[hcoop/debian/openafs.git] / doc / man-pages / pod8 / ka-forwarder.pod

=head1 NAME

ka-forwarder - Forward AFS Authentication Server requests to another server

=head1 SYNOPSIS

=for html
<div class="synopsis">

B<ka-forwarder> S<<< [B<-p> <I<port>>] >>> <I<server>>[/<I<port>>] [...]

=for html
</div>

=head1 DESCRIPTION

B<ka-forwarder> listens for requests for an AFS Authentication Server and
forwards them to a remote B<fakeka> server.  B<fakeka> is a server that
answers AFS Authentication Server protocol requests using a regular
Kerberos KDC and is provided with some Kerberos 5 implementations.
B<fakeka> has to run on the same host as the Kerberos KDC, however, and
AFS clients send all native AFS authentication requests to the AFS
database servers.  If you don't want to run your Kerberos KDCs and your
AFS database servers on the same host, run B<ka-forwarder> on the AFS
database servers and point it to B<fakeka> running on the Kerberos KDCs.

B<ka-forwarder> takes one or more servers to which to forward the
requests.  The default port on the remote server to which to forward the
command is 7004, but a different port can be specified by following the
server name with a slash (C</>) and the port number.  If multiple servers
are given, B<ka-forwarder> will send queries to each server in turn in a
round-robin fashion.

=head1 CAUTIONS

Due to the way that B<ka-forwarder> distinguishes from client requests and
server responses, any messages from one of the servers to which
B<ka-forwarder> is forwarding will be considered a reply rather than a
command and will not be forwarded.  This means that the servers running
B<fakeka> will not be able to use native AFS authentication requests and
rely on B<ka-forwarder> to send the requests to the right server.

B<ka-forwarder> does not background itself.  It should either be run in
the background via the shell, or run via the Basic OverSeer Server (see
L<bosserver(8)>).

=head1 OPTIONS

=over 4

=item B<-p> <I<port>>

By default, B<ka-forwarder> listens to the standard AFS Authentication
Server port (7004).  To listen to a different port, specify it with the
B<-p> option.

=back

=head1 EXAMPLES

Forward AFS Authentication Server requests to the B<fakeka> servers on
kdc1.example.com and kdc2.example.com:

    % ka-forwarder kdc1.example.com kdc2.example.com &

Note the C<&> to tell the shell to run this command in the background.

=head1 PRIVILEGE REQUIRED

B<ka-forwarder> only has to listen to port 7004 and therefore does not
require any special privileges unless a privileged port is specified with
the B<-p> option.

=head1 SEE ALSO

L<bosserver(8)>,
fakeka(8),
L<kaserver(8)>

=head1 COPYRIGHT

Copyright 2006 Russ Allbery <rra@stanford.edu>

This documentation is covered by the IBM Public License Version 1.0.  This
man page was written by Russ Allbery for OpenAFS.
Commit	Line	Data
805e021f CE	1	=head1 NAME
	2
	3	ka-forwarder - Forward AFS Authentication Server requests to another server
	4
	5	=head1 SYNOPSIS
	6
	7	=for html
	8	<div class="synopsis">
	9
	10	B<ka-forwarder> S<<< [B<-p> <I<port>>] >>> <I<server>>[/<I<port>>] [...]
	11
	12	=for html
	13	</div>
	14
	15	=head1 DESCRIPTION
	16
	17	B<ka-forwarder> listens for requests for an AFS Authentication Server and
	18	forwards them to a remote B<fakeka> server. B<fakeka> is a server that
	19	answers AFS Authentication Server protocol requests using a regular
	20	Kerberos KDC and is provided with some Kerberos 5 implementations.
	21	B<fakeka> has to run on the same host as the Kerberos KDC, however, and
	22	AFS clients send all native AFS authentication requests to the AFS
	23	database servers. If you don't want to run your Kerberos KDCs and your
	24	AFS database servers on the same host, run B<ka-forwarder> on the AFS
	25	database servers and point it to B<fakeka> running on the Kerberos KDCs.
	26
	27	B<ka-forwarder> takes one or more servers to which to forward the
	28	requests. The default port on the remote server to which to forward the
	29	command is 7004, but a different port can be specified by following the
	30	server name with a slash (C</>) and the port number. If multiple servers
	31	are given, B<ka-forwarder> will send queries to each server in turn in a
	32	round-robin fashion.
	33
	34	=head1 CAUTIONS
	35
	36	Due to the way that B<ka-forwarder> distinguishes from client requests and
	37	server responses, any messages from one of the servers to which
	38	B<ka-forwarder> is forwarding will be considered a reply rather than a
	39	command and will not be forwarded. This means that the servers running
	40	B<fakeka> will not be able to use native AFS authentication requests and
	41	rely on B<ka-forwarder> to send the requests to the right server.
	42
	43	B<ka-forwarder> does not background itself. It should either be run in
	44	the background via the shell, or run via the Basic OverSeer Server (see
	45	L<bosserver(8)>).
	46
	47	=head1 OPTIONS
	48
	49	=over 4
	50
	51	=item B<-p> <I<port>>
	52
	53	By default, B<ka-forwarder> listens to the standard AFS Authentication
	54	Server port (7004). To listen to a different port, specify it with the
	55	B<-p> option.
	56
	57	=back
	58
	59	=head1 EXAMPLES
	60
	61	Forward AFS Authentication Server requests to the B<fakeka> servers on
	62	kdc1.example.com and kdc2.example.com:
	63
	64	% ka-forwarder kdc1.example.com kdc2.example.com &
65
66	Note the C<&> to tell the shell to run this command in the background.
67
68	=head1 PRIVILEGE REQUIRED
69
70	B<ka-forwarder> only has to listen to port 7004 and therefore does not
71	require any special privileges unless a privileged port is specified with
72	the B<-p> option.
73
74	=head1 SEE ALSO
75
76	L<bosserver(8)>,
77	fakeka(8),
78	L<kaserver(8)>
79
80	=head1 COPYRIGHT
81
82	Copyright 2006 Russ Allbery <rra@stanford.edu>
83
84	This documentation is covered by the IBM Public License Version 1.0. This
85	man page was written by Russ Allbery for OpenAFS.