1krb5kdc(1M)             System Administration Commands             krb5kdc(1M)
2
3
4

NAME

6       krb5kdc - KDC daemon
7

SYNOPSIS

9       /usr/lib/krb5/krb5kdc [-d dbpath] [-r realm]  [-m]
10            [-k masterenctype] [-M masterkeyname]
11            [-p port] [-n] [-x db_args]...
12
13

DESCRIPTION

15       krb5kdc is the daemon that runs on the master and slave KDCs to process
16       the Kerberos tickets. For Kerberos to function properly,  krb5kdc  must
17       be  running  on  at least one KDC that the Kerberos clients can access.
18       Prior to running krb5kdc, you must  initialize  the  Kerberos  database
19       using  kdb5_util(1M).  See the  for information regarding how to set up
20       KDCs and initialize the Kerberos database.
21

OPTIONS

23       The following options are supported:
24
25       -d dbpath
26
27           Specify the path to the database; default value is /var/krb5.
28
29
30       -k masterenctype
31
32           Specify the  encryption  type  for  encrypting  the  database.  The
33           default value is des-cbc-crc. des3-cbc-sha1, arcfour-hmac-md5, arc‐
34           four-hmac-md5-exp,  aes128-cts-hmac-sha1-96,  and  aes256-cts-hmac-
35           sha1-96 are also valid.
36
37
38       -m
39
40           Specify that the master key for the database is to be entered manu‐
41           ally.
42
43
44       -M masterkeyname
45
46           Specify the principal to retrieve the master Key for the database.
47
48
49       -n
50
51           Specify that krb5kdc should not detach from the terminal.
52
53
54       -p port
55
56           Specify the port that will be used by the KDC to listen for  incom‐
57           ing requests.
58
59
60       -r realm
61
62           Specify the realm name; default is the local realm name.
63
64
65       -x db_args
66
67           Pass database-specific arguments to kadmin. Supported arguments are
68           for the LDAP plug-in. These arguments are:
69
70           binddn=binddn
71
72               Specifies the DN of the object used by the KDC server  to  bind
73               to  the LDAP server. This object should have the rights to read
74               the realm container, principal container and the  subtree  that
75               is referenced by the realm. Overrides the ldap_kdc_dn parameter
76               setting in krb5.conf(4).
77
78
79           bindpwd=bindpwd
80
81               Specifies the password for the above-mentioned  binddn.  It  is
82               recommended  not  to use this option. Instead, the password can
83               be stashed using the stashsrvpw command of kdb5_ldap_util(1M).
84
85
86           nconns=num
87
88               Specifies the number of connections to be maintained  per  LDAP
89               server.
90
91
92           host=ldapuri
93
94               Specifies, by an LDAP URI, the LDAP server to which to connect.
95
96
97

FILES

99       /var/krb5/principal.db
100
101           Kerberos principal database.
102
103
104       /var/krb5/principal.kadm5
105
106           Kerberos  administrative database. This file contains policy infor‐
107           mation.
108
109
110       /var/krb5/principal.kadm5.lock
111
112           Kerberos administrative database lock file. This file  works  back‐
113           wards from most other lock files (that is, kadmin will exit with an
114           error if this file does not exist).
115
116
117       /etc/krb5/kdc.conf
118
119           KDC configuration file. This file is read at startup.
120
121
122       /etc/krb5/kpropd.acl
123
124           File that defines the access control list for propagating the  Ker‐
125           beros database using kprop.
126
127

ATTRIBUTES

129       See attributes(5) for descriptions of the following attributes:
130
131
132
133
134       ┌─────────────────────────────┬─────────────────────────────┐
135       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
136       ├─────────────────────────────┼─────────────────────────────┤
137       │Availability                 │SUNWkdcu                     │
138       └─────────────────────────────┴─────────────────────────────┘
139

SEE ALSO

141       kill(1),   kpasswd(1),   gkadmin(1M),   kadmind(1M),  kadmin.local(1M),
142       kdb5_util(1M),    kdb5_ldap_util(1M),     logadm(1M),     krb5.conf(4),
143       attributes(5), krb5envvar(5), kerberos(5),
144
145
146
147

NOTES

149       The  following  signal has the specified effect when sent to the server
150       process using the kill(1)command:
151
152       SIGHUP
153
154           krb5kdc closes and re-opens log files that it directly opens.  This
155           can   be   useful  for  external  log-rotation  utilities  such  as
156           logadm(1M). If this method is used for log file rotation,  set  the
157           krb5.conf(4) kdc_rotate period relation to never.
158
159
160
161
162SunOS 5.11                        24 Oct 2007                      krb5kdc(1M)
Impressum