto/heimdal/kuser/klist.cat1 delete mode 100644 crypto/heimdal/lib/kafs/kafs.cat3 delete mode 100644 crypto/heimdal/lib/roken/config.h.in delete mode 100644 crypto/heimdal/tools/krb5-config.cat1 diff --git a/crypto/heimdal/TODO b/crypto/heimdal/TODO deleted file mode 100644 index adef74a15d7b..000000000000 --- a/crypto/heimdal/TODO +++ /dev/null @@ -1,85 +0,0 @@ --*- indented-text -*- - -$Id: TODO,v 1.66 2001/08/09 08:43:42 assar Exp $ - -* configure - -handle readline hiding in readline/readline.h - -* appl - -** appl/popper - -Implement RFC1731 and 1734, pop over GSS-API - -* doc - -* kdc - -* kadmin - -make it happy with reading and parsing kdc.conf - -is in need of a major cleanup - -* kpasswdd - -figure out what's the deal with do_sequence and the MIT client - -* lib - -** lib/asn1 - -prepend a prefix on all generated symbols - -** lib/auth - -** lib/auth/sia - -PAM - -** lib/com_err - -write a man-page - -** lib/des - -make everything work with openssl and make prototypes compatible - -** lib/gssapi - -process_context_token, add_cred, inquire_cred_by_mech, -inquire_names_for_mech, and -inquire_mechs_for_name not implemented. - -set minor_status in all functions - -anonymous credentials not implemented - -add rc4 - -** lib/hdb - -** lib/kadm5 - -add policies? - -fix to use rpc? - -** lib/krb5 - -the replay cache is, in its current state, not very useful - -OTP? - -make checksum/encryption type configuration more realm-specific. make -some simple way of handling the w2k situtation - -crypto: allow scatter/gather creation of checksums - -verify_user: handle non-secure verification failing because of -host->realm mapping - -config_file: do it in case-sensitive and/or insensitive - -** lib/roken diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4 deleted file mode 100644 index ff8704275cfb..000000000000 --- a/crypto/heimdal/acinclude.m4 +++ /dev/null @@ -1,9 +0,0 @@ -dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $ -dnl -dnl Only put things that for some reason can't live in the `cf' -dnl directory in this file. -dnl - -dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ -dnl -define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl diff --git a/crypto/heimdal/admin/ktutil.cat8 b/crypto/heimdal/admin/ktutil.cat8 deleted file mode 100644 index 8cfd85619a0d..000000000000 --- a/crypto/heimdal/admin/ktutil.cat8 +++ /dev/null @@ -1,81 +0,0 @@ -KTUTIL(8) NetBSD System Manager's Manual KTUTIL(8) - -NNAAMMEE - kkttuuttiill - manage Kerberos keytabs - -SSYYNNOOPPSSIISS - kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | - ----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s] - -DDEESSCCRRIIPPTTIIOONN - kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol- - lowing: - - add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee - _e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] - [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt] - Adds a key to the keytab. Options that are not specified will - be prompted for. This requires that you know the password of - the principal to add; if what you really want is to add a new - principal to the keytab, you should consider the _g_e_t command, - which talks to the kadmin server. - - change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss - _p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t] - Update one or several keys to new versions. By default, use - the admin server for the realm of an keytab entry. Otherwise - it will use the values specified by the options. - - If no principals are given, all the ones in the keytab are - updated. - - copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t - Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t. - - get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e] - [----eennccttyyppeess==_e_n_c_t_y_p_e] [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n - _s_e_r_v_e_r] [----aaddmmiinn--sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] - [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t] _p_r_i_n_c_i_p_a_l _._._. - For each _p_r_i_n_c_i_p_a_l, generate a new key for it (creating it if - it doesn't already exist), and put that key in the keytab. - - If no _r_e_a_l_m is specified, the realm to operate on is taken - from the first principal. - - list [----kkeeyyss] [----ttiimmeessttaammpp] - List the keys stored in the keytab. - - remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o] - [--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e] - Removes the specified key or keys. Not specifying a _k_v_n_o re- - moves keys with any version number. Not specifying a _e_n_c_t_y_p_e - removes keys of any type. - - rename _f_r_o_m_-_p_r_i_n_c_i_p_a_l _t_o_-_p_r_i_n_c_i_p_a_l - Renames all entries in the keytab that match the _f_r_o_m_- - _p_r_i_n_c_i_p_a_l to _t_o_-_p_r_i_n_c_i_p_a_l. - - purge [----aaggee==_a_g_e] - Removes all old entries (for which there is a newer version) - that are older than _a_g_e (default one week). - - srvconvert - - srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b] - Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab - and stores it in _k_e_y_t_a_b. Identical to: - - ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b - - srvcreate - - key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b] - Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab - and stores it in _s_r_v_t_a_b. Identical to: - - ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b - -SSEEEE AALLSSOO - kadmin(8) - - HEIMDAL December 16, 2000 2 diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.cat1 b/crypto/heimdal/appl/ftp/ftp/ftp.cat1 deleted file mode 100644 index 83323cc8748e..000000000000 --- a/crypto/heimdal/appl/ftp/ftp/ftp.cat1 +++ /dev/null @@ -1,644 +0,0 @@ -FTP(1) NetBSD Reference Manual FTP(1) - -NNAAMMEE - ffttpp - ARPANET file transfer program - -SSYYNNOOPPSSIISS - ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t] - -DDEESSCCRRIIPPTTIIOONN - FFttpp is the user interface to the ARPANET standard File Transfer Protocol. - The program allows a user to transfer files to and from a remote network - site. - - Modifications has been made so that it almost follows the ftpsec Internet - draft. - - Options may be specified at the command line, or to the command inter- - preter. - - --tt Enables packet tracing. - - --vv Verbose option forces ffttpp to show all responses from the remote - server, as well as report on data transfer statistics. - - --nn Restrains ffttpp from attempting ``auto-login'' upon initial connec- - tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be- - low) file in the user's home directory for an entry describing an - account on the remote machine. If no entry exists, ffttpp will prompt - for the remote machine login name (default is the user identity on - the local machine), and, if necessary, prompt for a password and an - account with which to login. - - --ii Turns off interactive prompting during multiple file transfers. - - --pp Turn on passive mode. - - --dd Enables debugging. - - --gg Disables file name globbing. - - --ll Disables command line editing. - - The client host with which ffttpp is to communicate may be specified on the - command line. If this is done, ffttpp will immediately attempt to establish - a connection to an FTP server on that host; otherwise, ffttpp will enter its - command interpreter and await instructions from the user. When ffttpp is - awaiting commands from the user the prompt `ftp>' is provided to the us- - er. The following commands are recognized by ffttpp: - - !! [_c_o_m_m_a_n_d [_a_r_g_s]] - Invoke an interactive shell on the local machine. If there - are arguments, the first is taken to be a command to execute - directly, with the rest of the arguments as its arguments. - - $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s] - Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff - command. Arguments are passed to the macro unglobbed. - - aaccccoouunntt [_p_a_s_s_w_d] - Supply a supplemental password required by a remote system - for access to resources once a login has been successfully - completed. If no argument is included, the user will be - prompted for an account password in a non-echoing input mode. - - aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] - Append a local file to a file on the remote machine. If - _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used - in naming the remote file after being altered by any nnttrraannss - or nnmmaapp setting. File transfer uses the current settings for - ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree. - - aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de- - fault type. - - bbeellll Arrange that a bell be sounded after each file transfer com- - mand is completed. - - bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer. - - bbyyee Terminate the FTP session with the remote server and exit - ffttpp. An end of file will also terminate the session and ex- - it. - - ccaassee Toggle remote computer file name case mapping during mmggeett - commands. When ccaassee is on (default is off), remote computer - file names with all letters in upper case are written in the - local directory with the letters mapped to lower case. - - ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y - Change the working directory on the remote machine to _r_e_m_o_t_e_- - _d_i_r_e_c_t_o_r_y. - - ccdduupp Change the remote machine working directory to the parent of - the current remote machine working directory. - - cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e - Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re- - mote sytem to _m_o_d_e. - - cclloossee Terminate the FTP session with the remote server, and return - to the command interpreter. Any defined macros are erased. - - ccrr Toggle carriage return stripping during ascii type file re- - trieval. Records are denoted by a carriage return/linefeed - sequence during ascii type file transfer. When ccrr is on (the - default), carriage returns are stripped from this sequence to - conform with the UNIX single linefeed record delimiter. - Records on non-UNIX remote systems may contain single line- - feeds; when an ascii type transfer is made, these linefeeds - may be distinguished from a record delimiter only when ccrr is - off. - - ddeelleettee _r_e_m_o_t_e_-_f_i_l_e - Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine. - - ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e] - Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci- - fied it is used to set the debugging level. When debugging - is on, ffttpp prints each command sent to the remote machine, - preceded by the string `-->' - - ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] - Print a listing of the directory contents in the directory, - _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in - _l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt - the user to verify that the last argument is indeed the tar- - get local file for receiving ddiirr output. If no directory is - specified, the current working directory on the remote ma- - chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e - is --, output comes to the terminal. - - ddiissccoonnnneecctt A synonym for _c_l_o_s_e. - - ffoorrmm _f_o_r_m_a_t - Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is - ``file''. - - ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] - Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine. - If the local file name is not specified, it is given the same - name it has on the remote machine, subject to alteration by - the current ccaassee, nnttrraannss, and nnmmaapp settings. The current - settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while - transferring the file. - - gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If - globbing is turned off with gglloobb, the file name arguments are - taken literally and not expanded. Globbing for mmppuutt is done - as in csh(1). For mmddeelleettee and mmggeett, each remote file name is - expanded separately on the remote machine and the lists are - not merged. Expansion of a directory name is likely to be - different from expansion of the name of an ordinary file: the - exact result depends on the foreign operating system and ftp - server, and can be previewed by doing `mls remote-files -'. - As a security measure, remotely globbed files that starts - with `/' or contains `../', will not be automatically re- - ceived. If you have interactive prompting turned off, these - filenames will be ignored. Note: mmggeett and mmppuutt are not meant - to transfer entire directory subtrees of files. That can be - done by transferring a tar(1) archive of the subtree (in bi- - nary mode). - - hhaasshh Toggle hash-sign (``#'') printing for each data block trans- - ferred. The size of a data block is 1024 bytes. - - hheellpp [_c_o_m_m_a_n_d] - Print an informative message about the meaning of _c_o_m_m_a_n_d. - If no argument is given, ffttpp prints a list of the known com- - mands. - - iiddllee [_s_e_c_o_n_d_s] - Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec- - onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is - printed. - - llccdd [_d_i_r_e_c_t_o_r_y] - Change the working directory on the local machine. If no - _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used. - - llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] - Print a listing of the contents of a directory on the remote - machine. The listing includes any system-dependent informa- - tion that the server chooses to include; for example, most - UNIX systems will produce output from the command `ls -l'. - (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, - the current working directory is used. If interactive - prompting is on, ffttpp will prompt the user to verify that the - last argument is indeed the target local file for receiving - llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e - is `--', the output is sent to the terminal. - - mmaaccddeeff _m_a_c_r_o_-_n_a_m_e - Define a macro. Subsequent lines are stored as the macro - _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a - file or carriage returns from the terminal) terminates macro - input mode. There is a limit of 16 macros and 4096 total - characters in all defined macros. Macros remain defined un- - til a cclloossee command is executed. The macro processor inter- - prets `$' and `\' as special characters. A `$' followed by a - number (or numbers) is replaced by the corresponding argument - on the macro invocation command line. A `$' followed by an - `i' signals that macro processor that the executing macro is - to be looped. On the first pass `$i' is replaced by the - first argument on the macro invocation command line, on the - second pass it is replaced by the second argument, and so on. - A `\' followed by any character is replaced by that charac- - ter. Use the `\' to prevent special treatment of the `$'. - - mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s] - Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine. - - mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e - Like ddiirr, except multiple remote files may be specified. If - interactive prompting is on, ffttpp will prompt the user to ver- - ify that the last argument is indeed the target local file - for receiving mmddiirr output. - - mmggeett _r_e_m_o_t_e_-_f_i_l_e_s - Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett - for each file name thus produced. See gglloobb for details on - the filename expansion. Resulting file names will then be - processed according to ccaassee, nnttrraannss, and nnmmaapp settings. - Files are transferred into the local working directory, which - can be changed with `lcd directory'; new local directories - can be created with `! mkdir directory'. - - mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e - Make a directory on the remote machine. - - mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e - Like nnlliisstt, except multiple remote files may be specified, - and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt- - ing is on, ffttpp will prompt the user to verify that the last - argument is indeed the target local file for receiving mmllss - output. - - mmooddee [_m_o_d_e_-_n_a_m_e] - Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is - ``stream'' mode. - - mmooddttiimmee _f_i_l_e_-_n_a_m_e - Show the last modification time of the file on the remote ma- - chine. - - mmppuutt _l_o_c_a_l_-_f_i_l_e_s - Expand wild cards in the list of local files given as argu- - ments and do a ppuutt for each file in the resulting list. See - gglloobb for details of filename expansion. Resulting file names - will then be processed according to nnttrraannss and nnmmaapp settings. - - nneewweerr _f_i_l_e_-_n_a_m_e - Get the file only if the modification time of the remote file - is more recent that the file on the current system. If the - file does not exist on the current system, the remote file is - considered nneewweerr. Otherwise, this command is identical to - _g_e_t. - - nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] - Print a list of the files in a directory on the remote ma- - chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current - working directory is used. If interactive prompting is on, - ffttpp will prompt the user to verify that the last argument is - indeed the target local file for receiving nnlliisstt output. If - no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output - is sent to the terminal. - - nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n] - Set or unset the filename mapping mechanism. If no arguments - are specified, the filename mapping mechanism is unset. If - arguments are specified, remote filenames are mapped during - mmppuutt commands and ppuutt commands issued without a specified re- - mote target filename. If arguments are specified, local - filenames are mapped during mmggeett commands and ggeett commands - issued without a specified local target filename. This com- - mand is useful when connecting to a non-UNIX remote computer - with different file naming conventions or practices. The - mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n. - [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may - have already been processed according to the nnttrraannss and ccaassee - settings). Variable templating is accomplished by including - the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to - prevent this special treatment of the `$' character. All - other characters are treated literally, and are used to de- - termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example, - given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data", - $1 would have the value "mydata", and $2 would have the value - "data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file- - name. The sequences `$1', `$2', ...., `$9' are replaced by - any value resulting from the _i_n_p_a_t_t_e_r_n template. The se- - quence `$0' is replace by the original filename. Additional- - ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1 - is not a null string; otherwise it is replaced by _s_e_q_2. For - example, the command - - nmap $1.