=head1 DESCRIPTION
-B<kaserver> [B<-noAuth>] [B<-fastKeys>] [-database <I<dbpath>>]
-[B<-localfiles> <I<lclpath>>] [B<-minhours> <I<n>>]
- [B<-servers> <I<serverlist>>] [-enable_peer_stats]
- [B<-enable_process_stats>] [-help]
-
-This command does not use the syntax conventions of the AFS command
-suites. Provide the command name and all option names in full.
+B<kaserver> [B<-noAuth>] [B<-fastKeys>] [B<-database> <I<dbpath>>]
+ [B<-localfiles> <I<lclpath>>] [B<-minhours> <I<n>>]
+ [B<-servers> <I<serverlist>>] [B<-enable_peer_stats>]
+ [B<-enable_process_stats>] [B<-help>]
=head1 DESCRIPTION
-The kaserver command initializes the Authentication Server,
-which runs on every database server machine. In the conventional
-configuration, its binary file is located in the B</usr/afs/bin>
-directory on a file server machine.
+The B<kaserver> command initializes the Authentication Server, which runs
+on every database server machine. In the conventional configuration, its
+binary file is located in the F</usr/afs/bin> directory on a file server
+machine.
-The kaserver command is not normally issued at the command shell
-prompt but rather placed into a file server machine's
-B</usr/afs/local/BosConfig> file with the B<bos create>
-command. If it is ever issued at the command shell prompt, the issuer
-must be logged onto a database server machine as the local superuser
-B<root>.
+The B<kaserver> command is not normally issued at the command shell prompt
+but rather placed into a file server machine's F</usr/afs/local/BosConfig>
+file with the B<bos create> command. If it is ever issued at the command
+shell prompt, the issuer must be logged onto a database server machine as
+the local superuser C<root>.
As it initializes, the Authentication Server process creates the two files
-that constitute the Authentication Database, B<kaserver.DB0>
-and B<kaserver.DBSYS1>, in the B</usr/afs/db> directory
-if they do not already exist. Use the commands in the B<kas>
-suite to administer the database.
+that constitute the Authentication Database, F<kaserver.DB0> and
+F<kaserver.DBSYS1>, in the F</usr/afs/db> directory if they do not already
+exist. Use the commands in the B<kas> suite to administer the database.
The Authentication Server is responsible for several aspects of AFS
security, including:
Maintenance of all AFS server encryption keys and user passwords in the
Authentication Database.
-
=item *
Creation of the tickets and tokens that users and servers use to establish
-secure connections. Its Ticket Granting Service (TGS) component
-performs this function.
-
+secure connections. Its Ticket Granting Service (TGS) component performs
+this function.
=back
The Authentication Server records a trace of its activity in the
-B</usr/afs/logs/AuthLog> file. Use the B<bos getlog>
-command to display the contents of the file. Use the B<kdb>
-command to read the protected files associated with the B<AuthLog>
-file, B<AuthLog.dir> and B<AuthLog.pag>.
+F</usr/afs/logs/AuthLog> file. Use the B<bos getlog> command to display
+the contents of the file. Use the B<kdb> command to read the protected
+files associated with the F<AuthLog> file, F<AuthLog.dir> and
+F<AuthLog.pag>.
+
+This command does not use the syntax conventions of the AFS command
+suites. Provide the command name and all option names in full.
=head1 OPTIONS
=over 4
-=item -noAuth
+=item B<-noAuth>
-Assigns the unprivileged identity anonymous to the
-issuer. Thus, it establishes an unauthenticated connection between the
-issuer and the Authentication Server. It is useful only when
-authorization checking is disabled on the database server machine. In
-normal circumstances, the Authentication Server allows only authorized
-(privileged) users to issue commands that affect or contact the Authentication
-Database and will refuse to perform such an action even if the
-B<-noAuth> flag is used.
+Assigns the unprivileged identity C<anonymous> to the issuer. Thus, it
+establishes an unauthenticated connection between the issuer and the
+Authentication Server. It is useful only when authorization checking is
+disabled on the database server machine. In normal circumstances, the
+Authentication Server allows only authorized (privileged) users to issue
+commands that affect or contact the Authentication Database and will
+refuse to perform such an action even if the B<-noAuth> flag is used.
-=item -fastKeys
+=item B<-fastKeys>
Is a test flag for use by the AFS Development staff; it serves no
functional purpose.
-=item -database
+=item B<-database> <I<dbpath>>
Specifies the pathname of an alternate directory in which the
Authentication Database files reside. Provide the complete pathname,
-ending in the base filename to which the B<.DB0> and
-B<.DBSYS1> extensions are appended. For example, the
-appropriate value for the default database files is
-B</usr/afs/db/kaserver>.
