krb5kdc man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

krb5kdc(1M)		System Administration Commands		   krb5kdc(1M)

NAME
       krb5kdc - KDC daemon

SYNOPSIS
       /usr/lib/krb5/krb5kdc [-d dbpath] [-r realm]  [-m]
	   [-k masterenctype] [-M masterkeyname]
	   [-p port] [-n] [-x db_args]...

DESCRIPTION
       krb5kdc is the daemon that runs on the master and slave KDCs to process
       the Kerberos tickets. For Kerberos to function properly,	 krb5kdc  must
       be  running  on	at least one KDC that the Kerberos clients can access.
       Prior to running krb5kdc, you must  initialize  the  Kerberos  database
       using  kdb5_util(1M).  See the  for information regarding how to set up
       KDCs and initialize the Kerberos database.

OPTIONS
       The following options are supported:

       -d dbpath

	   Specify the path to the database; default value is /var/krb5.

       -k masterenctype

	   Specify the	encryption  type  for  encrypting  the	database.  The
	   default value is des-cbc-crc. des3-cbc-sha1, arcfour-hmac-md5, arc‐
	   four-hmac-md5-exp,  aes128-cts-hmac-sha1-96,	 and  aes256-cts-hmac-
	   sha1-96 are also valid.

       -m

	   Specify that the master key for the database is to be entered manu‐
	   ally.

       -M masterkeyname

	   Specify the principal to retrieve the master Key for the database.

       -n

	   Specify that krb5kdc should not detach from the terminal.

       -p port

	   Specify the port that will be used by the KDC to listen for	incom‐
	   ing requests.

       -r realm

	   Specify the realm name; default is the local realm name.

       -x db_args

	   Pass database-specific arguments to kadmin. Supported arguments are
	   for the LDAP plug-in. These arguments are:

	   binddn=binddn

	       Specifies the DN of the object used by the KDC server  to  bind
	       to  the LDAP server. This object should have the rights to read
	       the realm container, principal container and the	 subtree  that
	       is referenced by the realm. Overrides the ldap_kdc_dn parameter
	       setting in krb5.conf(4).

	   bindpwd=bindpwd

	       Specifies the password for the above-mentioned  binddn.	It  is
	       recommended  not	 to use this option. Instead, the password can
	       be stashed using the stashsrvpw command of kdb5_ldap_util(1M).

	   nconns=num

	       Specifies the number of connections to be maintained  per  LDAP
	       server.

	   host=ldapuri

	       Specifies, by an LDAP URI, the LDAP server to which to connect.

FILES
       /var/krb5/principal.db

	   Kerberos principal database.

       /var/krb5/principal.kadm5

	   Kerberos  administrative database. This file contains policy infor‐
	   mation.

       /var/krb5/principal.kadm5.lock

	   Kerberos administrative database lock file. This file  works	 back‐
	   wards from most other lock files (that is, kadmin will exit with an
	   error if this file does not exist).

       /etc/krb5/kdc.conf

	   KDC configuration file. This file is read at startup.

       /etc/krb5/kpropd.acl

	   File that defines the access control list for propagating the  Ker‐
	   beros database using kprop.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWkdcu			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       kill(1),	  kpasswd(1),	gkadmin(1M),   kadmind(1M),  kadmin.local(1M),
       kdb5_util(1M),	 kdb5_ldap_util(1M),	 logadm(1M),	 krb5.conf(4),
       attributes(5), krb5envvar(5), kerberos(5),

NOTES
       The  following  signal has the specified effect when sent to the server
       process using the kill(1)command:

       SIGHUP

	   krb5kdc closes and re-opens log files that it directly opens.  This
	   can	 be   useful  for  external  log-rotation  utilities  such  as
	   logadm(1M).	If this method is used for log file rotation, set  the
	   krb5.conf(4) kdc_rotate period relation to never.

SunOS 5.10			  24 Oct 2007			   krb5kdc(1M)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net