|
Packit |
fd8b60 |
.. _krb5kdc(8):
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5kdc
|
|
Packit |
fd8b60 |
=======
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
SYNOPSIS
|
|
Packit |
fd8b60 |
--------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**krb5kdc**
|
|
Packit |
fd8b60 |
[**-x** *db_args*]
|
|
Packit |
fd8b60 |
[**-d** *dbname*]
|
|
Packit |
fd8b60 |
[**-k** *keytype*]
|
|
Packit |
fd8b60 |
[**-M** *mkeyname*]
|
|
Packit |
fd8b60 |
[**-p** *portnum*]
|
|
Packit |
fd8b60 |
[**-m**]
|
|
Packit |
fd8b60 |
[**-r** *realm*]
|
|
Packit |
fd8b60 |
[**-n**]
|
|
Packit |
fd8b60 |
[**-w** *numworkers*]
|
|
Packit |
fd8b60 |
[**-P** *pid_file*]
|
|
Packit |
fd8b60 |
[**-T** *time_offset*]
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
DESCRIPTION
|
|
Packit |
fd8b60 |
-----------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5kdc is the Kerberos version 5 Authentication Service and Key
|
|
Packit |
fd8b60 |
Distribution Center (AS/KDC).
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
OPTIONS
|
|
Packit |
fd8b60 |
-------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-r** *realm* option specifies the realm for which the server
|
|
Packit |
fd8b60 |
should provide service. This option may be specified multiple times
|
|
Packit |
fd8b60 |
to serve multiple realms. If no **-r** option is given, the default
|
|
Packit |
fd8b60 |
realm (as specified in :ref:`krb5.conf(5)`) will be served.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-d** *dbname* option specifies the name under which the
|
|
Packit |
fd8b60 |
principal database can be found. This option does not apply to the
|
|
Packit |
fd8b60 |
LDAP database.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-k** *keytype* option specifies the key type of the master key
|
|
Packit |
fd8b60 |
to be entered manually as a password when **-m** is given; the default
|
|
Packit |
fd8b60 |
is |defmkey|.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-M** *mkeyname* option specifies the principal name for the
|
|
Packit |
fd8b60 |
master key in the database (usually ``K/M`` in the KDC's realm).
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-m** option specifies that the master database password should
|
|
Packit |
fd8b60 |
be fetched from the keyboard rather than from a stash file.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-n** option specifies that the KDC does not put itself in the
|
|
Packit |
fd8b60 |
background and does not disassociate itself from the terminal.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-P** *pid_file* option tells the KDC to write its PID into
|
|
Packit |
fd8b60 |
*pid_file* after it starts up. This can be used to identify whether
|
|
Packit |
fd8b60 |
the KDC is still running and to allow init scripts to stop the correct
|
|
Packit |
fd8b60 |
process.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-p** *portnum* option specifies the default UDP and TCP port
|
|
Packit |
fd8b60 |
numbers which the KDC should listen on for Kerberos version 5
|
|
Packit |
fd8b60 |
requests, as a comma-separated list. This value overrides the port
|
|
Packit |
fd8b60 |
numbers specified in the :ref:`kdcdefaults` section of
|
|
Packit |
fd8b60 |
:ref:`kdc.conf(5)`, but may be overridden by realm-specific values.
|
|
Packit |
fd8b60 |
If no value is given from any source, the default port is 88.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-w** *numworkers* option tells the KDC to fork *numworkers*
|
|
Packit |
fd8b60 |
processes to listen to the KDC ports and process requests in parallel.
|
|
Packit |
fd8b60 |
The top level KDC process (whose pid is recorded in the pid file if
|
|
Packit |
fd8b60 |
the **-P** option is also given) acts as a supervisor. The supervisor
|
|
Packit |
fd8b60 |
will relay SIGHUP signals to the worker subprocesses, and will
|
|
Packit |
fd8b60 |
terminate the worker subprocess if the it is itself terminated or if
|
|
Packit |
fd8b60 |
any other worker process exits.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-x** *db_args* option specifies database-specific arguments.
|
|
Packit |
fd8b60 |
See :ref:`Database Options <dboptions>` in :ref:`kadmin(1)` for
|
|
Packit |
fd8b60 |
supported arguments.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The **-T** *offset* option specifies a time offset, in seconds, which
|
|
Packit |
fd8b60 |
the KDC will operate under. It is intended only for testing purposes.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
EXAMPLE
|
|
Packit |
fd8b60 |
-------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The KDC may service requests for multiple realms (maximum 32 realms).
|
|
Packit |
fd8b60 |
The realms are listed on the command line. Per-realm options that can
|
|
Packit |
fd8b60 |
be specified on the command line pertain for each realm that follows
|
|
Packit |
fd8b60 |
it and are superseded by subsequent definitions of the same option.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
For example::
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
specifies that the KDC listen on port 2001 for REALM1 and on port 2002
|
|
Packit |
fd8b60 |
for REALM2 and REALM3. Additionally, per-realm parameters may be
|
|
Packit |
fd8b60 |
specified in the :ref:`kdc.conf(5)` file. The location of this file
|
|
Packit |
fd8b60 |
may be specified by the **KRB5_KDC_PROFILE** environment variable.
|
|
Packit |
fd8b60 |
Per-realm parameters specified in this file take precedence over
|
|
Packit |
fd8b60 |
options specified on the command line. See the :ref:`kdc.conf(5)`
|
|
Packit |
fd8b60 |
description for further details.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
ENVIRONMENT
|
|
Packit |
fd8b60 |
-----------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
See :ref:`kerberos(7)` for a description of Kerberos environment
|
|
Packit |
fd8b60 |
variables.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
SEE ALSO
|
|
Packit |
fd8b60 |
--------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
:ref:`kdb5_util(8)`, :ref:`kdc.conf(5)`, :ref:`krb5.conf(5)`,
|
|
Packit |
fd8b60 |
:ref:`kdb5_ldap_util(8)`, :ref:`kerberos(7)`
|