$2.$3 [$1,$2].[$2,file] - - would yield the output filename "myfile.data" for input file- - names "myfile.data" and "myfile.data.old", "myfile.file" for - the input filename "myfile", and "myfile.myfile" for the in- - put filename ".myfile". Spaces may be included in - _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1' - . Use the `\' character to prevent special treatment of the - `$','[','[', and `,' characters. - - nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]] - Set or unset the filename character translation mechanism. - If no arguments are specified, the filename character trans- - lation mechanism is unset. If arguments are specified, char- - acters in remote filenames are translated during mmppuutt com- - mands and ppuutt commands issued without a specified remote tar- - get filename. If arguments are specified, characters in lo- - cal filenames are translated during mmggeett commands and ggeett - commands issued without a specified local target filename. - This command is useful when connecting to a non-UNIX remote - computer with different file naming conventions or practices. - Characters in a filename matching a character in _i_n_c_h_a_r_s are - replaced with the corresponding character in _o_u_t_c_h_a_r_s. If - the character's position in _i_n_c_h_a_r_s is longer than the length - of _o_u_t_c_h_a_r_s, the character is deleted from the file name. - - ooppeenn _h_o_s_t [_p_o_r_t] - Establish a connection to the specified _h_o_s_t FTP server. An - optional port number may be supplied, in which case, ffttpp will - attempt to contact an FTP server at that port. If the aauuttoo-- - llooggiinn option is on (default), ffttpp will also attempt to auto- - matically log the user in to the FTP server (see below). - - ppaassssiivvee Toggle passive mode. If passive mode is turned on (default - is off), the ftp client will send a PASV command for all data - connections instead of the usual PORT command. The PASV com- - mand requests that the remote server open a port for the data - connection and return the address of that port. The remote - server listens on that port and the client connects to it. - When using the more traditional PORT command, the client lis- - tens on a port and sends that address to the remote server, - who connects back to it. Passive mode is useful when using - ffttpp through a gateway router or host that controls the direc- - tionality of traffic. (Note that though ftp servers are re- - quired to support the PASV command by RFC 1123, some do not.) - - pprroommpptt Toggle interactive prompting. Interactive prompting occurs - during multiple file transfers to allow the user to selec- - tively retrieve or store files. If prompting is turned off - (default is on), any mmggeett or mmppuutt will transfer all files, - and any mmddeelleettee will delete all files. - - pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d - Execute an ftp command on a secondary control connection. - This command allows simultaneous connection to two remote ftp - servers for transferring files between the two servers. The - first pprrooxxyy command should be an ooppeenn, to establish the sec- - ondary control connection. Enter the command "proxy ?" to - see other ftp commands executable on the secondary connec- - tion. The following commands behave differently when pref- - aced by pprrooxxyy: ooppeenn will not define new macros during the au- - to-login process, cclloossee will not erase existing macro defini- - tions, ggeett and mmggeett transfer files from the host on the pri- - mary control connection to the host on the secondary control - connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the - host on the secondary control connection to the host on the - primary control connection. Third party file transfers de- - pend upon support of the ftp protocol PASV command by the - server on the secondary control connection. - - ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] - Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is - left unspecified, the local file name is used after process- - ing according to any nnttrraannss or nnmmaapp settings in naming the - remote file. File transfer uses the current settings for - ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree. - - ppwwdd Print the name of the current working directory on the remote - machine. - - qquuiitt A synonym for bbyyee. - - qquuoottee _a_r_g_1 _a_r_g_2 _._._. - The arguments specified are sent, verbatim, to the remote FTP - server. - - rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] - A synonym for get. - - rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] - Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is - smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par- - tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is - continued from the apparent point of failure. This command - is useful when transferring very large files over networks - that are prone to dropping connections. - - rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e] - Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e - is specified it is supplied to the server as well. - - rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e] - With no arguments, show status of remote machine. If _f_i_l_e_- - _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma- - chine. - - rreennaammee [_f_r_o_m] [_t_o] - Rename the file _f_r_o_m on the remote machine, to the file _t_o. - - rreesseett Clear reply queue. This command re-synchronizes command/re- - ply sequencing with the remote ftp server. Resynchronization - may be necessary following a violation of the ftp protocol by - the remote server. - - rreessttaarrtt _m_a_r_k_e_r - Restart the immediately following ggeett or ppuutt at the indicated - _m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset in- - to the file. - - rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e - Delete a directory on the remote machine. - - rruunniiqquuee Toggle storing of files on the local system with unique file- - names. If a file already exists with a name equal to the - target local filename for a ggeett or mmggeett command, a ".1" is - appended to the name. If the resulting name matches another - existing file, a ".2" is appended to the original name. If - this process continues up to ".99", an error message is - printed, and the transfer does not take place. The generated - unique filename will be reported. Note that rruunniiqquuee will not - affect local files generated from a shell command (see be- - low). The default value is off. - - sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] - A synonym for put. - - sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at- - tempt to use a PORT command when establishing a connection - for each data transfer. The use of PORT commands can prevent - delays when performing multiple file transfers. If the PORT - command fails, ffttpp will use the default data port. When the - use of PORT commands is disabled, no attempt will be made to - use PORT commands for each data transfer. This is useful for - certain FTP implementations which do ignore PORT commands - but, incorrectly, indicate they've been accepted. - - ssiittee _a_r_g_1 _a_r_g_2 _._._. - The arguments specified are sent, verbatim, to the remote FTP - server as a SITE command. - - ssiizzee _f_i_l_e_-_n_a_m_e - Return size of _f_i_l_e_-_n_a_m_e on remote machine. - - ssttaattuuss Show the current status of ffttpp. - - ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e] - Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default - ``stream'' structure is used. - - ssuunniiqquuee Toggle storing of files on remote machine under unique file - names. Remote ftp server must support ftp protocol STOU com- - mand for successful completion. The remote server will re- - port unique name. Default value is off. - - ssyysstteemm Show the type of operating system running on the remote ma- - chine. - - tteenneexx Set the file transfer type to that needed to talk to TENEX - machines. - - ttrraaccee Toggle packet tracing. - - ttyyppee [_t_y_p_e_-_n_a_m_e] - Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is spec- - ified, the current type is printed. The default type is net- - work ASCII. - - uummaasskk [_n_e_w_m_a_s_k] - Set the default umask on the remote server to _n_e_w_m_a_s_k. If - _n_e_w_m_a_s_k is omitted, the current umask is printed. - - uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t] - Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d - is not specified and the server requires it, ffttpp will prompt - the user for it (after disabling local echo). If an _a_c_c_o_u_n_t - field is not specified, and the FTP server requires it, the - user will be prompted for it. If an _a_c_c_o_u_n_t field is speci- - fied, an account command will be relayed to the remote server - after the login sequence is completed if the remote server - did not require it for logging in. Unless ffttpp is invoked - with ``auto-login'' disabled, this process is done automati- - cally on initial connection to the FTP server. - - vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the - FTP server are displayed to the user. In addition, if ver- - bose is on, when a file transfer completes, statistics re- - garding the efficiency of the transfer are reported. By de- - fault, verbose is on. - - ?? [_c_o_m_m_a_n_d] - A synonym for help. - - The following command can be used with ftpsec-aware servers. - - pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e - Set the data protection level to the requested level. - - The following command can be used with ftp servers that has implemented - the KAUTH site command. - - kkaauutthh [_p_r_i_n_c_i_p_a_l] - Obtain remote tickets. - - Command arguments which have embedded spaces may be quoted with quote `"' - marks. - -AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR - To abort a file transfer, use the terminal interrupt key (usually Ctrl- - C). Sending transfers will be immediately halted. Receiving transfers - will be halted by sending a ftp protocol ABOR command to the remote serv- - er, and discarding any further data received. The speed at which this is - accomplished depends upon the remote server's support for ABOR process- - ing. If the remote server does not support the ABOR command, an `ftp>' - prompt will not appear until the remote server has completed sending the - requested file. - - The terminal interrupt key sequence will be ignored when ffttpp has complet- - ed any local processing and is awaiting a reply from the remote server. - A long delay in this mode may result from the ABOR processing described - above, or from unexpected behavior by the remote server, including viola- - tions of the ftp protocol. If the delay results from unexpected remote - server behavior, the local ffttpp program must be killed by hand. - -FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS - Files specified as arguments to ffttpp commands are processed according to - the following rules. - - 1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t - (for writing) is used. - - 2. If the first character of the file name is `|', the remainder of the - argument is interpreted as a shell command. FFttpp then forks a shell, - using popen(3) with the argument supplied, and reads (writes) from - the stdout (stdin). If the shell command includes spaces, the argu- - ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex- - ample of this mechanism is: ``dir more''. - - 3. Failing the above checks, if ``globbing'' is enabled, local file - names are expanded according to the rules used in the csh(1); c.f. - the gglloobb command. If the ffttpp command expects a single local file - (.e.g. ppuutt), only the first filename generated by the "globbing" - operation is used. - - 4. For mmggeett commands and ggeett commands with unspecified local file - names, the local filename is the remote filename, which may be al- - tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename - may then be altered if rruunniiqquuee is on. - - 5. For mmppuutt commands and ppuutt commands with unspecified remote file - names, the remote filename is the local filename, which may be al- - tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then - be altered by the remote server if ssuunniiqquuee is on. - -FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS - The FTP specification specifies many parameters which may affect a file - transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary), - ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly). - FFttpp supports the ascii and image types of file transfer, plus local byte - size 8 for tteenneexx mode transfers. - - FFttpp supports only the default values for the remaining file transfer pa- - rameters: mmooddee, ffoorrmm, and ssttrruucctt. - -TTHHEE ..nneettrrcc FFIILLEE - The _._n_e_t_r_c file contains login and initialization information used by the - auto-login process. It resides in the user's home directory. The fol- - lowing tokens are recognized; they may be separated by spaces, tabs, or - new-lines: - - mmaacchhiinnee _n_a_m_e - Identify a remote machine _n_a_m_e. The auto-login process search- - es the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote - machine specified on the ffttpp command line or as an ooppeenn command - argument. Once a match is made, the subsequent _._n_e_t_r_c tokens - are processed, stopping when the end of file is reached or an- - other mmaacchhiinnee or a ddeeffaauulltt token is encountered. - - ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches - any name. There can be only one ddeeffaauulltt token, and it must be - after all mmaacchhiinnee tokens. This is normally used as: - - default login anonymous password user@site - - thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma- - chines not specified in _._n_e_t_r_c. This can be overridden by us- - ing the --nn flag to disable auto-login. - - llooggiinn _n_a_m_e - Identify a user on the remote machine. If this token is pre- - sent, the auto-login process will initiate a login using the - specified _n_a_m_e. - - ppaasssswwoorrdd _s_t_r_i_n_g - Supply a password. If this token is present, the auto-login - process will supply the specified string if the remote server - requires a password as part of the login process. Note that if - this token is present in the _._n_e_t_r_c file for any user other - than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the - _._n_e_t_r_c is readable by anyone besides the user. - - aaccccoouunntt _s_t_r_i_n_g - Supply an additional account password. If this token is pre- - sent, the auto-login process will supply the specified string - if the remote server requires an additional account password, - or the auto-login process will initiate an ACCT command if it - does not. - - mmaaccddeeff _n_a_m_e - Define a macro. This token functions like the ffttpp mmaaccddeeff com- - mand functions. A macro is defined with the specified name; - its contents begin with the next _._n_e_t_r_c line and continue until - a null line (consecutive new-line characters) is encountered. - If a macro named iinniitt is defined, it is automatically executed - as the last step in the auto-login process. - -EENNVVIIRROONNMMEENNTT - FFttpp utilizes the following environment variables. - - HOME For default location of a _._n_e_t_r_c file, if one exists. - - SHELL For default shell. - -SSEEEE AALLSSOO - ftpd(8) - - _R_F_C_2_2_2_8. - -HHIISSTTOORRYY - The ffttpp command appeared in 4.2BSD. - -BBUUGGSS - Correct execution of many commands depends upon proper behavior by the - remote server. - - An error in the treatment of carriage returns in the 4.2BSD ascii-mode - transfer code has been corrected. This correction may result in incor- - rect transfers of binary files to and from 4.2BSD servers using the ascii - type. Avoid this problem by using the binary image type. - -4.2 Berkeley Distribution April 27, 1996 10 diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 deleted file mode 100644 index 4951f6a564b1..000000000000 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 +++ /dev/null @@ -1,297 +0,0 @@ -FTPD(8) NetBSD System Manager's Manual FTPD(8) - -NNAAMMEE - ffttppdd - Internet File Transfer Protocol server - -SSYYNNOOPPSSIISS - ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvvUU] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt - _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g] - -DDEESSCCRRIIPPTTIIOONN - FFttppdd is the Internet File Transfer Protocol server process. The server - uses the TCP protocol and listens at the port specified in the ``ftp'' - service specification; see services(5). - - Available options: - - --aa Select the level of authentication required. Kerberised login - can not be turned off. The default is to only allow kerberised - login. Other possibilities can be turned on by giving a string - of comma separated flags as argument to --aa. Recognised flags are: - - _p_l_a_i_n Allow logging in with plaintext password. The password can - be a(n) OTP or an ordinary password. - - _o_t_p Same as _p_l_a_i_n, but only OTP is allowed. - - _f_t_p Allow anonymous login. - - The following combination modes exists for backwards compatibili- - ty: - - _n_o_n_e Same as _p_l_a_i_n_,_f_t_p. - - _s_a_f_e Same as _f_t_p. - - _u_s_e_r Ignored. - - --dd Debugging information is written to the syslog using LOG_FTP. - - --gg Anonymous users will get a umask of _u_m_a_s_k. - - --ii Open a socket and wait for a connection. This is mainly used for - debugging when ftpd isn't started by inetd. - - --ll Each successful and failed ftp(1) session is logged using syslog - with a facility of LOG_FTP. If this option is specified twice, - the retrieve (get), store (put), append, delete, make directory, - remove directory and rename operations and their filename argu- - ments are also logged. - - --pp Use _p_o_r_t (a service name or number) instead of the default - _f_t_p_/_t_c_p. - - --TT A client may also request a different timeout period; the maximum - period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option. - The default limit is 2 hours. - - --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de- - fault is 15 minutes). - - --uu Set the initial umask to something else than the default 027. - - --UU In previous versions of ffttppdd, when a passive mode client request- - ed a data connection to the server, the server would use data - ports in the range 1024..4999. Now, by default, if the system - supports the IP_PORTRANGE socket option, the server will use data - ports in the range 49152..65535. Specifying this option will re- - vert to the old behavior. - - --vv Verbose mode. - - --BB, ----bbuuiillttiinn--llss - use built-in ls to list files - - ----ggoooodd--cchhaarrss==_s_t_r_i_n_g - allowed anonymous upload filename chars - - The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex- - ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists, - ffttppdd prints it before issuing the ``ready'' message. If the file - _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login. - - The ftp server currently supports the following ftp requests. The case - of the requests is ignored. - - Request Description - ABOR abort previous command - ACCT specify account (ignored) - ALLO allocate storage (vacuously) - APPE append to a file - CDUP change to parent of current working directory - CWD change working directory - DELE delete a file - HELP give help information - LIST give list files in a directory (``ls -lgA'') - MKD make a directory - MDTM show last modification time of file - MODE specify data transfer _m_o_d_e - NLST give name list of files in directory - NOOP do nothing - PASS specify password - PASV prepare for server-to-server transfer - PORT specify data connection port - PWD print the current working directory - QUIT terminate session - REST restart incomplete transfer - RETR retrieve a file - RMD remove a directory - RNFR specify rename-from file name - RNTO specify rename-to file name - SITE non-standard commands (see next section) - SIZE return size of file - STAT return status of server - STOR store a file - STOU store a file with a unique name - STRU specify data transfer _s_t_r_u_c_t_u_r_e - SYST show operating system type of server system - TYPE specify data transfer _t_y_p_e - USER specify user name - XCUP change to parent of current working directory - (deprecated) - XCWD change working directory (deprecated) - XMKD make a directory (deprecated) - XPWD print the current working directory (deprecated) - XRMD remove a directory (deprecated) - - The following commands are specified by RFC2228. - - AUTH authentication/security mechanism - ADAT authentication/security data - PROT data channel protection level - PBSZ protection buffer size - MIC integrity protected command - CONF confidentiality protected command - ENC privacy protected command - CCC clear command channel - - The following non-standard or UNIX specific commands are supported by the - SITE request. - - UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022) - IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600) - CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee) - FIND quickly find a specific file with GNU locate(1). - HELP give help information. - - The following Kerberos related site commands are understood. - - KAUTH obtain remote tickets. - KLIST show remote tickets - - The remaining ftp requests specified in Internet RFC 959 are recognized, - but not implemented. MDTM and SIZE are not specified in RFC 959, but - will appear in the next updated FTP RFC. - - The ftp server will abort an active file transfer only when the ABOR com- - mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet - "Synch" signal in the command Telnet stream, as described in Internet RFC - 959. If a STAT command is received during a data transfer, preceded by a - Telnet IP and Synch, transfer status will be returned. - - FFttppdd interprets file names according to the ``globbing'' conventions used - by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''. - - FFttppdd authenticates users according to these rules. - - 1. If Kerberos authentication is used, the user must pass valid - tickets and the principal must be allowed to login as the re- - mote user. - - 2. The login name must be in the password data base, and not have - a null password (if kerberos is used the password field is not - checked). In this case a password must be provided by the - client before any file operations may be performed. If the - user has an OTP key, the response from a successful USER com- - mand will include an OTP challenge. The client may choose to - respond with a PASS command giving either a standard password - or an OTP one-time password. The server will automatically de- - termine which type of password it has been given and attempt - to authenticate accordingly. See otp(1) for more information - on OTP authentication. - - 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s. - - 4. The user must have a standard shell returned by - getusershell(3). - - 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses- - sion's root will be changed to the user's login directory by - chroot(2) as for an ``anonymous'' or ``ftp'' account (see next - item). However, the user must still supply a password. This - feature is intended as a compromise between a fully anonymous - account and a fully privileged account. The account should - also be set up as for an anonymous account. - - 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp - account must be present in the password file (user ``ftp''). - In this case the user is allowed to log in by specifying any - password (by convention an email address for the user should - be used as the password). - - In the last case, ffttppdd takes special measures to restrict the client's - access privileges. The server performs a chroot(2) to the home directory - of the ``ftp'' user. In order that system security is not breached, it - is recommended that the ``ftp'' subtree be constructed with care, consid- - er following these guidelines for anonymous ftp. - - In general all files should be owned by ``root'', and have non-write per- - missions (644 or 755 depending on the kind of file). No files should be - owned or writable by ``ftp'' (possibly with exception for the - _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below). - - _~_f_t_p The ``ftp'' homedirectory should be owned by root. - - _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)). - These programs must either be statically linked, or you - must setup an environment for dynamic linking when run- - ning chrooted. These programs will be used if present: - - ls Used when listing files. - - compress - When retrieving a filename that ends in _._Z, - and that file isn't present, ffttppdd will try - to find the filename without _._Z and com- - press it on the fly. - - gzip Same as compress, just with files ending in - _._g_z. - - gtar Enables retrieval of whole directories as - files ending in _._t_a_r. Can also be combined - with compression. You must use GNU Tar (or - some other that supports the --zz and --ZZ - flags). - - locate Will enable ``fast find'' with the SSIITTEE - FFIINNDD command. You must also create a - _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c. - - _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files - here, ls will be able to produce owner names rather than - numbers. Remember to remove any passwords from these - files. - - The file _m_o_t_d, if present, will be printed after a suc- - cessful login. - - _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here. - - _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub- - lic. - - If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di- - rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure - ``ftp'' is member of group ``ftp''). The following restrictions apply to - anonymous users: - - ++oo Directories created will have mode 700. - - ++oo Uploaded files will be created with an umask of 777, if not changed - with the --gg option. - - ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK, - and SSIITTEE CCHHMMOODD. - - ++oo Filenames must start with an alpha-numeric character, and consist of - alpha-numeric characters or any of the following: + (plus), - (mi- - nus), = (equal), _ (underscore), . (period), and , (comma). - -FFIILLEESS - /etc/ftpusers Access list for users. - /etc/ftpchroot List of normal users who should be chroot'd. - /etc/ftpwelcome Welcome notice. - /etc/motd Welcome notice after login. - /etc/nologin Displayed and access refused. - ~/.klogin Login access for Kerberos. - -SSEEEE AALLSSOO - ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8) - -SSTTAANNDDAARRDDSS - RRFFCC 995599 FTP PROTOCOL SPECIFICATION - RRFFCC 11993388 OTP Specification - RRFFCC 22222288 FTP Security Extensions. - -BBUUGGSS - The server must run as the super-user to create sockets with privileged - port numbers. It maintains an effective user id of the logged in user, - reverting to the super-user only when binding addresses to sockets. The - possible security holes have been extensively scrutinized, but are possi- - bly incomplete. - -HHIISSTTOORRYY - The ffttppdd command appeared in 4.2BSD. - -4.2 Berkeley Distribution April 19, 1997 5 diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 deleted file mode 100644 index 2957aee71641..000000000000 --- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 +++ /dev/null @@ -1,26 +0,0 @@ -FTPUSERS(5) NetBSD Programmer's Manual FTPUSERS(5) - -NNAAMMEE - _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file - -DDEESSCCRRIIPPTTIIOONN - _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied - FTP access. Each line contains a user, optionally followed by ``allow'' - (anything but ``allow'' is ignored). The semi-user ``*'' matches any us- - er. Users that has an explicit ``allow'', or that does not match any - line, are allowed access. Anyone else is denied access. - - Note that this is compatible with the old format, where this file con- - tained a list of users that should be denied access. - -EEXXAAMMPPLLEESS - This will deny anyone but ``foo'' and ``bar'' to use FTP: - - foo allow - bar allow - * - -SSEEEE AALLSSOO - ftpd(8) - - KTH-KRB May 7, 1997 1 diff --git a/crypto/heimdal/appl/kf/kf.cat1 b/crypto/heimdal/appl/kf/kf.cat1 deleted file mode 100644 index 30ae354ea924..000000000000 --- a/crypto/heimdal/appl/kf/kf.cat1 +++ /dev/null @@ -1,45 +0,0 @@ -KF(1) NetBSD Reference Manual KF(1) - -NNAAMMEE - kkff - securly forward tickets - -SSYYNNOOPPSSIISS - kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e | - ----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh | - ----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._. - -DDEESSCCRRIIPPTTIIOONN - The kkff program forwards tickets to a remove host through an authenticated - and encrypted stream. Options supported are: - - --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t - port to connect to - - --ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n - remote login name - - --cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e - remote cred cache - - --FF, ----ffoorrwwaarrddaabbllee - forward forwardable credentials - - --GG, ----nnoo--ffoorrwwaarrddaabbllee - do not forward forwardable credentials - - --hh, ----hheellpp - - ----vveerrssiioonn - - kkff is useful when you do not want to enter your password on a remote host - but want to have your tickets one for example afs. - - In order for kkff to work you will need to acquire your initial ticket with - forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee. - - tteellnneett is able to forward ticket by itself. - -SSEEEE AALLSSOO - kinit(1), telnet(1), kfd(8) - - Heimdal July 2, 2000 1 diff --git a/crypto/heimdal/appl/kf/kfd.cat8 b/crypto/heimdal/appl/kf/kfd.cat8 deleted file mode 100644 index 65ec8ac4a9ea..000000000000 --- a/crypto/heimdal/appl/kf/kfd.cat8 +++ /dev/null @@ -1,30 +0,0 @@ -KFD(8) NetBSD System Manager's Manual KFD(8) - -NNAAMMEE - kkffdd - receive forwarded tickets - -SSYYNNOOPPSSIISS - kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g] - [--hh | ----hheellpp] [----vveerrssiioonn] - -DDEESSCCRRIIPPTTIIOONN - This is the daemon for kf(1). Supported options: - - --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t - port to listen to - - --ii, ----iinneettdd - not started from inetd - - --RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g - path to regpag binary - -EEXXAAMMPPLLEESS - Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f: - - kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd - -SSEEEE AALLSSOO - kf(1) - - Heimdal July 2, 2000 1 diff --git a/crypto/heimdal/appl/push/pfrom.cat1 b/crypto/heimdal/appl/push/pfrom.cat1 deleted file mode 100644 index a9f31cd20e12..000000000000 --- a/crypto/heimdal/appl/push/pfrom.cat1 +++ /dev/null @@ -1,16 +0,0 @@ -PFROM(1) NetBSD Reference Manual PFROM(1) - -NNAAMMEE - ppffrroomm - fetch a list of the current mail via POP - -SSYYNNOOPPSSIISS - ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt] - [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c] - -DDEESSCCRRIIPPTTIIOONN - ppffrroomm is a script that does push --from. - -SSEEEE AALLSSOO - push(8) - - HEIMDAL March 4, 2000 1 diff --git a/crypto/heimdal/appl/push/push.cat8 b/crypto/heimdal/appl/push/push.cat8 deleted file mode 100644 index 7ddb72dcdc62..000000000000 --- a/crypto/heimdal/appl/push/push.cat8 +++ /dev/null @@ -1,76 +0,0 @@ -PUSH(8) NetBSD System Manager's Manual PUSH(8) - -NNAAMMEE - ppuusshh - fetch mail via POP - -SSYYNNOOPPSSIISS - ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll | - ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c | - ----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e - -DDEESSCCRRIIPPTTIIOONN - ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail - in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following - formats: - `hostname:username' - `po:hostname:username' - `username@hostname' - `po:username@hostname' - `hostname' - `po:username' - - If no username is specified, ppuusshh assumes that it's the same as on the - local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment - variable. - - Supported options: - - --44, ----kkrrbb44 - use Kerberos 4 (if compiled with support for Kerberos 4) - - --55, ----kkrrbb55 - use Kerberos 5 (if compiled with support for Kerberos 5) - - --ff, ----ffoorrkk - fork before starting to delete messages - - --ll, ----lleeaavvee - don't delete fetched mail - - ----ffrroomm behave like from. - - --cc, ----ccoouunntt - first print how many messages and bytes there are. - - ----hheeaaddeerrss=_h_e_a_d_e_r_s - a list of comma-separated headers that should get printed. - - --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c - use this port instead of the default `kpop' or `1109'. - - The default is to first try Kerberos 5 authentication and then, if that - fails, Kerberos 4. - -EENNVVIIRROONNMMEENNTT - MAILHOST - points to the post office, if no other hostname is specified. - -EEXXAAMMPPLLEESS - $ push cornfield:roosta ~/.emacs-mail-crash-box - - tries to fetch mail for the user _r_o_o_s_t_a from the post office at - ``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are - using Gnus, aren't you?) - - $ push --from -5 havregryn - - tries to fetch FFrroomm:: lines for current user at post office ``havregryn'' - using Kerberos 5. - -SSEEEE AALLSSOO - from(1), pfrom(1), movemail(8), popper(8) - -HHIISSTTOORRYY - ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail. - - HEIMDAL May 31, 1998 2 diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.cat1 b/crypto/heimdal/appl/telnet/telnet/telnet.cat1 deleted file mode 100644 index 5bf4a649f97b..000000000000 --- a/crypto/heimdal/appl/telnet/telnet/telnet.cat1 +++ /dev/null @@ -1,714 +0,0 @@ -TELNET(1) NetBSD Reference Manual TELNET(1) - -NNAAMMEE - tteellnneett - user interface to the TELNET protocol - -SSYYNNOOPPSSIISS - tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m] - [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]] - -DDEESSCCRRIIPPTTIIOONN - The tteellnneett command is used to communicate with another host using the - TELNET protocol. If tteellnneett is invoked without the _h_o_s_t argument, it en- - ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it - accepts and executes the commands listed below. If it is invoked with - arguments, it performs an ooppeenn command with those arguments. - - Options: - - --88 Specifies an 8-bit data path. This causes an attempt to negoti- - ate the TELNET BINARY option on both input and output. - - --77 Do not try to negotiate TELNET BINARY option. - - --EE Stops any character from being recognized as an escape character. - - --FF If Kerberos V5 authentication is being used, the --FF option allows - the local credentials to be forwarded to the remote system, in- - cluding any credentials that have already been forwarded into the - local environment. - - --KK Specifies no automatic login to the remote system. - - --LL Specifies an 8-bit data path on output. This causes the BINARY - option to be negotiated on output. - - --SS _t_o_s Sets the IP type-of-service (TOS) option for the telnet connec- - tion to the value _t_o_s, which can be a numeric TOS value or, on - systems that support it, a symbolic TOS name found in the - /etc/iptos file. - - --XX _a_t_y_p_e - Disables the _a_t_y_p_e type of authentication. - - --aa Attempt automatic login. Currently, this sends the user name via - the USER variable of the ENVIRON option if supported by the re- - mote system. The name used is that of the current user as re- - turned by getlogin(2) if it agrees with the current user ID, oth- - erwise it is the name associated with the user ID. - - --cc Disables the reading of the user's _._t_e_l_n_e_t_r_c file. (See the - ttooggggllee sskkiipprrcc command on this man page.) - - --dd Sets the initial value of the ddeebbuugg toggle to TRUE - - --ee _e_s_c_a_p_e _c_h_a_r - Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r. - If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac- - ter. - - --ff If Kerberos V5 authentication is being used, the --ff option allows - the local credentials to be forwarded to the remote system. - - --kk _r_e_a_l_m - If Kerberos authentication is being used, the --kk option requests - that telnet obtain tickets for the remote host in realm realm in- - stead of the remote host's realm, as determined by - krb_realmofhost(3). - - --ll _u_s_e_r - When connecting to the remote system, if the remote system under- - stands the ENVIRON option, then _u_s_e_r will be sent to the remote - system as the value for the variable USER. This option implies - the --aa option. This option may also be used with the ooppeenn com- - mand. - - --nn _t_r_a_c_e_f_i_l_e - Opens _t_r_a_c_e_f_i_l_e for recording trace information. See the sseett - ttrraacceeffiillee command below. - - --rr Specifies a user interface similar to rlogin(1). In this mode, - the escape character is set to the tilde (~) character, unless - modified by the -e option. - - --xx Turn on encryption of the data stream. When this option is - turned on, will exit with an error if authentication cannot be - negotiated or if encryption cannot be turned on. - - _h_o_s_t Indicates the official name, an alias, or the Internet address of - a remote host. - - _p_o_r_t Indicates a port number (address of an application). If a number - is not specified, the default tteellnneett port is used. - - When in rlogin mode, a line of the form ~. disconnects from the remote - host; ~ is the telnet escape character. Similarly, the line ~^Z suspends - the telnet session. The line ~^] escapes to the normal telnet escape - prompt. - - Once a connection has been opened, tteellnneett will attempt to enable the - TELNET LINEMODE option. If this fails, then tteellnneett will revert to one of - two input modes: either ``character at a time'' or ``old line by line'' - depending on what the remote system supports. - - When LINEMODE is enabled, character processing is done on the local sys- - tem, under the control of the remote system. When input editing or char- - acter echoing is to be disabled, the remote system will relay that infor- - mation. The remote system will also relay changes to any special charac- - ters that happen on the remote system, so that they can take effect on - the local system. - - In ``character at a time'' mode, most text typed is immediately sent to - the remote host for processing. - - In ``old line by line'' mode, all text is echoed locally, and (normally) - only completed lines are sent to the remote host. The ``local echo char- - acter'' (initially ``^E'') may be used to turn off and on the local echo - (this would mostly be used to enter passwords without the password being - echoed). - - If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE - (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr, - and fflluusshh characters are trapped locally, and sent as TELNET protocol se- - quences to the remote side. If LINEMODE has ever been enabled, then the - user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt - is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee - aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush - subsequent output to the terminal (until the remote host acknowledges the - TELNET sequence) and flush previous terminal input (in the case of qquuiitt - and iinnttrr). - - While connected to a remote host, tteellnneett command mode may be entered by - typing the tteellnneett ``escape character'' (initially ``^]''). When in com- - mand mode, the normal terminal editing conventions are available. - - The following tteellnneett commands are available. Only enough of each command - to uniquely identify it need be typed (this is also true for arguments to - the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands). - - aauutthh _a_r_g_u_m_e_n_t _._._. - The auth command manipulates the information sent through the - TELNET AUTHENTICATE option. Valid arguments for the auth com- - mand are as follows: - - ddiissaabbllee _t_y_p_e Disables the specified type of authentication. - To obtain a list of available types, use the - aauutthh ddiissaabbllee ?? command. - - eennaabbllee _t_y_p_e Enables the specified type of authentication. - To obtain a list of available types, use the - aauutthh eennaabbllee ?? command. - - ssttaattuuss Lists the current status of the various types of - authentication. - - cclloossee Close a TELNET session and return to command mode. - - ddiissppllaayy _a_r_g_u_m_e_n_t _._._. - Displays all, or some, of the sseett and ttooggggllee values (see be- - low). - - eennccrryypptt _a_r_g_u_m_e_n_t _._._. - The encrypt command manipulates the information sent through - the TELNET ENCRYPT option. - - Note: Because of export controls, the TELNET ENCRYPT option - is not supported outside of the United States and Canada. - - Valid arguments for the encrypt command are as follows: - - ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt] - Disables the specified type of encryption. If - you omit the input and output, both input and - output are disabled. To obtain a list of avail- - able types, use the eennccrryypptt ddiissaabbllee ?? command. - - eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt] - Enables the specified type of encryption. If - you omit input and output, both input and output - are enabled. To obtain a list of available - types, use the eennccrryypptt eennaabbllee ?? command. - - iinnppuutt This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com- - mand. - - --iinnppuutt This is the same as the eennccrryypptt ssttoopp iinnppuutt com- - mand. - - oouuttppuutt This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt - command. - - --oouuttppuutt This is the same as the eennccrryypptt ssttoopp oouuttppuutt com- - mand. - - ssttaarrtt [iinnppuutt | oouuttppuutt] - Attempts to start encryption. If you omit iinnppuutt - and oouuttppuutt, both input and output are enabled. - To obtain a list of available types, use the - eennccrryypptt eennaabbllee ?? command. - - ssttaattuuss Lists the current status of encryption. - - ssttoopp [iinnppuutt | oouuttppuutt] - Stops encryption. If you omit input and output, - encryption is on both input and output. - - ttyyppee _t_y_p_e Sets the default type of encryption to be used - with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com- - mands. - - eennvviirroonn _a_r_g_u_m_e_n_t_s _._._. - The eennvviirroonn command is used to manipulate the the variables - that my be sent through the TELNET ENVIRON option. The ini- - tial set of variables is taken from the users environment, - with only the DISPLAY and PRINTER variables being exported by - default. The USER variable is also exported if the --aa or --ll - options are used. - - Valid arguments for the eennvviirroonn command are: - - ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e - Define the variable _v_a_r_i_a_b_l_e to have a value of - _v_a_l_u_e. Any variables defined by this command are - automatically exported. The _v_a_l_u_e may be enclosed - in single or double quotes so that tabs and spaces - may be included. - - uunnddeeffiinnee _v_a_r_i_a_b_l_e - Remove _v_a_r_i_a_b_l_e from the list of environment vari- - ables. - - eexxppoorrtt _v_a_r_i_a_b_l_e - Mark the variable _v_a_r_i_a_b_l_e to be exported to the - remote side. - - uunneexxppoorrtt _v_a_r_i_a_b_l_e - Mark the variable _v_a_r_i_a_b_l_e to not be exported un- - less explicitly asked for by the remote side. - - lliisstt List the current set of environment variables. - Those marked with a ** will be sent automatically, - other variables will only be sent if explicitly - requested. - - ?? Prints out help information for the eennvviirroonn com- - mand. - - llooggoouutt Sends the TELNET LOGOUT option to the remote side. This com- - mand is similar to a cclloossee command; however, if the remote - side does not support the LOGOUT option, nothing happens. If, - however, the remote side does support the LOGOUT option, this - command should cause the remote side to close the TELNET con- - nection. If the remote side also supports the concept of sus- - pending a user's session for later reattachment, the logout - argument indicates that you should terminate the session imme- - diately. - - mmooddee _t_y_p_e _T_y_p_e is one of several options, depending on the state of the - TELNET session. The remote host is asked for permission to go - into the requested mode. If the remote host is capable of en- - tering that mode, the requested mode will be entered. - - cchhaarraacctteerr Disable the TELNET LINEMODE option, or, if the - remote side does not understand the LINEMODE op- - tion, then enter ``character at a time`` mode. - - lliinnee Enable the TELNET LINEMODE option, or, if the - remote side does not understand the LINEMODE op- - tion, then attempt to enter ``old-line-by-line`` - mode. - - iissiigg (--iissiigg) Attempt to enable (disable) the TRAPSIG mode of - the LINEMODE option. This requires that the - LINEMODE option be enabled. - - eeddiitt (--eeddiitt) Attempt to enable (disable) the EDIT mode of the - LINEMODE option. This requires that the - LINEMODE option be enabled. - - ssooffttttaabbss (--ssooffttttaabbss) - Attempt to enable (disable) the SOFT_TAB mode of - the LINEMODE option. This requires that the - LINEMODE option be enabled. - - lliitteecchhoo (--lliitteecchhoo) - Attempt to enable (disable) the LIT_ECHO mode of - the LINEMODE option. This requires that the - LINEMODE option be enabled. - - ?? Prints out help information for the mmooddee com- - mand. - - ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t] - Open a connection to the named host. If no port number is - specified, tteellnneett will attempt to contact a TELNET server at - the default port. The host specification may be either a host - name (see hosts(5)) or an Internet address specified in the - ``dot notation'' (see inet(3)). The [--ll] option may be used - to specify the user name to be passed to the remote system via - the ENVIRON option. When connecting to a non-standard port, - tteellnneett omits any automatic initiation of TELNET options. When - the port number is preceded by a minus sign, the initial op- - tion negotiation is done. After establishing a connection, - the file _._t_e_l_n_e_t_r_c in the users home directory is opened. - Lines beginning with a # are comment lines. Blank lines are - ignored. Lines that begin without white space are the start - of a machine entry. The first thing on the line is the name - of the machine that is being connected to. The rest of the - line, and successive lines that begin with white space are as- - sumed to be tteellnneett commands and are processed as if they had - been typed in manually to the tteellnneett command prompt. - - qquuiitt Close any open TELNET session and exit tteellnneett. An end of file - (in command mode) will also close a session and exit. - - sseenndd _a_r_g_u_m_e_n_t_s - Sends one or more special character sequences to the remote - host. The following are the arguments which may be specified - (more than one argument may be specified at a time): - - aabboorrtt Sends the TELNET ABORT (Abort processes) sequence. - - aaoo Sends the TELNET AO (Abort Output) sequence, which - should cause the remote system to flush all output - _f_r_o_m the remote system _t_o the user's terminal. - - aayytt Sends the TELNET AYT (Are You There) sequence, to - which the remote system may or may not choose to re- - spond. - - bbrrkk Sends the TELNET BRK (Break) sequence, which may have - significance to the remote system. - - eecc Sends the TELNET EC (Erase Character) sequence, which - should cause the remote system to erase the last char- - acter entered. - - eell Sends the TELNET EL (Erase Line) sequence, which - should cause the remote system to erase the line cur- - rently being entered. - - eeooff Sends the TELNET EOF (End Of File) sequence. - - eeoorr Sends the TELNET EOR (End of Record) sequence. - - eessccaappee Sends the current tteellnneett escape character (initially - ``^''). - - ggaa Sends the TELNET GA (Go Ahead) sequence, which likely - has no significance to the remote system. - - ggeettssttaattuuss - If the remote side supports the TELNET STATUS command, - ggeettssttaattuuss will send the subnegotiation to request that - the server send its current option status. - - iipp Sends the TELNET IP (Interrupt Process) sequence, - which should cause the remote system to abort the cur- - rently running process. - - nnoopp Sends the TELNET NOP (No OPeration) sequence. - - ssuusspp Sends the TELNET SUSP (SUSPend process) sequence. - - ssyynncchh Sends the TELNET SYNCH sequence. This sequence causes - the remote system to discard all previously typed (but - not yet read) input. This sequence is sent as TCP ur- - gent data (and may not work if the remote system is a - 4.2BSD system -- if it doesn't work, a lower case - ``r'' may be echoed on the terminal). - - ddoo _c_m_d - - ddoonntt _c_m_d - - wwiillll _c_m_d - - wwoonntt _c_m_d - Sends the TELNET DO _c_m_d sequence. _C_m_d can be either a - decimal number between 0 and 255, or a symbolic name - for a specific TELNET command. _C_m_d can also be either - hheellpp or ?? to print out help information, including a - list of known symbolic names. - - ?? Prints out help information for the sseenndd command. - - sseett _a_r_g_u_m_e_n_t _v_a_l_u_e - - uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e - The sseett command will set any one of a number of tteellnneett vari- - ables to a specific value or to TRUE. The special value ooffff - turns off the function associated with the variable, this is - equivalent to using the uunnsseett command. The uunnsseett command will - disable or set to FALSE any of the specified functions. The - values of variables may be interrogated with the ddiissppllaayy com- - mand. The variables which may be set or unset, but not tog- - gled, are listed here. In addition, any of the variables for - the ttooggggllee command may be explicitly set or unset using the - sseett and uunnsseett commands. - - aayytt If TELNET is in localchars mode, or LINEMODE is en- - abled, and the status character is typed, a TELNET AYT - sequence (see sseenndd aayytt preceding) is sent to the re- - mote host. The initial value for the "Are You There" - character is the terminal's status character. - - eecchhoo This is the value (initially ``^E'') which, when in - ``line by line'' mode, toggles between doing local - echoing of entered characters (for normal processing), - and suppressing echoing of entered characters (for en- - tering, say, a password). - - eeooff If tteellnneett is operating in LINEMODE or ``old line by - line'' mode, entering this character as the first - character on a line will cause this character to be - sent to the remote system. The initial value of the - eof character is taken to be the terminal's eeooff char- - acter. - - eerraassee If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss - below), aanndd if tteellnneett is operating in ``character at a - time'' mode, then when this character is typed, a - TELNET EC sequence (see sseenndd eecc above) is sent to the - remote system. The initial value for the erase char- - acter is taken to be the terminal's eerraassee character. - - eessccaappee This is the tteellnneett escape character (initially ``^['') - which causes entry into tteellnneett command mode (when con- - nected to a remote system). - - fflluusshhoouuttppuutt - If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss - below) and the fflluusshhoouuttppuutt character is typed, a - TELNET AO sequence (see sseenndd aaoo above) is sent to the - remote host. The initial value for the flush charac- - ter is taken to be the terminal's fflluusshh character. - - ffoorrww11 - - ffoorrww22 If TELNET is operating in LINEMODE, these are the - characters that, when typed, cause partial lines to be - forwarded to the remote system. The initial value for - the forwarding characters are taken from the termi- - nal's eol and eol2 characters. - - iinntteerrrruupptt - If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss - below) and the iinntteerrrruupptt character is typed, a TELNET - IP sequence (see sseenndd iipp above) is sent to the remote - host. The initial value for the interrupt character - is taken to be the terminal's iinnttrr character. - - kkiillll If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss - below), aanndd if tteellnneett is operating in ``character at a - time'' mode, then when this character is typed, a - TELNET EL sequence (see sseenndd eell above) is sent to the - remote system. The initial value for the kill charac- - ter is taken to be the terminal's kkiillll character. - - llnneexxtt If tteellnneett is operating in LINEMODE or ``old line by - line`` mode, then this character is taken to be the - terminal's llnneexxtt character. The initial value for the - lnext character is taken to be the terminal's llnneexxtt - character. - - qquuiitt If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss - below) and the qquuiitt character is typed, a TELNET BRK - sequence (see sseenndd bbrrkk above) is sent to the remote - host. The initial value for the quit character is - taken to be the terminal's qquuiitt character. - - rreepprriinntt - If tteellnneett is operating in LINEMODE or ``old line by - line`` mode, then this character is taken to be the - terminal's rreepprriinntt character. The initial value for - the reprint character is taken to be the terminal's - rreepprriinntt character. - - rrllooggiinn This is the rlogin escape character. If set, the nor- - mal TELNET escape character is ignored unless it is - preceded by this character at the beginning of a line. - This character, at the beginning of a line followed by - a "." closes the connection; when followed by a ^Z it - suspends the telnet command. The initial state is to - disable the rlogin escape character. - - ssttaarrtt If the TELNET TOGGLE-FLOW-CONTROL option has been en- - abled, then this character is taken to be the termi- - nal's ssttaarrtt character. The initial value for the kill - character is taken to be the terminal's ssttaarrtt