Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

krb5kdc


NAME
     krb5kdc - KDC daemon

SYNOPSIS
     /usr/lib/krb5/krb5kdc [-d dbpath] [-r realm]  [-m]
         [-k masterenctype] [-M masterkeyname]
         [-p port] [-n] [-x db_args]...


DESCRIPTION
     krb5kdc is the daemon that runs on the master and slave KDCs
     to  process  the  Kerberos tickets. For Kerberos to function
     properly, krb5kdc must be running on at least one  KDC  that
     the  Kerberos  clients can access. Prior to running krb5kdc,
     you   must   initialize   the   Kerberos   database    using
     kdb5_util(1M). See the  for information regarding how to set
     up KDCs and initialize the Kerberos database.

OPTIONS
     The following options are supported:

     -d dbpath

         Specify the path  to  the  database;  default  value  is
         /var/krb5.


     -k masterenctype

         Specify the encryption type for encrypting the database.
         The   default   value   is  des-cbc-crc.  des3-cbc-sha1,
         arcfour-hmac-md5,   arcfour-hmac-md5-exp,    aes128-cts-
         hmac-sha1-96,   and   aes256-cts-hmac-sha1-96  are  also
         valid.


     -m

         Specify that the master key for the database  is  to  be
         entered manually.


     -M masterkeyname

         Specify the principal to retrieve the master Key for the
         database.


     -n

         Specify that krb5kdc should not detach from  the  termi-
         nal.

     -p port

         Specify the port that will be used by the KDC to  listen
         for incoming requests.


     -r realm

         Specify the realm name; default is the local realm name.


     -x db_args

         Pass database-specific arguments  to  kadmin.  Supported
         arguments are for the LDAP plug-in. These arguments are:

         binddn=binddn

             Specifies the DN of  the  object  used  by  the  KDC
             server  to  bind  to  the  LDAP  server. This object
             should have the rights to read the realm  container,
             principal  container  and the subtree that is refer-
             enced by the realm. Overrides the ldap_kdc_dn param-
             eter setting in krb5.conf(4).


         bindpwd=bindpwd

             Specifies  the  password  for  the   above-mentioned
             binddn.  It  is  recommended not to use this option.
             Instead, the  password  can  be  stashed  using  the
             stashsrvpw command of kdb5_ldap_util(1M).


         nconns=num

             Specifies the number of connections to be maintained
             per LDAP server.


         host=ldapuri

             Specifies, by an LDAP URI, the LDAP server to  which
             to connect.



FILES
     /var/krb5/principal.db

         Kerberos principal database.

     /var/krb5/principal.kadm5

         Kerberos administrative  database.  This  file  contains
         policy information.


     /var/krb5/principal.kadm5.lock

         Kerberos administrative database lock  file.  This  file
         works  backwards  from  most  other lock files (that is,
         kadmin will exit with an error if  this  file  does  not
         exist).


     /etc/krb5/kdc.conf

         KDC configuration file. This file is read at startup.


     /etc/krb5/kpropd.acl

         File that defines the access control list for  propagat-
         ing the Kerberos database using kprop.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWkdcu                    |
    |_____________________________|_____________________________|


SEE ALSO
     kill(1),     kpasswd(1),      gkadmin(1M),      kadmind(1M),
     kadmin.local(1M),     kdb5_util(1M),     kdb5_ldap_util(1M),
     logadm(1M), krb5.conf(4), attributes(5), krb5envvar(5), ker-
     beros(5),


NOTES
     The following signal has the specified effect when  sent  to
     the server process using the kill(1)command:

     SIGHUP

         krb5kdc closes and re-opens log files that  it  directly
         opens.  This  can  be  useful  for external log-rotation
         utilities such as logadm(1M).  If this  method  is  used
         for  log  file rotation, set the krb5.conf(4) kdc_rotate
         period relation to never.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments