Manual Pages for UNIX Darwin command on man krbservicesetup

krbservicesetup(8) BSD System Manager's Manual krbservicesetup(8)

NAME

kkrrbbsseerrvviicceesseettuupp - Kerberos - Open Directory Single Sign On

SYNOPSIS

kkrrbbsseerrvviicceesseettuupp [-rr REALM] -a adminname [-pp password] [-tt keytab]

[-ff setupfile] [servicetype serviceprincipal]

DESCRIPTION

kkrrbbsseerrvviicceesseettuupp is used by ssoutil to configure Kerberized services on the current host. It uses kadmin to add service principals to the KDC

database and create the krb5.keytab file. And then edits/creates the con-

fig files of the given service to use the proper service principal. kkrrbbsseerrvviicceesseettuupp knows how to configure the FTP, AFP, POP, IMAP, SMTP and SSH services shipped by Apple in Mac OS X 10.3 kkrrbbsseerrvviicceesseettuupp takes either a servicetype, serviceprincipal pair or a plist file with a list of services to configure. The plist file also allows more control over the options used when creating the principals. kkrrbbsseerrvviicceesseettuupp arguments:

-xx Use kadmin.local instead of kadmin.

-rr REALM

The Kerberos realm of the server

-aa adminname

Name of an administrator with priveleges to add principals to the KDC

-pp password

Password for the above user

-tt keytab

The path of the keytab file to write

-ff setupfile

The path of the plist file containing the list of services to be configured servicetype serviceprincipal A single service to configure The servicetypes understood by kkrrbbsseerrvviicceesseettuupp are: afp Apple Filing Protocol ftp File Transfer Protocol imap IMAP mail protocol pop POP mail protocol smtp SMTP mail protocol ssh Secure Shell The plist file format used by kkrrbbsseerrvviicceesseettuupp consists of a couple of optional boolean flag items and an array of dictionaries representing the services to be configured.

noConfig - Boolean

Flag indicating that just the service principals should be cre-

ated in the KDC

configOnly - Boolean

Flag indicating that the services need to be configured

Services - array of dictionaries

Array of service dictionaries to be configured

serviceType - string

Type of the service (see above for definitions)

servicePrincipal - string

Kerberos principal name for the service

option - Boolean

Options passed on to the addprinc command within kadmin If the boolean value is true, the option passed to kadmin is the option name with a '+' prepended. If

the value is false a '-' is prepended

option - string

Options passed on to the addprinc command within kadmin If the key is foo and the string value is bar then the option passed in the addprinc command is

"-foo bar"

The options for the addprinc command are detailed in the man page for kadmin Some of the possibly options are restricted specifically the pw and needchange commands are ignored. Every service principal is generated with the randkey option. FILES /etc/krb5.keytab The file where Kerberos stores the service principals for the services on this host DIAGNOSTICS

You can add -v debuglevel to the kkrrbbsseerrvviicceesseettuupp command. Debug level 1

provides status information, higher levels add progressivly more levels of detail. EEXXAAMMPPLLEESS

It is better to use the configure command in ssoutil to configure multi-

ple services. Here is an example of using kkrrbbsseerrvviicceesseettuupp to configure a FTP server in the realm FOO.ORG

kkrrbbsseerrvviicceesseettuupp -r FOO.ORG -a admin -p password ftp

ftp/myhost.foo.org@FOO.ORG (the above should be all on one line) NNOOTTEESS The kkrrbbsseerrvviicceesseettuupp tool is used by the Apple Single Sign On system to set up Kerberized services integrated with the rest of the Single Sign On components.