charac- - ter. - - ssttoopp If the TELNET TOGGLE-FLOW-CONTROL option has been en- - abled, then this character is taken to be the termi- - nal's ssttoopp character. The initial value for the kill - character is taken to be the terminal's ssttoopp charac- - ter. - - ssuusspp If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en- - abled, and the ssuussppeenndd character is typed, a TELNET - SUSP sequence (see sseenndd ssuusspp above) is sent to the re- - mote host. The initial value for the suspend charac- - ter is taken to be the terminal's ssuussppeenndd character. - - ttrraacceeffiillee - This is the file to which the output, caused by - nneettddaattaa or ooppttiioonn tracing being TRUE, will be written. - If it is set to ``--'', then tracing information will - be written to standard output (the default). - - wwoorrddeerraassee - If tteellnneett is operating in LINEMODE or ``old line by - line`` mode, then this character is taken to be the - terminal's wwoorrddeerraassee character. The initial value for - the worderase character is taken to be the terminal's - wwoorrddeerraassee character. - - ?? Displays the legal sseett (uunnsseett) commands. - - ssllcc _s_t_a_t_e The ssllcc command (Set Local Characters) is used to set or - change the state of the the special characters when the TELNET - LINEMODE option has been enabled. Special characters are - characters that get mapped to TELNET commands sequences (like - iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll). - By default, the local special characters are exported. - - cchheecckk Verify the current settings for the current spe- - cial characters. The remote side is requested to - send all the current special character settings, - and if there are any discrepancies with the local - side, the local side will switch to the remote - value. - - eexxppoorrtt Switch to the local defaults for the special char- - acters. The local default characters are those of - the local terminal at the time when tteellnneett was - started. - - iimmppoorrtt Switch to the remote defaults for the special - characters. The remote default characters are - those of the remote system at the time when the - TELNET connection was established. - - ?? Prints out help information for the ssllcc command. - - ssttaattuuss Show the current status of tteellnneett. This includes the peer one - is connected to, as well as the current mode. - - ttooggggllee _a_r_g_u_m_e_n_t_s _._._. - Toggle (between TRUE and FALSE) various flags that control how - tteellnneett responds to events. These flags may be set explicitly - to TRUE or FALSE using the sseett and uunnsseett commands listed - above. More than one argument may be specified. The state of - these flags may be interrogated with the ddiissppllaayy command. - Valid arguments are: - - aauutthhddeebbuugg Turns on debugging information for the authenti- - cation code. - - aauuttoofflluusshh If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then - when the aaoo, or qquuiitt characters are recognized - (and transformed into TELNET sequences; see sseett - above for details), tteellnneett refuses to display - any data on the user's terminal until the remote - system acknowledges (via a TELNET TIMING MARK - option) that it has processed those TELNET se- - quences. The initial value for this toggle is - TRUE if the terminal user had not done an "stty - noflsh", otherwise FALSE (see stty(1)). - - aauuttooddeeccrryypptt When the TELNET ENCRYPT option is negotiated, by - default the actual encryption (decryption) of - the data stream does not start automatically. - The autoencrypt (autodecrypt) command states - that encryption of the output (input) stream - should be enabled as soon as possible. - - Note: Because of export controls, the TELNET - ENCRYPT option is not supported outside the - United States and Canada. - - aauuttoollooggiinn If the remote side supports the TELNET - AUTHENTICATION option TELNET attempts to use it - to perform automatic authentication. If the - AUTHENTICATION option is not supported, the us- - er's login name are propagated through the - TELNET ENVIRON option. This command is the same - as specifying _a option on the ooppeenn command. - - aauuttoossyynncchh If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then - when either the iinnttrr or qquuiitt characters is typed - (see sseett above for descriptions of the iinnttrr and - qquuiitt characters), the resulting TELNET sequence - sent is followed by the TELNET SYNCH sequence. - This procedure sshhoouulldd cause the remote system to - begin throwing away all previously typed input - until both of the TELNET sequences have been - read and acted upon. The initial value of this - toggle is FALSE. - - bbiinnaarryy Enable or disable the TELNET BINARY option on - both input and output. - - iinnbbiinnaarryy Enable or disable the TELNET BINARY option on - input. - - oouuttbbiinnaarryy Enable or disable the TELNET BINARY option on - output. - - ccrrllff If this is TRUE, then carriage returns will be - sent as . If this is FALSE, then car- - riage returns will be send as . The - initial value for this toggle is FALSE. - - ccrrmmoodd Toggle carriage return mode. When this mode is - enabled, most carriage return characters re- - ceived from the remote host will be mapped into - a carriage return followed by a line feed. This - mode does not affect those characters typed by - the user, only those received from the remote - host. This mode is not very useful unless the - remote host only sends carriage return, but nev- - er line feed. The initial value for this toggle - is FALSE. - - ddeebbuugg Toggles socket level debugging (useful only to - the ssuuppeerr uusseerr). The initial value for this - toggle is FALSE. - - eennccddeebbuugg Turns on debugging information for the encryp- - tion code. - - llooccaallcchhaarrss If this is TRUE, then the fflluusshh, iinntteerrrruupptt, - qquuiitt, eerraassee, and kkiillll characters (see sseett above) - are recognized locally, and transformed into - (hopefully) appropriate TELNET control sequences - (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd - above). The initial value for this toggle is - TRUE in ``old line by line'' mode, and FALSE in - ``character at a time'' mode. When the LINEMODE - option is enabled, the value of llooccaallcchhaarrss is - ignored, and assumed to always be TRUE. If - LINEMODE has ever been enabled, then qquuiitt is - sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as - eeooff and ssuusspp, see sseenndd above). - - nneettddaattaa Toggles the display of all network data (in hex- - adecimal format). The initial value for this - toggle is FALSE. - - ooppttiioonnss Toggles the display of some internal tteellnneett pro- - tocol processing (having to do with TELNET op- - tions). The initial value for this toggle is - FALSE. - - pprreettttyydduummpp When the nneettddaattaa toggle is enabled, if - pprreettttyydduummpp is enabled the output from the - nneettddaattaa command will be formatted in a more user - readable format. Spaces are put between each - character in the output, and the beginning of - any TELNET escape sequence is preceded by a '*' - to aid in locating them. - - sskkiipprrcc When the skiprc toggle is TRUE, TELNET skips the - reading of the _._t_e_l_n_e_t_r_c file in the users home - directory when connections are opened. The ini- - tial value for this toggle is FALSE. - - tteerrmmddaattaa Toggles the display of all terminal data (in - hexadecimal format). The initial value for this - toggle is FALSE. - - vveerrbboossee__eennccrryypptt - When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET - prints out a message each time encryption is en- - abled or disabled. The initial value for this - toggle is FALSE. Note: Because of export con- - trols, data encryption is not supported outside - of the United States and Canada. - - ?? Displays the legal ttooggggllee commands. - - zz Suspend tteellnneett. This command only works when the user is us- - ing the csh(1). - - !! [_c_o_m_m_a_n_d] - Execute a single command in a subshell on the local system. - If ccoommmmaanndd is omitted, then an interactive subshell is in- - voked. - - ?? [_c_o_m_m_a_n_d] - Get help. With no arguments, tteellnneett prints a help summary. - If a command is specified, tteellnneett will print the help informa- - tion for just that command. - -EENNVVIIRROONNMMEENNTT - TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari- - ables. Other environment variables may be propagated to the other side - via the TELNET ENVIRON option. - -FFIILLEESS - ~/.telnetrc user customized telnet startup values - -HHIISSTTOORRYY - The TTeellnneett command appeared in 4.2BSD. - -NNOOTTEESS - On some remote systems, echo has to be turned off manually when in ``old - line by line'' mode. - - In ``old line by line'' mode or LINEMODE the terminal's eeooff character is - only recognized (and sent to the remote system) when it is the first - character on a line. - -4.2 Berkeley Distribution June 1, 1994 11 diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 deleted file mode 100644 index ce4c714fb85d..000000000000 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 +++ /dev/null @@ -1,293 +0,0 @@ -TELNETD(8) NetBSD System Manager's Manual TELNETD(8) - -NNAAMMEE - tteellnneettdd - DARPA TELNET protocol server - -SSYYNNOOPPSSIISS - tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e] - [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [--yy] [_p_o_r_t] - -DDEESSCCRRIIPPTTIIOONN - The tteellnneettdd command is a server which supports the DARPA standard TELNET - virtual terminal protocol. TTeellnneettdd is normally invoked by the internet - server (see inetd(8)) for requests to connect to the TELNET port as indi- - cated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)). The --ddeebbuugg option may - be used to start up tteellnneettdd manually, instead of through inetd(8). If - started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alternate - TCP port number. - - The tteellnneettdd command accepts the following options: - - --aa _a_u_t_h_m_o_d_e This option may be used for specifying what mode should be - used for authentication. Note that this option is only use- - ful if tteellnneettdd has been compiled with support for the - AUTHENTICATION option. There are several valid values for - _a_u_t_h_m_o_d_e: - - debug Turns on authentication debugging code. - - user Only allow connections when the remote user can pro- - vide valid authentication information to identify the - remote user, and is allowed access to the specified - account without providing a password. - - valid Only allow connections when the remote user can pro- - vide valid authentication information to identify the - remote user. The login(1) command will provide any - additional user verification needed if the remote us- - er is not allowed automatic access to the specified - account. - - other Only allow connections that supply some authentica- - tion information. This option is currently not sup- - ported by any of the existing authentication mecha- - nisms, and is thus the same as specifying --aa vvaalliidd. - - otp Only allow authenticated connections (as with --aa - uusseerr) and also logins with one-time passwords (OTPs). - This option will call login with an option so that - only OTPs are accepted. The user can of course still - type secret information at the prompt. - - none This is the default state. Authentication informa- - tion is not required. If no or insufficient authen- - tication information is provided, then the login(1) - program will provide the necessary user verification. - - off This disables the authentication code. All user ver- - ification will happen through the login(1) program. - - --BB Ignored. - - --DD _d_e_b_u_g_m_o_d_e - This option may be used for debugging purposes. This allows - tteellnneettdd to print out debugging information to the connec- - tion, allowing the user to see what tteellnneettdd is doing. There - are several possible values for _d_e_b_u_g_m_o_d_e: - - ooppttiioonnss Prints information about the negotiation of TELNET - options. - - rreeppoorrtt Prints the ooppttiioonnss information, plus some addi- - tional information about what processing is going - on. - - nneettddaattaa Displays the data stream received by tteellnneettdd. - - ppttyyddaattaa Displays data written to the pty. - - eexxeerrcciissee Has not been implemented yet. - - --hh Disables the printing of host-specific information before - login has been completed. - - --kk - - --ll Ignored. - - --nn Disable TCP keep-alives. Normally tteellnneettdd enables the TCP - keep-alive mechanism to probe connections that have been - idle for some period of time to determine if the client is - still there, so that idle connections from machines that - have crashed or can no longer be reached may be cleaned up. - - --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y - This option is only enabled when tteellnneettdd is compiled for - UNICOS. It specifies an inclusive range of pseudo-terminal - devices to use. If the system has sysconf variable - _SC_CRAY_NPTY configured, the default pty search range is 0 - to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128. - Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing - either end of the search range. If _l_o_w_p_t_y is omitted, the - - character is still required so that tteellnneettdd can differenti- - ate _h_i_g_h_p_t_y from _l_o_w_p_t_y. - - --SS _t_o_s - - --uu _l_e_n This option is used to specify the size of the field in the - utmp structure that holds the remote host name. If the re- - solved host name is longer than _l_e_n, the dotted decimal val- - ue will be used instead. This allows hosts with very long - host names that overflow this field to still be uniquely - identified. Specifying --uu00 indicates that only dotted deci- - mal addresses should be put into the _u_t_m_p file. - - --UU This option causes tteellnneettdd to refuse connections from ad- - dresses that cannot be mapped back into a symbolic name via - the gethostbyaddr(3) routine. - - --XX _a_u_t_h_t_y_p_e This option is only valid if tteellnneettdd has been built with - support for the authentication option. It disables the use - of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily - disable a specific authentication type without having to re- - compile tteellnneettdd. - - --LL _p_a_t_h_n_a_m_e Specify pathname to an alternative login program. - - --yy Makes tteellnneettdd not warn when a user is trying to login with a - cleartext password. - - TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for - a client, then creating a login process which has the slave side of the - pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the - master side of the pseudo-terminal, implementing the TELNET protocol and - passing characters between the remote client and the login process. - - When a TELNET session is started up, tteellnneettdd sends TELNET options to the - client side indicating a willingness to do the following TELNET options, - which are described in more detail below: - - DO AUTHENTICATION - WILL ENCRYPT - DO TERMINAL TYPE - DO TSPEED - DO XDISPLOC - DO NEW-ENVIRON - DO ENVIRON - WILL SUPPRESS GO AHEAD - DO ECHO - DO LINEMODE - DO NAWS - WILL STATUS - DO LFLOW - DO TIMING-MARK - - The pseudo-terminal allocated to the client is configured to operate in - ``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)). - - TTeellnneettdd has support for enabling locally the following TELNET options: - - WILL ECHO When the LINEMODE option is enabled, a WILL ECHO or - WONT ECHO will be sent to the client to indicate the - current state of terminal echoing. When terminal echo - is not desired, a WILL ECHO is sent to indicate that - telnetd will take care of echoing any data that needs - to be echoed to the terminal, and then nothing is - echoed. When terminal echo is desired, a WONT ECHO is - sent to indicate that telnetd will not be doing any - terminal echoing, so the client should do any terminal - echoing that is needed. - - WILL BINARY Indicates that the client is willing to send a 8 bits - of data, rather than the normal 7 bits of the Network - Virtual Terminal. - - WILL SGA Indicates that it will not be sending IAC GA, go - ahead, commands. - - WILL STATUS Indicates a willingness to send the client, upon re- - quest, of the current status of all TELNET options. - - WILL TIMING-MARK Whenever a DO TIMING-MARK command is received, it is - always responded to with a WILL TIMING-MARK - - WILL LOGOUT When a DO LOGOUT is received, a WILL LOGOUT is sent in - response, and the TELNET session is shut down. - - WILL ENCRYPT Only sent if tteellnneettdd is compiled with support for data - encryption, and indicates a willingness to decrypt the - data stream. - - TTeellnneettdd has support for enabling remotely the following TELNET options: - - DO BINARY Sent to indicate that telnetd is willing to receive an - 8 bit data stream. - - DO LFLOW Requests that the client handle flow control charac- - ters remotely. - - DO ECHO This is not really supported, but is sent to identify - a 4.2BSD telnet(1) client, which will improperly re- - spond with WILL ECHO. If a WILL ECHO is received, a - DONT ECHO will be sent in response. - - DO TERMINAL-TYPE Indicates a desire to be able to request the name of - the type of terminal that is attached to the client - side of the connection. - - DO SGA Indicates that it does not need to receive IAC GA, the - go ahead command. - - DO NAWS Requests that the client inform the server when the - window (display) size changes. - - DO TERMINAL-SPEED Indicates a desire to be able to request information - about the speed of the serial line to which the client - is attached. - - DO XDISPLOC Indicates a desire to be able to request the name of - the X windows display that is associated with the tel- - net client. - - DO NEW-ENVIRON Indicates a desire to be able to request environment - variable information, as described in RFC 1572. - - DO ENVIRON Indicates a desire to be able to request environment - variable information, as described in RFC 1408. - - DO LINEMODE Only sent if tteellnneettdd is compiled with support for - linemode, and requests that the client do line by line - processing. - - DO TIMING-MARK Only sent if tteellnneettdd is compiled with support for both - linemode and kludge