+ending in the base filename to which the C<.DB0> and C<.DBSYS1> extensions
+are appended. For example, the appropriate value for the default database
+files is F</usr/afs/db/kaserver>.
-Provide the -localfiles argument along with this one;
-otherwise, the B<-localfiles> argument is also set to the value of
-this argument, which is probably inappropriate.
+Provide the B<-localfiles> argument along with this one; otherwise, the
+B<-localfiles> argument is also set to the value of this argument, which
+is probably inappropriate.
-=item -localfiles
+=item B<-localfiles> <I<lclpath>>
Specifies the pathname of an alternate directory in which the auxiliary
Authentication Database file resides. Provide the complete pathname,
-ending in the base filename to which the B<auxdb> suffix is
-appended. For example, the appropriate value for the default auxiliary
-database file is B</usr/afs/local/kaserver>.
+ending in the base filename to which the C<auxdb> suffix is appended. For
+example, the appropriate value for the default auxiliary database file is
+F</usr/afs/local/kaserver>.
-=item -minhours
+=item B<-minhours> <I<n>>
Specifies the minimum number of hours that must pass between password
-changes made by any regular user. System administrators (with the
-C<ADMIN> flag in their Authentication Database entry) can change
-passwords as often as desired. Setting a minimum time between password
-changes is not recommended.
+changes made by any regular user. System administrators (with the C<ADMIN>
+flag in their Authentication Database entry) can change passwords as often
+as desired. Setting a minimum time between password changes is not
+recommended.
-=item -servers
+=item B<-servers> <I<authentication servers>>+
Names each database server machine running an Authentication Server with
which the local Authentication Server is to synchronize its copy of the
-Authentication Database , rather than with the machines listed in the local
-B</usr/afs/etc/CellServDB> file.
+Authentication Database, rather than with the machines listed in the local
+F</usr/afs/etc/CellServDB> file.
-=item -enable_peer_stats
+=item B<-enable_peer_stats>
Activates the collection of Rx statistics and allocates memory for their
-storage. For each connection with a specific UDP port on another
-machine, a separate record is kept for each type of RPC (FetchFile, GetStatus,
-and so on) sent or received. To display or otherwise access the
-records, use the Rx Monitoring API.
+storage. For each connection with a specific UDP port on another machine,
+a separate record is kept for each type of RPC (FetchFile, GetStatus, and
+so on) sent or received. To display or otherwise access the records, use
+the Rx Monitoring API.
-=item -enable_process_stats
+=item B<-enable_process_stats>
Activates the collection of Rx statistics and allocates memory for their
storage. A separate record is kept for each type of RPC (FetchFile,
other machines. To display or otherwise access the records, use the Rx
Monitoring API.
-=item -help
+=item B<-help>
-Prints the online help for this command. All other valid options
-are ignored.
+Prints the online help for this command. All other valid options are
+ignored.
=back
=head1 EXAMPLES
-The following B<bos create> command creates a kaserver
-process on B<fs3.abc.com> (the command appears on two
-lines here only for legibility):
+The following B<bos create> command creates a C<kaserver> process on
+C<fs3.abc.com> (the command appears on two lines here only for
+legibility):
% bos create -server fs3.abc.com -instance kaserver \
-type simple -cmd /usr/afs/bin/kaserver
=head1 PRIVILEGE REQUIRED
-The issuer must be logged in as the superuser root on a file
-server machine to issue the command at a command shell prompt. It is
-conventional instead to create and start the process by issuing the B<bos
-create> command.
+The issuer must be logged in as the superuser C<root> on a file server
+machine to issue the command at a command shell prompt. It is conventional
+instead to create and start the process by issuing the B<bos create>
+command.
=head1 SEE ALSO
-L<AuthLog(1)>,
-L<BosConfig(1)>,
-L<CellServDB (server version)(1)>
-
-L<kaserver.DB0 and kaserver.DBSYS1(1)>
-
-L<kaserverauxdb(1)>,
-L<bos(1)>,
-L<bos_create(1)>,
-L<bos_getlog(1)>,
-L<kas(1)>,
-L<kdb(1)>
+L<AuthLog(5)>,
+L<BosConfig(5)>,
+L<CellServDB(5)>,
+L<kaserver.DB0(5)>,
+L<kaserverauxdb(5)>,
+L<bos(8)>,
+L<bos_create(8)>,
+L<bos_getlog(8)>,
+L<kas(8)>,
+L<kdb(8)>
=head1 COPYRIGHT
git://git.openafs.org / openafs.git / blobdiff