NAME¶
ka-forwarder - Forward AFS Authentication Server requests to another server
SYNOPSIS¶
ka-forwarder [
-p <
port>]
<
server>[/<
port>] [...]
DESCRIPTION¶
ka-forwarder listens for requests for an AFS Authentication Server and
forwards them to a remote
fakeka server.
fakeka is a server that
answers AFS Authentication Server protocol requests using a regular Kerberos
KDC and is provided with some Kerberos 5 implementations.
fakeka has to
run on the same host as the Kerberos KDC, however, and AFS clients send all
native AFS authentication requests to the AFS database servers. If you don't
want to run your Kerberos KDCs and your AFS database servers on the same host,
run
ka-forwarder on the AFS database servers and point it to
fakeka running on the Kerberos KDCs.
ka-forwarder takes one or more servers to which to forward the requests.
The default port on the remote server to which to forward the command is 7004,
but a different port can be specified by following the server name with a
slash ("/") and the port number. If multiple servers are given,
ka-forwarder will send queries to each server in turn in a round-robin
fashion.
CAUTIONS¶
Due to the way that
ka-forwarder distinguishes from client requests and
server responses, any messages from one of the servers to which
ka-forwarder is forwarding will be considered a reply rather than a
command and will not be forwarded. This means that the servers running
fakeka will not be able to use native AFS authentication requests and
rely on
ka-forwarder to send the requests to the right server.
ka-forwarder does not background itself. It should either be run in the
background via the shell, or run via the Basic OverSeer Server (see
bosserver(8)).
OPTIONS¶
- -p <port>
- By default, ka-forwarder listens to the standard AFS Authentication
Server port (7004). To listen to a different port, specify it with the
-p option.
EXAMPLES¶
Forward AFS Authentication Server requests to the
fakeka servers on
kdc1.example.com and kdc2.example.com:
% ka-forwarder kdc1.example.com kdc2.example.com &
Note the "&" to tell the shell to run this command in the
background.
PRIVILEGE REQUIRED¶
ka-forwarder only has to listen to port 7004 and therefore does not
require any special privileges unless a privileged port is specified with the
-p option.
SEE ALSO¶
bosserver(8),
fakeka(8),
kaserver(8)
COPYRIGHT¶
Copyright 2006 Russ Allbery <rra@stanford.edu>
This documentation is covered by the IBM Public License Version 1.0. This man
page was written by Russ Allbery for OpenAFS.