linemode, and the client responded - with WONT LINEMODE. If the client responds with WILL - TM, the it is assumed that the client supports kludge - linemode. Note that the [--kk] option can be used to - disable this. - - DO AUTHENTICATION Only sent if tteellnneettdd is compiled with support for au- - thentication, and indicates a willingness to receive - authentication information for automatic login. - - DO ENCRYPT Only sent if tteellnneettdd is compiled with support for data - encryption, and indicates a willingness to decrypt the - data stream. - -FFIILLEESS - /etc/services - /etc/inittab (UNICOS systems only) - /etc/iptos (if supported) - -SSEEEE AALLSSOO - telnet(1), login(1) - -SSTTAANNDDAARRDDSS - RRFFCC--885544 TELNET PROTOCOL SPECIFICATION - RRFFCC--885555 TELNET OPTION SPECIFICATIONS - RRFFCC--885566 TELNET BINARY TRANSMISSION - RRFFCC--885577 TELNET ECHO OPTION - RRFFCC--885588 TELNET SUPPRESS GO AHEAD OPTION - RRFFCC--885599 TELNET STATUS OPTION - RRFFCC--886600 TELNET TIMING MARK OPTION - RRFFCC--886611 TELNET EXTENDED OPTIONS - LIST OPTION - RRFFCC--888855 TELNET END OF RECORD OPTION - RRFFCC--11007733 Telnet Window Size Option - RRFFCC--11007799 Telnet Terminal Speed Option - RRFFCC--11009911 Telnet Terminal-Type Option - RRFFCC--11009966 Telnet X Display Location Option - RRFFCC--11112233 Requirements for Internet Hosts -- Application and Support - RRFFCC--11118844 Telnet Linemode Option - RRFFCC--11337722 Telnet Remote Flow Control Option - RRFFCC--11441166 Telnet Authentication Option - RRFFCC--11441111 Telnet Authentication: Kerberos Version 4 - RRFFCC--11441122 Telnet Authentication: SPX - RRFFCC--11557711 Telnet Environment Option Interoperability Issues - RRFFCC--11557722 Telnet Environment Option - -BBUUGGSS - Some TELNET commands are only partially implemented. - - Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some - dubious protocol exchanges to try to discover if the remote client is, in - fact, a 4.2 BSD telnet(1). - - Binary mode has no common interpretation except between similar operating - systems (Unix in this case). - - The terminal type name received from the remote client is converted to - lower case. - - TTeellnneettdd never sends TELNET IAC GA (go ahead) commands. - -4.2 Berkeley Distribution June 1, 1994 5 diff --git a/crypto/heimdal/kadmin/kadmin.cat8 b/crypto/heimdal/kadmin/kadmin.cat8 deleted file mode 100644 index 215553393033..000000000000 --- a/crypto/heimdal/kadmin/kadmin.cat8 +++ /dev/null @@ -1,121 +0,0 @@ -KADMIN(8) NetBSD System Manager's Manual KADMIN(8) - -NNAAMMEE - kkaaddmmiinn - Kerberos administration utility - -SSYYNNOOPPSSIISS - kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc - _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m | - ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r | - ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn] - [_c_o_m_m_a_n_d] - -DDEESSCCRRIIPPTTIIOONN - The kkaaddmmiinn program is used to make modification to the Kerberos database, - either remotely via the kadmind(8) daemon, or locally (with the --ll op- - tion). - - Supported options: - - --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g - principal to authenticate as - - --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g - keytab for authentication pricipal - - --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e - location of config file - - --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e - location of master key file - - --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m - realm to use - - --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t - server to contact - - --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r - port to use - - --ll, ----llooccaall - local admin mode - - If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com- - mands to process. Commands include: - - aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g | - ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] - [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s] - [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._. - - creates a new principal - - ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g | - ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._. - - changes the password of an existing principal - - ddeelleettee _p_r_i_n_c_i_p_a_l_._._. - - removes a principal - - ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._. - - removes some enctypes from a principal, this can be useful - the service belonging to the principal is known to not handle - certain enctypes - - eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._. - - creates a keytab with the keys of the specified principals - - ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._. - - lists the principals that match the expressions (which are - shell glob like), long format gives more information, and - terse just prints the names - - rreennaammee _f_r_o_m _t_o - - renames a principal - - mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s] - [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] - [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] - [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l - - modifies certain attributes of a principal - - pprriivviilleeggeess - - lists the operations you are allowd to perform - - When running in local mode, the following commands can also be used. - - dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e] - - writes the database in ``human readable'' form to the speci- - fied file, or standard out - - iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g] - [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m - - initialises the Kerberos database with entries for a new - realm, it's possible to have more than one realm served by - one server - - llooaadd _f_i_l_e - - reads a previously dumped database, and re-creates that - database from scratch - - mmeerrggee _f_i_l_e - - similar to lliisstt but just modifies the database with the en- - tries in the dump file - -SSEEEE AALLSSOO - kadmind(8), kdc(8) - - HEIMDAL September 10, 2000 2 diff --git a/crypto/heimdal/kadmin/kadmind.cat8 b/crypto/heimdal/kadmin/kadmind.cat8 deleted file mode 100644 index b7172bcaab82..000000000000 --- a/crypto/heimdal/kadmin/kadmind.cat8 +++ /dev/null @@ -1,93 +0,0 @@ -KADMIND(8) NetBSD System Manager's Manual KADMIND(8) - -NNAAMMEE - kkaaddmmiinndd - server for administrative access to kerberos database - -SSYYNNOOPPSSIISS - kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] - [----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp _p_o_r_t | - ----ppoorrttss==_p_o_r_t] [----nnoo--kkeerrbbeerrooss44] - -DDEESSCCRRIIPPTTIIOONN - kkaaddmmiinndd listens for requests for changes to the Kerberos database and - performs these, subject to permissions. When starting, if stdin is a - socket it assumes that it has been started by inetd(8), otherwise it be- - haves as a daemon, forking processes for each new connection. The ----ddeebbuugg - option causes kkaaddmmiinndd to accept exactly one connection, which is useful - for debugging. - - If built with krb4 support, it implements both the Heimdal Kerberos 5 ad- - ministrative protocol and the Kerberos 4 protocol. Password changes via - the Kerberos 4 protocol are also performed by kkaaddmmiinndd, but the - kpasswdd(8) daemon is responsible for the Kerberos 5 password changing - protocol (used by kpasswd(1)) - - This daemon should only be run on ther master server, and not on any - slaves. - - Principals are always allowed to change their own password and list their - own principal. Apart from that, doing any operation requires permission - explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of - this file is: - - _p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n] - - Where rights is any (comma separated) combination of: - ++oo change-password or cpw - ++oo list - ++oo delete - ++oo modify - ++oo add - ++oo get - ++oo all - - And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on - principals that match the glob-style pattern. - - Supported options: - - --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e - location of config file - - --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e - location of master key file - - ----kkeeyyttaabb==_k_e_y_t_a_b - what keytab to use - - --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m - realm to use - - --dd, ----ddeebbuugg - enable debugging - - --pp _p_o_r_t, ----ppoorrttss==_p_o_r_t - ports to listen to. By default, if run as a daemon, it listen to - ports 749, and 751 (if Kerberos 4 support is built and enabled), - but you can add any number of ports with this option. The port - string is a whitespace separated list of port specifications, - with the special string ``+'' representing the default set of - ports. - - ----nnoo--kkeerrbbeerrooss44 - make kkaaddmmiinndd ignore Kerberos 4 kadmin requests. - -FFIILLEESS - _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l - -EEXXAAMMPPLLEESS - This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com- - piled in defaults: - - kkaaddmmiinndd----ppoorrttss="+ 4711" & - - This acl file will grant Joe all rights, and allow Mallory to view and - add host principals. - - joe/admin@EXAMPLE.COM all - mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM - -SSEEEE AALLSSOO - kpasswd(1), kadmin(8), kdc(8), kpasswdd(8) - - HEIMDAL March 5, 2002 2 diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8 deleted file mode 100644 index 0ac37e242053..000000000000 --- a/crypto/heimdal/kdc/hprop.cat8 +++ /dev/null @@ -1,98 +0,0 @@ -HPROP(8) NetBSD System Manager's Manual HPROP(8) - -NNAAMMEE - hhpprroopp - propagate the KDC database - -SSYYNNOOPPSSIISS - hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] - [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r] [--rr _s_t_r_i_n_g | - ----vv44--rreeaallmm==_s_t_r_i_n_g] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--kk _k_e_y_t_a_b - | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g | ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE | - ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp] - [_h_o_s_t[:_p_o_r_t]] _._._. - -DDEESSCCRRIIPPTTIIOONN - hhpprroopp takes a principal database in a specified format and converts it - into a stream of Heimdal database records. This stream can either be - written to standard out, or (more commonly) be propagated to a hpropd(8) - server running on a different machine. - - If propagating, it connects to all _h_o_s_t_s specified on the command by - opening a TCP connection to port 754 (service hprop) and sends the - database in encrypted form. - - Supported options: - - --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e - Where to find the master key to encrypt or decrypt keys with. - - --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e - The database to be propagated. - - ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_a_s_e_r_v_e_r - Specifies the type of the source database. Alternatives include: - - heimdal a Heimdal database - mit-dump a MIT Kerberos 5 dump file - krb4-db a Kerberos 4 database - krb4-dump a Kerberos 4 dump file - kaserver an AFS kaserver database - - --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b - The keytab to use for fetching the key to be used for authenti- - cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used - from this keytab. The default is to fetch the key from the KDC - database. - - --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g - Local realm override. - - --DD, ----ddeeccrryypptt - The encryption keys in the database can either be in clear, or - encrypted with a master key. This option transmits the database - with unencrypted keys. - - --EE, ----eennccrryypptt - This option transmits the database with encrypted keys. - - --nn, ----ssttddoouutt - Dump the database on stdout, in a format that can be fed to - hpropd. - - The following options are only valid if hhpprroopp is compiled with support - for Kerberos 4 (kaserver). - - --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g - v4 realm to use - - --cc _c_e_l_l, ----cceellll==_c_e_l_l - The AFS cell name, used if reading a kaserver database. - - --SS, ----kkaassppeecciiaallss - Also dump the principals marked as special in the kaserver - database. - - --44, ----vv44--ddbb - Deprecated, identical to `--source=krb4-db'. - - --KK, ----kkaa--ddbb - Deprecated, identical to `--source=kaserver'. - -EEXXAAMMPPLLEESS - The following will propagate a database to another machine (which should - run hpropd(8):) - - $ hprop slave-1 slave-2 - - Copy a Kerberos 4 database to a Kerberos 5 slave: - - $ hprop --source=krb4-db -E krb5-slave - - Convert a Kerberos 4 dump-file for use with a Heimdal KDC: - - $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump --master-key=/.k | hpropd -n - -SSEEEE AALLSSOO - hpropd(8) - - HEIMDAL June 19, 2000 2 diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8 deleted file mode 100644 index e72b4da337a3..000000000000 --- a/crypto/heimdal/kdc/hpropd.cat8 +++ /dev/null @@ -1,42 +0,0 @@ -HPROPD(8) NetBSD System Manager's Manual HPROPD(8) - -NNAAMMEE - hhpprrooppdd - receive a propagated database - -SSYYNNOOPPSSIISS - hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii | - ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp] - -DDEESSCCRRIIPPTTIIOONN - hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local - database. - - By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket - and expects to receive the dumped database over stdin otherwise. If the - database is sent over the network, it is authenticated and encrypted. - Only connections from kkaaddmmiinn/hhpprroopp are accepted. - - Options supported: - - --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e - database - - --nn, ----ssttddiinn - read from stdin - - ----pprriinntt - print dump to stdout - - --ii, ----nnoo--iinneettdd - Not started from inetd - - --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b - keytab to use for authentication - - --44, ----vv44dduummpp - create v4 type DB - -SSEEEE AALLSSOO - hprop(8) - - HEIMDAL August 27, 1997 1 diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8 deleted file mode 100644 index 4d83d59973da..000000000000 --- a/crypto/heimdal/kdc/kdc.cat8 +++ /dev/null @@ -1,126 +0,0 @@ -KDC(8) NetBSD System Manager's Manual KDC(8) - -NNAAMMEE - kkddcc - Kerberos 5 server - -SSYYNNOOPPSSIISS - kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh] - [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g] - [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g | - ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s] - -DDEESSCCRRIIPPTTIIOONN - kkddcc serves requests for tickets. When it starts, it first checks the - flags passed, any options that are not specified with a command line flag - is taken from a config file, or from a default compiled-in value. - - Options supported: - - --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e - Specifies the location of the config file, the default is - _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be - specified in the config file. - - --pp, ----nnoo--rreeqquuiirree--pprreeaauutthh - Turn off the requirement for pre-autentication in the initial AS- - REQ for all principals. The use of pre-authentication makes it - more difficult to do offline password attacks. You might want to - turn it off if you have clients that doesn't do pre-authentica- - tion. Since the version 4 protocol doesn't support any pre-au- - thentication, so serving version 4 clients is just about the same - as not requiring pre-athentication. The default is to require - pre-authentication. Adding the require-preauth per principal is a - more flexible way of handling this. - - ----mmaaxx--rreeqquueesstt==_s_i_z_e - Gives an upper limit on the size of the requests that the kdc is - willing to handle. - - --HH, ----eennaabbllee--hhttttpp - Makes the kdc listen on port 80 and handle requests encapsulated - in HTTP. - - --KK, ----nnoo--kkaasseerrvveerr - Disables kaserver emulation (in case it's compiled in). - - --rr _r_e_a_l_m, ----vv44--rreeaallmm==_r_e_a_l_m - What realm this server should act as when dealing with version 4 - requests. The database can contain any number of realms, but - since the version 4 protocol doesn't contain a realm for the - server, it must be explicitly specified. The default is whatever - is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if - the KDC has been compiled with version 4 support. - - --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g - Specifies the set of ports the KDC should listen on. It is given - as a white-space separated list of services or port numbers. - - ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s - The list of addresses to listen for requests on. By default, the - kdc will listen on all the locally configured addresses. If only - a subset is desired, or the automatic detection fails, this op- - tion might be used. - - All activities , are logged to one or more destinations, see - krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc. - -CCOONNFFIIGGUURRAATTIIOONN FFIILLEE - The configuration file has the same syntax as krb5.conf(5), but will be - read before _/_e_t_c_/_k_r_b_5_._c_o_n_f, so it may override settings found there. Op- - tions specific to the KDC only are found in the ``[kdc]'' section. All - the command-line options can preferably be added in the configuration - file. The only difference is the pre-authentication flag, that has to be - specified as: - - require-preauth = no - - (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo). - - And there are some configuration options which do not have command-line - equivalents: - - check-ticket-addresses = _b_o_o_l_e_a_n - Check the addresses in the ticket when processing TGS re- - quests. The default is FALSE. - - allow-null-ticket-addresses = _b_o_o_l_e_a_n - Permit tickets with no addresses. This option is only rele- - vant when check-ticket-addresses is TRUE. - - allow-anonymous = _b_o_o_l_e_a_n - Permit anonymous tickets with no addresses. - - encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n - Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE - code. The Heimdal clients allow both. - - kdc_warn_pwexpire = _t_i_m_e - How long before password/principal expiration the KDC should - start sending out warning messages. - - An example of a config file: - - [kdc] - require-preauth = no - v4-realm = FOO.SE - key-file = /key-file - -BBUUGGSS - If the machine running the KDC has new addresses added to it, the KDC - will have to be restarted to listen to them. The reason it doesn't just - listen to wildcarded (like INADDR_ANY) addresses, is that the replies has - to come from the same address they were sent to, and most OS:es doesn't - pass this information to the application. If your normal mode of opera- - tion require that you add and remove addresses, the best option is proba- - bly to listen to a wildcarded TCP socket, and make sure your clients use - TCP to connect. For instance, this will listen to IPv4 TCP port 88 only: - - kdc --addresses=0.0.0.0 --ports="88/tcp" - - There should be a way to specify protocol, port, and address triplets, - not just addresses and protocol, port tuples. - -SSEEEE AALLSSOO - kinit(1), krb5.conf(5) - - HEIMDAL August 22, 2002 2 diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8 deleted file mode 100644 index 266648edc607..000000000000 --- a/crypto/heimdal/kdc/kstash.cat8 +++ /dev/null @@ -1,33 +0,0 @@ -KSTASH(8) NetBSD System Manager's Manual KSTASH(8) - -NNAAMMEE - kkssttaasshh - store the KDC master password in a file - -SSYYNNOOPPSSIISS - kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] - [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn] - -DDEESSCCRRIIPPTTIIOONN - kkssttaasshh reads the Kerberos master key and stores it in a file that will be - used by the KDC. - - Supported options: - - --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g - the encryption type to use, defaults to DES3-CBC-SHA1 - - --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e - the name of the master key file - - ----ccoonnvveerrtt--ffiillee - don't ask for a new master key, just read an old master key file, - and write it back in the new keyfile format - - ----mmaasstteerr--kkeeyy--ffdd==_f_d - filedescriptor to read passphrase from, if not specified the - passphrase will be read from the terminal - -SSEEEE AALLSSOO - kdc(8) - - HEIMDAL September 1, 2000 1 diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8 deleted file mode 100644 index 60a819e4d474..000000000000 --- a/crypto/heimdal/kdc/string2key.cat8 +++ /dev/null @@ -1,41 +0,0 @@ -STRING2KEY(8) NetBSD System Manager's Manual STRING2KEY(8) - -NNAAMMEE - ssttrriinngg22kkeeyy - map a password into a key - -SSYYNNOOPPSSIISS - ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l | - ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l | - ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d - -DDEESSCCRRIIPPTTIIOONN - ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you - want to handle the raw key instead of the password. Supported options: - - --55, ----vveerrssiioonn55 - Output Kerberos v5 string-to-key - - --44, ----vveerrssiioonn44 - Output Kerberos v4 string-to-key - - --aa, ----aaffss - Output AFS string-to-key - - --cc _c_e_l_l, ----cceellll==_c_e_l_l - AFS cell to use - - --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d - Password to use - - --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l - Kerberos v5 principal to use - - --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g - Keytype - - ----vveerrssiioonn - print version - - ----hheellpp - - HEIMDAL March 4, 2000 1 diff --git a/crypto/heimdal/kpasswd/kpasswd.cat1 b/crypto/heimdal/kpasswd/kpasswd.cat1 deleted file mode 100644 index e76e9cc85ed9..000000000000 --- a/crypto/heimdal/kpasswd/kpasswd.cat1 +++ /dev/null @@ -1,19 +0,0 @@ -KPASSWD(1) NetBSD Reference Manual KPASSWD(1) - -NNAAMMEE - kkppaasssswwdd - Kerberos 5 password changing program - -SSYYNNOOPPSSIISS - kkppaasssswwdd [_p_r_i_n_c_i_p_a_l] - -DDEESSCCRRIIPPTTIIOONN - kkppaasssswwdd is the client for changing passwords. - -DDIIAAGGNNOOSSTTIICCSS - If the password quality check fails or some other error occurs, an expla- - nation is printed. - -SSEEEE AALLSSOO - kpasswdd(8) - - HEIMDAL August 27, 1997 1 diff --git a/crypto/heimdal/kpasswd/kpasswdd.cat8 b/crypto/heimdal/kpasswd/kpasswdd.cat8 deleted file mode 100644 index 3330b8e3eba8..000000000000 --- a/crypto/heimdal/kpasswd/kpasswdd.cat8 +++ /dev/null @@ -1,53 +0,0 @@ -KPASSWDD(8) NetBSD System Manager's Manual KPASSWDD(8) - -NNAAMMEE - kkppaasssswwdddd - Kerberos 5 password changing server - -SSYYNNOOPPSSIISS - kkppaasssswwdddd [----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y] [----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n] [--kk _k_s_p_e_c - | ----kkeeyyttaabb==_k_s_p_e_c] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--pp _s_t_r_i_n_g | ----ppoorrtt==_s_t_r_i_n_g] - [----vveerrssiioonn] [----hheellpp] - -DDEESSCCRRIIPPTTIIOONN - kkppaasssswwdddd serves request for password changes. It listens on UDP port 464 - (service kpasswd) and processes requests when they arrive. It changes the - database directly and should thus only run on the master KDC. - - Supported options: - - ----cchheecckk--lliibbrraarryy==_l_i_b_r_a_r_y - If your system has support for dynamic loading of shared li- - braries, you can use an external function to check password qual- - ity. This option specifies which library to load. - - ----cchheecckk--ffuunnccttiioonn==_f_u_n_c_t_i_o_n - This is the function to call in the loaded library. The function - should look like this: - - _c_o_n_s_t _c_h_a_r _* ppaasssswwdd__cchheecckk(_k_r_b_5___c_o_n_t_e_x_t _c_o_n_t_e_x_t, _k_r_b_5___p_r_i_n_c_i_p_a_l - _p_r_i_n_c_i_p_a_l, _k_r_b_5___d_a_t_a _*_p_a_s_s_w_o_r_d) - - _c_o_n_t_e_x_t is an initialized context; _p_r_i_n_c_i_p_a_l is the one who tries - to change passwords, and _p_a_s_s_w_o_r_d is the new password. Note that - the password (in _p_a_s_s_w_o_r_d_-_>_d_a_t_a) is not zero terminated. - - --kk _k_s_p_e_c, ----kkeeyyttaabb==_k_s_p_e_c - keytab to get authentication key from - - --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m - default realm - - --pp _s_t_r_i_n_g, ----ppoorrtt==_s_t_r_i_n_g - port to listen on (default service kpasswd - 464). - -DDIIAAGGNNOOSSTTIICCSS - If an error occurs, the error message is returned to the user and/or - logged to syslog. - -BBUUGGSS - The default password quality checks are too basic. - -SSEEEE AALLSSOO - kpasswd(1), kdc(8) - - HEIMDAL April 19, 1999 1 diff --git a/crypto/heimdal/kuser/kdestroy.cat1 b/crypto/heimdal/kuser/kdestroy.cat1 deleted file mode 100644 index 8f7247b68589..000000000000 --- a/crypto/heimdal/kuser/kdestroy.cat1 +++ /dev/null @@ -1,29 +0,0 @@ -KDESTROY(1) NetBSD Reference Manual KDESTROY(1) - -NNAAMMEE - kkddeessttrrooyy - destroy the current ticket file - -SSYYNNOOPPSSIISS - kkddeessttrrooyy [--cc _c_a_c_h_e_f_i_l_e] [----ccaacchhee==_c_a_c_h_e_f_i_l_e] [----nnoo--uunnlloogg] [----nnoo--ddeelleettee--vv44] - [----vveerrssiioonn] [----hheellpp] - -DDEESSCCRRIIPPTTIIOONN - kkddeessttrrooyy remove the current set of tickets. - - Supported options: - - --cc _c_a_c_h_e_f_i_l_e - - --ccaacchhee==_c_a_c_h_e_f_i_l_e - The cache file to remove. - - ----nnoo--uunnlloogg - Do not remove AFS tokens. - - ----nnoo--ddeelleettee--vv44 - Do not remove v4 tickets. - -SSEEEE AALLSSOO - kinit(1), klist(1) - - HEIMDAL August 27, 1997 1 diff --git a/crypto/heimdal/kuser/kgetcred.cat1 b/crypto/heimdal/kuser/kgetcred.cat1 deleted file mode 100644 index f01ed61cc6d4..000000000000 --- a/crypto/heimdal/kuser/kgetcred.cat1 +++ /dev/null @@ -1,26 +0,0 @@ -KGETCRED(1) NetBSD Reference Manual KGETCRED(1) - -NNAAMMEE - kkggeettccrreedd - get a ticket for a particular service - -SSYYNNOOPPSSIISS - kkggeettccrreedd [--ee _e_n_c_t_y_p_e | ----eennccttyyppee==_e_n_c_t_y_p_e] [----vveerrssiioonn] [----hheellpp] _s_e_r_v_i_c_e - -DDEESSCCRRIIPPTTIIOONN - kkggeettccrreedd obtains a ticket for a service. Usually tickets for services - are obtained automatically when needed but sometimes for some odd reason - you want to obtain a particular ticket or of a special type. - - Supported options: - - --ee _e_n_c_t_y_p_e, ----eennccttyyppee==_e_n_c_t_y_p_e - encryption type to use - - ----vveerrssiioonn - - ----hheellpp - -SSEEEE AALLSSOO - kinit(1), klist(1) - - HEIMDAL May 14, 1999 1 diff --git a/crypto/heimdal/kuser/kinit.cat1 b/crypto/heimdal/kuser/kinit.cat1 deleted file mode 100644 index c71feb236f60..000000000000 --- a/crypto/heimdal/kuser/kinit.cat1 +++ /dev/null @@ -1,127 +0,0 @@ -KINIT(1) NetBSD Reference Manual KINIT(1) - -NNAAMMEE - kkiinniitt kkaauutthh - acquire initial tickets - -SSYYNNOOPPSSIISS - kkiinniitt [--44 | ----552244iinniitt] [--99 | ----552244ccoonnvveerrtt] [----aaffsslloogg] [--cc _c_a_c_h_e_n_a_m_e | - ----ccaacchhee==_c_a_c_h_e_n_a_m_e] [--ff | ----ffoorrwwaarrddaabbllee] [--tt _k_e_y_t_a_b_n_a_m_e | - ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e] [--ll _t_i_m_e | ----lliiffeettiimmee==_t_i_m_e] [--pp | ----pprrooxxiiaabbllee] - [--RR | ----rreenneeww] [----rreenneewwaabbllee] [--rr _t_i_m_e | ----rreenneewwaabbllee--lliiffee==_t_i_m_e] [--SS - _p_r_i_n_c_i_p_a_l | ----sseerrvveerr==_p_r_i_n_c_i_p_a_l] [--ss _t_i_m_e | ----ssttaarrtt--ttiimmee==_t_i_m_e] [--kk | - ----uussee--kkeeyyttaabb] [--vv | ----vvaalliiddaattee] [--ee _e_n_c_t_y_p_e_s | ----eennccttyyppeess==_e_n_c_t_y_p_e_s] - [--aa _a_d_d_r_e_s_s_e_s | ----eexxttrraa--aaddddrreesssseess==_a_d_d_r_e_s_s_e_s] - [----ffccaacchhee--vveerrssiioonn==_i_n_t_e_g_e_r] [----nnoo--aaddddrreesssseess] [----aannoonnyymmoouuss] - [----vveerrssiioonn] [----hheellpp] [_p_r_i_n_c_i_p_a_l [_c_o_m_m_a_n_d]] - -DDEESSCCRRIIPPTTIIOONN - kkiinniitt is used to authenticate to the kerberos server as _p_r_i_n_c_i_p_a_l, or if - none is given, a system generated default (typically your login name at - the default realm), and acquire a ticket granting ticket that can later - be used to obtain tickets for other services. - - If you have compiled kkiinniitt with Kerberos 4 support and you have a Ker- - beros 4 server, kkiinniitt will detect this and get you Kerberos 4 tickets. - - Supported options: - - --cc _c_a_c_h_e_n_a_m_e ----ccaacchhee==_c_a_c_h_e_n_a_m_e - The credentials cache to put the acquired ticket in, if other - than default. - - --ff, ----ffoorrwwaarrddaabbllee - Get ticket that can be forwarded to another host. - - --tt _k_e_y_t_a_b_n_a_m_e, ----kkeeyyttaabb==_k_e_y_t_a_b_n_a_m_e - Don't ask for a password, but instead get the key from the speci- - fied keytab. - - --ll _t_i_m_e, ----lliiffeettiimmee==_t_i_m_e - Specifies the lifetime of the ticket. The argument can either be - in seconds, or a more human readable string like `1h'. - - --pp, ----pprrooxxiiaabbllee - Request tickets with the proxiable flag set. - - --RR, ----rreenneeww - Try to renew ticket. The ticket must have the `renewable' flag - set, and must not be expired. - - ----rreenneewwaabbllee - The same as ----rreenneewwaabbllee--lliiffee, with an infinite time. - - --rr _t_i_m_e, ----rreenneewwaabbllee--lliiffee==_t_i_m_e - The max renewable ticket life. - - --SS _p_r_i_n_c_i_p_a_l, ----sseerrvveerr==_p_r_i_n_c_i_p_a_l - Get a ticket for a service other than krbtgt/LOCAL.REALM. - - --ss _t_i_m_e, ----ssttaarrtt--ttiimmee==_t_i_m_e - Obtain a ticket that starts to be valid _t_i_m_e (which can really be - a generic time specification, like `1h') seconds into the future. - - --kk, ----uussee--kkeeyyttaabb - The same as ----kkeeyyttaabb, but with the default keytab name (normally - _F_I_L_E_:_/_e_t_c_/_k_r_b_5_._k_e_y_t_a_b). - - --vv, ----vvaalliiddaattee - Try to validate an invalid ticket. - - --ee, ----eennccttyyppeess==_e_n_c_t_y_p_e_s - Request tickets with this particular enctype. - - ----ffccaacchhee--vveerrssiioonn==_v_e_r_s_i_o_n - Create a credentials cache of version vveerrssiioonn. - - --aa, ----eexxttrraa--aaddddrreesssseess==_e_n_c_t_y_p_e_s - Adds a set of addresses that will, in addition to the systems lo- - cal addresses, be put in the ticket. This can be useful if all - addresses a client can use can't be automatically figured out. - One such example is if the client is behind a firewall. Also set- - table via libdefaults/extra_addresses in krb5.conf(5). - - ----nnoo--aaddddrreesssseess - Request a ticket with no addresses. - - ----aannoonnyymmoouuss - Request an anonymous ticket (which means that the ticket will be - issued to an anonymous principal, typically ``anonymous@REALM''). - - The following options are only available if kkiinniitt has been compiled with - support for Kerberos 4. - - --44, ----552244iinniitt - Try to convert the obtained Kerberos 5 krbtgt to a version 4 com- - patible ticket. It will store this ticket in the default Kerberos - 4 ticket file. - - --99, ----552244ccoonnvveerrtt - only convert ticket to version 4 - - ----aaffsslloogg - Gets AFS tickets, converts them to version 4 format, and stores - them in the kernel. Only useful if you have AFS. - - The _f_o_r_w_a_r_d_a_b_l_e, _p_r_o_x_i_a_b_l_e, _t_i_c_k_e_t___l_i_f_e, and _r_e_n_e_w_a_b_l_e___l_i_f_e options can - be set to a default value from the appdefaults section in krb5.conf, see - krb5_appdefault(3). - - If a _c_o_m_m_a_n_d is given, kkiinniitt will setup new credentials caches, and AFS - PAG, and then run the given command. When it finishes the credentials - will be removed. - -EENNVVIIRROONNMMEENNTT - KRB5CCNAME - Specifies the default credentials cache. - - KRB5_CONFIG - The file name of _k_r_b_5_._c_o_n_f , the default being _/_e_t_c_/_k_r_b_5_._c_o_n_f. - - KRBTKFILE - Specifies the Kerberos 4 ticket file to store version 4 tickets - in. - -SSEEEE AALLSSOO - kdestroy(1), klist(1), krb5_appdefault(3), krb5.conf(5) - - HEIMDAL May 29, 1998 2 diff --git a/crypto/heimdal/kuser/klist.cat1 b/crypto/heimdal/kuser/klist.cat1 deleted file mode 100644 index 4a2b647005d7..000000000000 --- a/crypto/heimdal/kuser/klist.cat1 +++ /dev/null @@ -1,87 +0,0 @@ -KLIST(1) NetBSD Reference Manual KLIST(1) - -NNAAMMEE - kklliisstt - list Kerberos credentials - -SSYYNNOOPPSSIISS - kklliisstt [--cc _c_a_c_h_e | ----ccaacchhee==_c_a_c_h_e] [--ss | --tt | ----tteesstt] [--44 | ----vv44] [--TT | - ----ttookkeennss] [--55 | ----vv55] [--vv | ----vveerrbboossee] [--ff] [----vveerrssiioonn] [----hheellpp] - -DDEESSCCRRIIPPTTIIOONN - kklliisstt reads and displays the current tickets in the crential cache (also - known as the ticket file). - - Options supported: - - --cc _c_a_c_h_e, ----ccaacchhee==_c_a_c_h_e - credentials cache to list - - --ss, --tt, ----tteesstt - Test for there being an active and valid TGT for the local realm - of the user in the credential cache. - - --44, ----vv44 - display v4 tickets - - --TT, ----ttookkeennss - display AFS tokens - - --55, ----vv55 - display v5 cred cache (this is the default) - - --ff Include ticket flags in short form, each charcted stands for a - specific flag, as follows: - F forwardable - f forwarded - P proxiable - p proxied - D postdate-able - d postdated - R renewable - I initial - i invalid - A pre-authenticated - H hardware authenticated - - This information is also output with the ----vveerrbboossee option, but in - a more verbose way. - - --vv, ----vveerrbboossee - Verbose output. Include all possible information: - - Server - the princial the ticket is for - - Ticket etype - the encryption type use in the ticket, followed by - the key version of the ticket, if it is available - - Session key - the encryption type of the session key, if it's dif- - ferent from the encryption type of the ticket - - Auth time - the time the authentication exchange took place - - Start time - the time that this tickets is valid from (only print- - ed if it's different from the auth time) - - End time - when the ticket expires, if it has already expired - this is also noted - - Renew till - the maximum possible end time of any ticket derived - from this one - - Ticket flags - the flags set on the ticket - - Addresses - the set of addresses from which this ticket is valid - -SSEEEE AALLSSOO - kdestroy(1), kinit(1) - - HEIMDAL July 8, 2000 2 diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h index cf93c9cdbcc3..c4f1ea2d30f1 100644 --- a/crypto/heimdal/lib/hdb/hdb_locl.h +++ b/crypto/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h,v 1.18 2002/09/10 20:03:48 joda Exp $ */ +/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */ /* $FreeBSD$ */ #ifndef __HDB_LOCL_H__ @@ -55,6 +55,9 @@ #ifdef HAVE_SYS_FILE_H #include #endif +#ifdef HAVE_LIMITS_H +#include +#endif #include #include "crypto-headers.h" diff --git a/crypto/heimdal/lib/kafs/kafs.cat3 b/crypto/heimdal/lib/kafs/kafs.cat3 deleted file mode 100644 index ecab780e25b5..000000000000 --- a/crypto/heimdal/lib/kafs/kafs.cat3 +++ /dev/null @@ -1,97 +0,0 @@ -KAFS(3) NetBSD Programmer's Manual KAFS(3) - -NNAAMMEE - kk__hhaassaaffss, kk__ppiiooccttll, kk__uunnlloogg, kk__sseettppaagg, kk__aaffss__cceellll__ooff__ffiillee, kkrrbb__aaffsslloogg, - kkrrbb__aaffsslloogg__uuiidd - AFS library - -LLIIBBRRAARRYY - AFS cache manager access library (libkafs, -lkafs) - -SSYYNNOOPPSSIISS - ##iinncclluuddee <> - - _i_n_t - kk__aaffss__cceellll__ooff__ffiillee(_c_o_n_s_t _c_h_a_r _*_p_a_t_h, _c_h_a_r _*_c_e_l_l, _i_n_t _l_e_n); - - _i_n_t - kk__hhaassaaffss(); - - _i_n_t - kk__ppiiooccttll(_c_h_a_r _*_a___p_a_t_h, _i_n_t _o___o_p_c_o_d_e, _s_t_r_u_c_t _V_i_c_e_I_o_c_t_l _*_a___p_a_r_a_m_s_P, - _i_n_t _a___f_o_l_l_o_w_S_y_m_l_i_n_k_s); - - _i_n_t - kk__sseettppaagg(); - - _i_n_t - kk__uunnlloogg(); - - _i_n_t - kkrrbb__aaffsslloogg(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m); - - _i_n_t - kkrrbb__aaffsslloogg__uuiidd(_c_h_a_r _*_c_e_l_l, _c_h_a_r _*_r_e_a_l_m, _u_i_d___t _u_i_d); - -DDEESSCCRRIIPPTTIIOONN - kk__hhaassaaffss() initializes some library internal structures, and tests for - the presence of AFS in the kernel, none of the other functions should be - called before kk__hhaassaaffss() is called, or if it fails. - - kkrrbb__aaffsslloogg(), and kkrrbb__aaffsslloogg__uuiidd() obtains new tokens (and possibly tick- - ets) for the specified _c_e_l_l and _r_e_a_l_m. If _c_e_l_l is NULL, the local cell - is used. If _r_e_a_l_m is NULL, the function tries to guess what realm to use. - Unless you have some good knowledge of what cell or realm to use, you - should pass NULL. kkrrbb__aaffsslloogg() will use the real user-id for the ViceId - field in the token, kkrrbb__aaffsslloogg__uuiidd() will use _u_i_d. - - kk__aaffss__cceellll__ooff__ffiillee() will in _c_e_l_l return the cell of a specified file, no - more than _l_e_n characters is put in _c_e_l_l. - - kk__ppiiooccttll() does