Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     krb5kdc - KDC daemon

     /usr/lib/krb5/krb5kdc [-d dbpath] [-r realm]  [-m]
         [-k masterenctype] [-M masterkeyname]
         [-p port] [-n] [-x db_args]...

     krb5kdc is the daemon that runs on the master and slave KDCs
     to  process  the  Kerberos tickets. For Kerberos to function
     properly, krb5kdc must be running on at least one  KDC  that
     the  Kerberos  clients can access. Prior to running krb5kdc,
     you   must   initialize   the   Kerberos   database    using
     kdb5_util(1M). See the  for information regarding how to set
     up KDCs and initialize the Kerberos database.

     The following options are supported:

     -d dbpath

         Specify the path  to  the  database;  default  value  is

     -k masterenctype

         Specify the encryption type for encrypting the database.
         The   default   value   is  des-cbc-crc.  des3-cbc-sha1,
         arcfour-hmac-md5,   arcfour-hmac-md5-exp,    aes128-cts-
         hmac-sha1-96,   and   aes256-cts-hmac-sha1-96  are  also


         Specify that the master key for the database  is  to  be
         entered manually.

     -M masterkeyname

         Specify the principal to retrieve the master Key for the


         Specify that krb5kdc should not detach from  the  termi-

     -p port

         Specify the port that will be used by the KDC to  listen
         for incoming requests.

     -r realm

         Specify the realm name; default is the local realm name.

     -x db_args

         Pass database-specific arguments  to  kadmin.  Supported
         arguments are for the LDAP plug-in. These arguments are:


             Specifies the DN of  the  object  used  by  the  KDC
             server  to  bind  to  the  LDAP  server. This object
             should have the rights to read the realm  container,
             principal  container  and the subtree that is refer-
             enced by the realm. Overrides the ldap_kdc_dn param-
             eter setting in krb5.conf(4).


             Specifies  the  password  for  the   above-mentioned
             binddn.  It  is  recommended not to use this option.
             Instead, the  password  can  be  stashed  using  the
             stashsrvpw command of kdb5_ldap_util(1M).


             Specifies the number of connections to be maintained
             per LDAP server.


             Specifies, by an LDAP URI, the LDAP server to  which
             to connect.


         Kerberos principal database.


         Kerberos administrative  database.  This  file  contains
         policy information.


         Kerberos administrative database lock  file.  This  file
         works  backwards  from  most  other lock files (that is,
         kadmin will exit with an error if  this  file  does  not


         KDC configuration file. This file is read at startup.


         File that defines the access control list for  propagat-
         ing the Kerberos database using kprop.

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWkdcu                    |

     kill(1),     kpasswd(1),      gkadmin(1M),      kadmind(1M),
     kadmin.local(1M),     kdb5_util(1M),     kdb5_ldap_util(1M),
     logadm(1M), krb5.conf(4), attributes(5), krb5envvar(5), ker-

     The following signal has the specified effect when  sent  to
     the server process using the kill(1)command:


         krb5kdc closes and re-opens log files that  it  directly
         opens.  This  can  be  useful  for external log-rotation
         utilities such as logadm(1M).  If this  method  is  used
         for  log  file rotation, set the krb5.conf(4) kdc_rotate
         period relation to never.

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.