kadmind man page on Archlinux

Man page or keyword search:  
man Server   11224 pages
apropos Keyword Search (all sections)
Output format
Archlinux logo
[printable version]

KADMIND(8)			 MIT Kerberos			    KADMIND(8)

NAME
       kadmind - KADM5 administration server

SYNOPSIS
       kadmind	[-x db_args] [-r realm] [-m] [-nofork] [-port port-number] [-P
       pid_file] [-p kdb5_util_path] [-K kprop_path] [-F dump_file]

DESCRIPTION
       kadmind starts the Kerberos administration server.   kadmind  typically
       runs  on the master Kerberos server, which stores the KDC database.  If
       the KDC database uses the LDAP module, the  administration  server  and
       the  KDC	 server	 need  not  run	 on the same machine.  kadmind accepts
       remote requests from programs  such  as	kadmin(1)  and	kpasswd(1)  to
       administer the information in these database.

       kadmind	requires a number of configuration files to be set up in order
       for it to work:

       kdc.conf(5)
	      The KDC configuration file  contains  configuration  information
	      for  the	KDC  and admin servers.	 kadmind uses settings in this
	      file to locate the Kerberos database, and is  also  affected  by
	      the  acl_file,  dict_file,  kadmind_port, and iprop-related set‐
	      tings.

       kadm5.acl(5)
	      kadmind's ACL (access control list) tells	 it  which  principals
	      are  allowed to perform administration actions.  The pathname to
	      the ACL file can be  specified  with  the	 acl_file  kdc.conf(5)
	      variable; by default, it is /var/lib/krb5kdc/kadm5.acl.

       After  the  server begins running, it puts itself in the background and
       disassociates itself from its controlling terminal.

       kadmind can be configured for incremental database propagation.	Incre‐
       mental  propagation  allows  slave KDC servers to receive principal and
       policy updates incrementally instead of receiving  full	dumps  of  the
       database.   This	 facility  can be enabled in the kdc.conf(5) file with
       the iprop_enable option.	 Incremental propagation requires the  princi‐
       pal  kiprop/MASTER\@REALM  (where  MASTER is the master KDC's canonical
       host name, and REALM the realm name) to be registered in the database.

OPTIONS
       -r realm
	      specifies the realm that kadmind will serve; if it is not speci‐
	      fied, the default realm of the host is used.

       -m     causes  the master database password to be fetched from the key‐
	      board (before the server puts itself in the background,  if  not
	      invoked  with  the  -nofork  option)  rather than from a file on
	      disk.

       -nofork
	      causes the server to remain in the foreground and remain associ‐
	      ated to the terminal.  In normal operation, you should allow the
	      server to place itself in the background.

       -port port-number
	      specifies the port on which the  administration  server  listens
	      for  connections.	  The  default	port is determined by the kad‐
	      mind_port configuration variable in kdc.conf(5).

       -P pid_file
	      specifies the file to which the PID of kadmind process should be
	      written  after  it starts up.  This file can be used to identify
	      whether kadmind is still running and to allow  init  scripts  to
	      stop the correct process.

       -p kdb5_util_path
	      specifies	 the path to the kdb5_util command to use when dumping
	      the KDB in response  to  full  resync  requests  when  iprop  is
	      enabled.

       -K kprop_path
	      specifies	 the  path  to	the  kprop command to use to send full
	      dumps to slaves in response to full resync requests.

       -F dump_file
	      specifies the file path to  be  used  for	 dumping  the  KDB  in
	      response to full resync requests when iprop is enabled.

       -x db_args
	      specifies database-specific arguments.

	      Options supported for LDAP database are:

		 -x nconns=number_of_connections
			specifies  the	number of connections to be maintained
			per LDAP server.

		 -x host=ldapuri
			specifies the LDAP server to connect to by URI.

		 -x binddn=binddn
			specifies the DN of the object used by the administra‐
			tion  server  to bind to the LDAP server.  This object
			should have read and write  privileges	on  the	 realm
			container,  the	 principal  container, and the subtree
			that is referenced by the realm.

		 -x bindpwd=bind_password
			specifies the password for the above mentioned binddn.
			Using  this  option  may  expose the password to other
			users on the system via the  process  list;  to	 avoid
			this,  instead stash the password using the stashsrvpw
			command of kdb5_ldap_util(8).

		 -x debug=level
			sets the OpenLDAP client library debug	level.	 level
			is  an	integer	 to  be	 interpreted  by  the library.
			Debugging messages are printed to standard  error,  so
			this option must be used with the -nofork option to be
			useful.	 New in release 1.12.

SEE ALSO
       kpasswd(1), kadmin(1), kdb5_util(8), kdb5_ldap_util(8), kadm5.acl(5)

AUTHOR
       MIT

COPYRIGHT
       1985-2013, MIT

1.12.1								    KADMIND(8)
[top]

List of man pages available for Archlinux

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net