Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | ka-forwarder - Forward AFS Authentication Server requests to another server | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<ka-forwarder> S<<< [B<-p> <I<port>>] >>> <I<server>>[/<I<port>>] [...] | |
11 | ||
12 | =for html | |
13 | </div> | |
14 | ||
15 | =head1 DESCRIPTION | |
16 | ||
17 | B<ka-forwarder> listens for requests for an AFS Authentication Server and | |
18 | forwards them to a remote B<fakeka> server. B<fakeka> is a server that | |
19 | answers AFS Authentication Server protocol requests using a regular | |
20 | Kerberos KDC and is provided with some Kerberos 5 implementations. | |
21 | B<fakeka> has to run on the same host as the Kerberos KDC, however, and | |
22 | AFS clients send all native AFS authentication requests to the AFS | |
23 | database servers. If you don't want to run your Kerberos KDCs and your | |
24 | AFS database servers on the same host, run B<ka-forwarder> on the AFS | |
25 | database servers and point it to B<fakeka> running on the Kerberos KDCs. | |
26 | ||
27 | B<ka-forwarder> takes one or more servers to which to forward the | |
28 | requests. The default port on the remote server to which to forward the | |
29 | command is 7004, but a different port can be specified by following the | |
30 | server name with a slash (C</>) and the port number. If multiple servers | |
31 | are given, B<ka-forwarder> will send queries to each server in turn in a | |
32 | round-robin fashion. | |
33 | ||
34 | =head1 CAUTIONS | |
35 | ||
36 | Due to the way that B<ka-forwarder> distinguishes from client requests and | |
37 | server responses, any messages from one of the servers to which | |
38 | B<ka-forwarder> is forwarding will be considered a reply rather than a | |
39 | command and will not be forwarded. This means that the servers running | |
40 | B<fakeka> will not be able to use native AFS authentication requests and | |
41 | rely on B<ka-forwarder> to send the requests to the right server. | |
42 | ||
43 | B<ka-forwarder> does not background itself. It should either be run in | |
44 | the background via the shell, or run via the Basic OverSeer Server (see | |
45 | L<bosserver(8)>). | |
46 | ||
47 | =head1 OPTIONS | |
48 | ||
49 | =over 4 | |
50 | ||
51 | =item B<-p> <I<port>> | |
52 | ||
53 | By default, B<ka-forwarder> listens to the standard AFS Authentication | |
54 | Server port (7004). To listen to a different port, specify it with the | |
55 | B<-p> option. | |
56 | ||
57 | =back | |
58 | ||
59 | =head1 EXAMPLES | |
60 | ||
61 | Forward AFS Authentication Server requests to the B<fakeka> servers on | |
62 | kdc1.example.com and kdc2.example.com: | |
63 | ||
64 | % ka-forwarder kdc1.example.com kdc2.example.com & | |
65 | ||
66 | Note the C<&> to tell the shell to run this command in the background. | |
67 | ||
68 | =head1 PRIVILEGE REQUIRED | |
69 | ||
70 | B<ka-forwarder> only has to listen to port 7004 and therefore does not | |
71 | require any special privileges unless a privileged port is specified with | |
72 | the B<-p> option. | |
73 | ||
74 | =head1 SEE ALSO | |
75 | ||
76 | L<bosserver(8)>, | |
77 | fakeka(8), | |
78 | L<kaserver(8)> | |
79 | ||
80 | =head1 COPYRIGHT | |
81 | ||
82 | Copyright 2006 Russ Allbery <rra@stanford.edu> | |
83 | ||
84 | This documentation is covered by the IBM Public License Version 1.0. This | |
85 | man page was written by Russ Allbery for OpenAFS. |