a ppiiooccttll() syscall with the specified arguments. This - function is equivalent to llppiiooccttll(). - - kk__sseettppaagg() initializes a new PAG. - - kk__uunnlloogg() removes destroys all tokens in the current PAG. - -RREETTUURRNN VVAALLUUEESS - kk__hhaassaaffss() returns 1 if AFS is present in the kernel, 0 otherwise. - kkrrbb__aaffsslloogg() and kkrrbb__aaffsslloogg__uuiidd() returns 0 on success, or a kerberos er- - ror number on failure. kk__aaffss__cceellll__ooff__ffiillee(), kk__ppiiooccttll(), kk__sseettppaagg(), and - kk__uunnlloogg() all return the value of the underlaying system call, 0 on suc- - cess. - -EENNVVIIRROONNMMEENNTT - The following environment variable affect the mode of operation of kkaaffss: - - AFS_SYSCALL Normally, kkaaffss will try to figure out the correct system - call(s) that are used by AFS by itself. If it does not man- - age to do that, or does it incorrectly, you can set this - variable to the system call number or list of system call - numbers that should be used. - -EEXXAAMMPPLLEESS - The following code from llooggiinn will obtain a new PAG and tokens for the - local cell and the cell of the users home directory. - - if (k_hasafs()) { - char cell[64]; - k_setpag(); - if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) - krb_afslog(cell, NULL); - krb_afslog(NULL, NULL); - } - -EERRRROORRSS - If any of these functions (apart from kk__hhaassaaffss()) is called without AFS - beeing present in the kernel, the process will usually (depending on the - operating system) receive a SIGSYS signal. - -SSEEEE AALLSSOO - Transarc Corporation, "File Server/Cache Manager Interface", _A_F_S_-_3 - _P_r_o_g_r_a_m_m_e_r_'_s _R_e_f_e_r_e_n_c_e, 1991. - -BBUUGGSS - AFS_SYSCALL has no effect under AIX. - - KTH-KRB May 7, 1997 2 diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index c5610ddbc66e..d1c1c9d3d79f 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $"); +RCSID("$Id: crypto.c,v 1.73.2.4 2004/03/06 16:38:00 lha Exp $"); /* RCSID("$FreeBSD$"); */ #undef CRYPTO_DEBUG @@ -140,14 +140,15 @@ static krb5_error_code derive_key(krb5_context context, struct key_data *key, const void *constant, size_t len); -static void hmac(krb5_context context, - struct checksum_type *cm, - const void *data, - size_t len, - unsigned usage, - struct key_data *keyblock, - Checksum *result); +static krb5_error_code hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result); static void free_key_data(krb5_context context, struct key_data *key); +static krb5_error_code usage2arcfour (krb5_context, int *); /************************************************************ * * @@ -594,12 +595,16 @@ krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, _krb5_put_int(data + datalen - 4, keypart, 4); - hmac(context, c, data, datalen, 0, &ksign, &result); + ret = hmac(context, c, data, datalen, 0, &ksign, &result); + if (ret) + krb5_abortx(context, "hmac failed"); memcpy(p, result.checksum.data, len); memcpy(tmpcksum, result.checksum.data, result.checksum.length); for (i = 0; i < iter; i++) { - hmac(context, c, tmpcksum, result.checksum.length, - 0, &ksign, &result); + ret = hmac(context, c, tmpcksum, result.checksum.length, + 0, &ksign, &result); + if (ret) + krb5_abortx(context, "hmac failed"); memcpy(tmpcksum, result.checksum.data, result.checksum.length); for (j = 0; j < len; j++) p[j] ^= tmpcksum[j]; @@ -1385,7 +1390,7 @@ SHA1_checksum(krb5_context context, } /* HMAC according to RFC2104 */ -static void +static krb5_error_code hmac(krb5_context context, struct checksum_type *cm, const void *data, @@ -1399,6 +1404,17 @@ hmac(krb5_context context, size_t key_len; int i; + ipad = malloc(cm->blocksize + len); + if (ipad == NULL) + return ENOMEM; + opad = malloc(cm->blocksize + cm->checksumsize); + if (opad == NULL) { + free(ipad); + return ENOMEM; + } + memset(ipad, 0x36, cm->blocksize); + memset(opad, 0x5c, cm->blocksize); + if(keyblock->key->keyvalue.length > cm->blocksize){ (*cm->checksum)(context, keyblock, @@ -1412,10 +1428,6 @@ hmac(krb5_context context, key = keyblock->key->keyvalue.data; key_len = keyblock->key->keyvalue.length; } - ipad = malloc(cm->blocksize + len); - opad = malloc(cm->blocksize + cm->checksumsize); - memset(ipad, 0x36, cm->blocksize); - memset(opad, 0x5c, cm->blocksize); for(i = 0; i < key_len; i++){ ipad[i] ^= key[i]; opad[i] ^= key[i]; @@ -1431,8 +1443,40 @@ hmac(krb5_context context, free(ipad); memset(opad, 0, cm->blocksize + cm->checksumsize); free(opad); + + return 0; } +krb5_error_code +krb5_hmac(krb5_context context, + krb5_cksumtype cktype, + const void *data, + size_t len, + unsigned usage, + krb5_keyblock *key, + Checksum *result) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_data kd; + krb5_error_code ret; + + if (c == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + cktype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + kd.key = key; + kd.schedule = NULL; + + ret = hmac(context, c, data, len, usage, &kd, result); + + if (kd.schedule) + krb5_free_data(context, kd.schedule); + + return ret; + } + static void SP_HMAC_SHA1_checksum(krb5_context context, struct key_data *key, @@ -1444,11 +1488,14 @@ SP_HMAC_SHA1_checksum(krb5_context context, struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); Checksum res; char sha1_data[20]; + krb5_error_code ret; res.checksum.data = sha1_data; res.checksum.length = sizeof(sha1_data); - hmac(context, c, data, len, usage, key, &res); + ret = hmac(context, c, data, len, usage, key, &res); + if (ret) + krb5_abortx(context, "hmac failed"); memcpy(result->checksum.data, res.checksum.data, result->checksum.length); } @@ -1473,10 +1520,13 @@ HMAC_MD5_checksum(krb5_context context, unsigned char t[4]; unsigned char tmp[16]; unsigned char ksign_c_data[16]; + krb5_error_code ret; ksign_c.checksum.length = sizeof(ksign_c_data); ksign_c.checksum.data = ksign_c_data; - hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); + ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); + if (ret) + krb5_abortx(context, "hmac failed"); ksign.key = &kb; kb.keyvalue = ksign_c.checksum; MD5_Init (&md5); @@ -1487,7 +1537,9 @@ HMAC_MD5_checksum(krb5_context context, MD5_Update (&md5, t, 4); MD5_Update (&md5, data, len); MD5_Final (tmp, &md5); - hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); + ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); + if (ret) + krb5_abortx(context, "hmac failed"); } /* @@ -1508,6 +1560,7 @@ HMAC_MD5_checksum_enc(krb5_context context, krb5_keyblock kb; unsigned char t[4]; unsigned char ksign_c_data[16]; + krb5_error_code ret; t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; @@ -1516,10 +1569,14 @@ HMAC_MD5_checksum_enc(krb5_context context, ksign_c.checksum.length = sizeof(ksign_c_data); ksign_c.checksum.data = ksign_c_data; - hmac(context, c, t, sizeof(t), 0, key, &ksign_c); + ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); + if (ret) + krb5_abortx(context, "hmac failed"); ksign.key = &kb; kb.keyvalue = ksign_c.checksum; - hmac(context, c, data, len, 0, &ksign, result); + ret = hmac(context, c, data, len, 0, &ksign, result); + if (ret) + krb5_abortx(context, "hmac failed"); } struct checksum_type checksum_none = { @@ -1741,18 +1798,18 @@ get_checksum_key(krb5_context context, } static krb5_error_code -do_checksum (krb5_context context, - struct checksum_type *ct, - krb5_crypto crypto, - unsigned usage, - void *data, - size_t len, - Checksum *result) +create_checksum (krb5_context context, + struct checksum_type *ct, + krb5_crypto crypto, + unsigned usage, + void *data, + size_t len, + Checksum *result) { krb5_error_code ret; struct key_data *dkey; int keyed_checksum; - + keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { krb5_clear_error_string (context); @@ -1770,17 +1827,26 @@ do_checksum (krb5_context context, return 0; } -static krb5_error_code -create_checksum(krb5_context context, - krb5_crypto crypto, - unsigned usage, /* not krb5_key_usage */ - krb5_cksumtype type, /* 0 -> pick from crypto */ - void *data, - size_t len, - Checksum *result) +static int +arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) +{ + return (ct->type == CKSUMTYPE_HMAC_MD5) && + (crypto->key.key->keytype == KEYTYPE_ARCFOUR); +} + +krb5_error_code +krb5_create_checksum(krb5_context context, + krb5_crypto crypto, + krb5_key_usage usage, + int type, + void *data, + size_t len, + Checksum *result) { struct checksum_type *ct = NULL; + unsigned keyusage; + /* type 0 -> pick from crypto */ if (type) { ct = _find_checksum(type); } else if (crypto) { @@ -1794,21 +1860,15 @@ create_checksum(krb5_context context, type); return KRB5_PROG_SUMTYPE_NOSUPP; } - return do_checksum (context, ct, crypto, usage, data, len, result); -} -krb5_error_code -krb5_create_checksum(krb5_context context, - krb5_crypto crypto, - krb5_key_usage usage, - int type, - void *data, - size_t len, - Checksum *result) -{ - return create_checksum(context, crypto, - CHECKSUM_USAGE(usage), - type, data, len, result); + if (arcfour_checksum_p(ct, crypto)) { + keyusage = usage; + usage2arcfour(context, &keyusage); + } else + keyusage = CHECKSUM_USAGE(usage); + + return create_checksum(context, ct, crypto, keyusage, + data, len, result); } static krb5_error_code @@ -1826,7 +1886,7 @@ verify_checksum(krb5_context context, struct checksum_type *ct; ct = _find_checksum(cksum->cksumtype); - if(ct == NULL) { + if (ct == NULL) { krb5_set_error_string (context, "checksum type %d not supported", cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; @@ -1872,8 +1932,24 @@ krb5_verify_checksum(krb5_context context, size_t len, Checksum *cksum) { - return verify_checksum(context, crypto, - CHECKSUM_USAGE(usage), data, len, cksum); + struct checksum_type *ct; + unsigned keyusage; + + ct = _find_checksum(cksum->cksumtype); + if(ct == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + cksum->cksumtype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + if (arcfour_checksum_p(ct, crypto)) { + keyusage = usage; + usage2arcfour(context, &keyusage); + } else + keyusage = CHECKSUM_USAGE(usage); + + return verify_checksum(context, crypto, keyusage, + data, len, cksum); } krb5_error_code @@ -2109,7 +2185,7 @@ AES_CTS_encrypt(krb5_context context, k = &k[1]; if (len < AES_BLOCK_SIZE) - abort(); + krb5_abortx(context, "invalid use of AES_CTS_encrypt"); if (len == AES_BLOCK_SIZE) { if (encrypt) AES_encrypt(data, data, k); @@ -2149,6 +2225,7 @@ ARCFOUR_subencrypt(krb5_context context, RC4_KEY rc4_key; unsigned char *cdata = data; unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; + krb5_error_code ret; t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; @@ -2158,7 +2235,9 @@ ARCFOUR_subencrypt(krb5_context context, k1_c.checksum.length = sizeof(k1_c_data); k1_c.checksum.data = k1_c_data; - hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); @@ -2171,7 +2250,9 @@ ARCFOUR_subencrypt(krb5_context context, cksum.checksum.length = 16; cksum.checksum.data = data; - hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); ke.key = &kb; kb.keyvalue = k1_c.checksum; @@ -2179,7 +2260,9 @@ ARCFOUR_subencrypt(krb5_context context, k3_c.checksum.length = sizeof(k3_c_data); k3_c.checksum.data = k3_c_data; - hmac(NULL, c, data, 16, 0, &ke, &k3_c); + ret = hmac(NULL, c, data, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); @@ -2206,6 +2289,7 @@ ARCFOUR_subdecrypt(krb5_context context, unsigned char *cdata = data; unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; unsigned char cksum_data[16]; + krb5_error_code ret; t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; @@ -2215,7 +2299,9 @@ ARCFOUR_subdecrypt(krb5_context context, k1_c.checksum.length = sizeof(k1_c_data); k1_c.checksum.data = k1_c_data; - hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + ret = hmac(NULL, c, t, sizeof(t), 0, key, &k1_c); + if (ret) + krb5_abortx(context, "hmac failed"); memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data)); @@ -2228,7 +2314,9 @@ ARCFOUR_subdecrypt(krb5_context context, k3_c.checksum.length = sizeof(k3_c_data); k3_c.checksum.data = k3_c_data; - hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); + ret = hmac(NULL, c, cdata, 16, 0, &ke, &k3_c); + if (ret) + krb5_abortx(context, "hmac failed"); RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data); RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16); @@ -2239,7 +2327,9 @@ ARCFOUR_subdecrypt(krb5_context context, cksum.checksum.length = 16; cksum.checksum.data = cksum_data; - hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + ret = hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum); + if (ret) + krb5_abortx(context, "hmac failed"); memset (k1_c_data, 0, sizeof(k1_c_data)); memset (k2_c_data, 0, sizeof(k2_c_data)); @@ -2256,54 +2346,28 @@ ARCFOUR_subdecrypt(krb5_context context, /* * convert the usage numbers used in * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in - * draft-brezak-win2k-krb-rc4-hmac-03.txt + * draft-brezak-win2k-krb-rc4-hmac-04.txt */ static krb5_error_code usage2arcfour (krb5_context context, int *usage) { switch (*usage) { - case KRB5_KU_PA_ENC_TIMESTAMP : - *usage = 1; - return 0; - case KRB5_KU_TICKET : - *usage = 2; - return 0; - case KRB5_KU_AS_REP_ENC_PART : + case KRB5_KU_AS_REP_ENC_PART : /* 3 */ + case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */ *usage = 8; return 0; - case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION : - case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY : - case KRB5_KU_TGS_REQ_AUTH_CKSUM : - case KRB5_KU_TGS_REQ_AUTH : - *usage = 7; + case KRB5_KU_USAGE_SEAL : /* 22 */ + *usage = 13; return 0; - case KRB5_KU_TGS_REP_ENC_PART_SESSION : - case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : - *usage = 8; - return 0; - case KRB5_KU_AP_REQ_AUTH_CKSUM : - case KRB5_KU_AP_REQ_AUTH : - case KRB5_KU_AP_REQ_ENC_PART : - *usage = 11; - return 0; - case KRB5_KU_KRB_PRIV : + case KRB5_KU_USAGE_SIGN : /* 23 */ + *usage = 15; + return 0; + case KRB5_KU_USAGE_SEQ: /* 24 */ *usage = 0; return 0; - case KRB5_KU_KRB_CRED : - case KRB5_KU_KRB_SAFE_CKSUM : - case KRB5_KU_OTHER_ENCRYPTED : - case KRB5_KU_OTHER_CKSUM : - case KRB5_KU_KRB_ERROR : - case KRB5_KU_AD_KDC_ISSUED : - case KRB5_KU_MANDATORY_TICKET_EXTENSION : - case KRB5_KU_AUTH_DATA_TICKET_EXTENSION : - case KRB5_KU_USAGE_SEAL : - case KRB5_KU_USAGE_SIGN : - case KRB5_KU_USAGE_SEQ : default : - krb5_set_error_string(context, "unknown arcfour usage type %d", *usage); - return KRB5_PROG_ETYPE_NOSUPP; + return 0; } } @@ -2731,9 +2795,9 @@ encrypt_internal_derived(krb5_context context, memcpy(q, data, len); ret = create_checksum(context, + et->keyed_checksum, crypto, INTEGRITY_USAGE(usage), - et->keyed_checksum->type, p, block_sz, &cksum); @@ -2800,9 +2864,9 @@ encrypt_internal(krb5_context context, memcpy(q, data, len); ret = create_checksum(context, + et->checksum, crypto, 0, - et->checksum->type, p, block_sz, &cksum); @@ -2896,6 +2960,11 @@ decrypt_internal_derived(krb5_context context, return EINVAL; /* XXX - better error code? */ } + if (((len - checksum_sz) % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + p = malloc(len); if(len != 0 && p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); @@ -2964,6 +3033,11 @@ decrypt_internal(krb5_context context, size_t checksum_sz, l; struct encryption_type *et = crypto->et; + if ((len % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + checksum_sz = CHECKSUMSIZE(et->checksum); p = malloc(len); if(len != 0 && p == NULL) { @@ -3022,25 +3096,34 @@ decrypt_internal_special(krb5_context context, struct encryption_type *et = crypto->et; size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len - cksum_sz - et->confoundersize; - char *cdata = (char *)data; - char *tmp; + unsigned char *p; krb5_error_code ret; - tmp = malloc (sz); - if (tmp == NULL) { + if ((len % et->padsize) != 0) { + krb5_clear_error_string(context); + return KRB5_BAD_MSIZE; + } + + p = malloc (len); + if (p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } + memcpy(p, data, len); - ret = (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec); + ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec); if (ret) { - free(tmp); + free(p); return ret; } - memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz); - - result->data = tmp; + memmove (p, p + cksum_sz + et->confoundersize, sz); + result->data = realloc(p, sz); + if(result->data == NULL) { + free(p); + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } result->length = sz; return 0; } diff --git a/crypto/heimdal/lib/roken/config.h.in b/crypto/heimdal/lib/roken/config.h.in deleted file mode 100644 index b3df98912148..000000000000 --- a/crypto/heimdal/lib/roken/config.h.in +++ /dev/null @@ -1 +0,0 @@ -/*autoheader*/ diff --git a/crypto/heimdal/tools/krb5-config.cat1 b/crypto/heimdal/tools/krb5-config.cat1 deleted file mode 100644 index 461e8ca4366a..000000000000 --- a/crypto/heimdal/tools/krb5-config.cat1 +++ /dev/null @@ -1,51 +0,0 @@ -KRB5-CONFIG(1) NetBSD Reference Manual KRB5-CONFIG(1) - -NNAAMMEE - kkrrbb55--ccoonnffiigg - give information on how to link code against Heimdal li- - braries - -SSYYNNOOPPSSIISS - kkrrbb55--ccoonnffiigg [----pprreeffiixx[=_d_i_r]] [----eexxeecc--pprreeffiixx[=_d_i_r]] [----lliibbss] [----ccffllaaggss] - [_l_i_b_r_a_r_i_e_s] - -DDEESSCCRRIIPPTTIIOONN - kkrrbb55--ccoonnffiigg tells the application programmer what special flags to use to - compile and link programs against the libraries installed by Heimdal. - - Options supported: - - ----pprreeffiixx[=_d_i_r] - Print the prefix if no _d_i_r is specified, otherwise set prefix to - _d_i_r. - - ----eexxeecc--pprreeffiixx[=_d_i_r] - Print the exec-prefix if no _d_i_r is specified, otherwise set exec- - prefix to _d_i_r. - - ----lliibbss Output the set of libraries that should be linked against. - - ----ccffllaaggss - Output the set of flags to give to the C compiler when using the - Heimdal libraries. - - By default kkrrbb55--ccoonnffiigg will output the set of flags and libraries to be - used by a normal program using the krb5 API. The user can also supply a - library to be used, the supported ones are: - - krb5 (the default) - - gssapi use the krb5 gssapi mechanism - - kadm-client - use the client-side kadmin libraries - - kadm-server - use the server-side kadmin libraries - -SSEEEE AALLSSOO - cc(1) - -HHIISSTTOORRYY - kkrrbb55--ccoonnffiigg appeared in Heimdal 0.3d. - - HEIMDAL November 30, 2000 1