1krb5kdc(1M) System Administration Commands krb5kdc(1M)
2
6 krb5kdc - KDC daemon
7
9 /usr/lib/krb5/krb5kdc [-d dbpath] [-r realm] [-m]
10 [-k masterenctype] [-M masterkeyname]
11 [-p port] [-n] [-x db_args]...
12
15 krb5kdc is the daemon that runs on the master and slave KDCs to process
16 the Kerberos tickets. For Kerberos to function properly, krb5kdc must
17 be running on at least one KDC that the Kerberos clients can access.
18 Prior to running krb5kdc, you must initialize the Kerberos database
19 using kdb5_util(1M). See the for information regarding how to set up
20 KDCs and initialize the Kerberos database.
21
23 The following options are supported:
24 -d dbpath
26 Specify the path to the database; default value is /var/krb5.
28 -k masterenctype
31 Specify the encryption type for encrypting the database. The
33 default value is des-cbc-crc. des3-cbc-sha1, arcfour-hmac-md5, arc‐
34 four-hmac-md5-exp, aes128-cts-hmac-sha1-96, and aes256-cts-hmac-
35 sha1-96 are also valid.
36 -m
39 Specify that the master key for the database is to be entered manu‐
41 ally.
42 -M masterkeyname
45 Specify the principal to retrieve the master Key for the database.
47 -n
50 Specify that krb5kdc should not detach from the terminal.
52 -p port
55 Specify the port that will be used by the KDC to listen for incom‐
57 ing requests.
58 -r realm
61 Specify the realm name; default is the local realm name.
63 -x db_args
66 Pass database-specific arguments to kadmin. Supported arguments are
68 for the LDAP plug-in. These arguments are:
69 binddn=binddn
71 Specifies the DN of the object used by the KDC server to bind
73 to the LDAP server. This object should have the rights to read
74 the realm container, principal container and the subtree that
75 is referenced by the realm. Overrides the ldap_kdc_dn parameter
76 setting in krb5.conf(4).
77 bindpwd=bindpwd
80 Specifies the password for the above-mentioned binddn. It is
82 recommended not to use this option. Instead, the password can
83 be stashed using the stashsrvpw command of kdb5_ldap_util(1M).
84 nconns=num
87 Specifies the number of connections to be maintained per LDAP
89 server.
90 host=ldapuri
93 Specifies, by an LDAP URI, the LDAP server to which to connect.
95
99 /var/krb5/principal.db
100 Kerberos principal database.
102 /var/krb5/principal.kadm5
105 Kerberos administrative database. This file contains policy infor‐
107 mation.
108 /var/krb5/principal.kadm5.lock
111 Kerberos administrative database lock file. This file works back‐
113 wards from most other lock files (that is, kadmin will exit with an
114 error if this file does not exist).
115 /etc/krb5/kdc.conf
118 KDC configuration file. This file is read at startup.
120 /etc/krb5/kpropd.acl
123 File that defines the access control list for propagating the Ker‐
125 beros database using kprop.
126
129 See attributes(5) for descriptions of the following attributes:
130 ┌─────────────────────────────┬─────────────────────────────┐
135 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
136 ├─────────────────────────────┼─────────────────────────────┤
137 │Availability │SUNWkdcu │
138 └─────────────────────────────┴─────────────────────────────┘
139
141 kill(1), kpasswd(1), gkadmin(1M), kadmind(1M), kadmin.local(1M),
142 kdb5_util(1M), kdb5_ldap_util(1M), logadm(1M), krb5.conf(4),
143 attributes(5), krb5envvar(5), kerberos(5),
144
149 The following signal has the specified effect when sent to the server
150 process using the kill(1)command:
151 SIGHUP
153 krb5kdc closes and re-opens log files that it directly opens. This
155 can be useful for external log-rotation utilities such as
156 logadm(1M). If this method is used for log file rotation, set the
157 krb5.conf(4) kdc_rotate period relation to never.
158SunOS 5.11 24 Oct 2007 krb5kdc(1M)