*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> kadmind (8)              
Title
Content
Arch
Section
 

KADMIND(8)

Contents

NAME    [Toc]    [Back]

     kadmind -  server  for  administrative  access  to  Kerberos
database

SYNOPSIS    [Toc]    [Back]

     kadmind   [-c   file   |   --config-file=file]  [-k  file  |
--key-file=file]
             [--keytab=keytab] [-r realm | --realm=realm]  [-d  |
--debug] [-p
             port | --ports=port] [--no-kerberos4]

DESCRIPTION    [Toc]    [Back]

     kadmind  listens  for  requests  for changes to the Kerberos
database and
     performs these, subject to permissions.  When  starting,  if
stdin is a
     socket it assumes that it has been started by inetd(8), otherwise it behaves
 as a daemon, forking processes for  each  new  connection. The --debug
     option  causes  kadmind  to  accept  exactly one connection,
which is useful
     for debugging.

     If built with krb4 support, it implements both  the  Heimdal
Kerberos 5 administrative
  protocol and the Kerberos 4 protocol. Password
changes via
     the Kerberos 4 protocol are also performed by  kadmind,  but
the
     kpasswdd(8)  daemon  is responsible for the Kerberos 5 password changing
     protocol (used by passwd(1))

     This daemon should only be run on the master server, and not
on any
     slaves.

     Principals  are  always allowed to change their own password
and list their
     own principal.  Apart from that,  doing  any  operation  requires permission
     explicitly  added  in the ACL file /var/heimdal/kadmind.acl.
The format of
     this file is:

     principal rights [principal-pattern]

     Where rights is any (comma separated) combination of:
     +o   change-password or cpw
     +o   list
     +o   delete
     +o   modify
     +o   add
     +o   get
     +o   all

     And the optional principal-pattern restricts the  rights  to
operations on
     principals that match the glob-style pattern.

     Supported options:

     -c file, --config-file=file
             location of config file

     -k file, --key-file=file
             location of master key file

     --keytab=keytab
             what keytab to use

     -r realm, --realm=realm
             realm to use

     -d, --debug
             enable debugging

     -p port, --ports=port
             ports  to listen to. By default, if run as a daemon,
it listens to
             ports 749, and 751 (if Kerberos 4 support  is  built
and enabled),
             but  you  can  add any number of ports with this option. The port
             string is a whitespace separated list of port specifications,
             with  the  special string ``+'' representing the default set of
             ports.

     --no-kerberos4
             make kadmind ignore Kerberos 4 kadmin requests.

FILES    [Toc]    [Back]

     /var/heimdal/kadmind.acl

EXAMPLES    [Toc]    [Back]

     This will cause kadmind to listen to port 4711  in  addition
to any compiled
 in defaults:

           kadmind--ports="+ 4711" &

     This  acl  file will grant Joe all rights, and allow Mallory
to view and
     add host principals.

           joe/[email protected]      all
           mallory/[email protected]  add,get  host/*@EXAMPLE.COM

SEE ALSO    [Toc]    [Back]

      
       
     passwd(1), kadmin(8), kdc(8), kpasswdd(8)

 HEIMDAL                                March       5,       2002
[ Back ]
 Similar pages
Name OS Title
getent Linux get entries from administrative database
kdc FreeBSD Kerberos 5 server
kdc OpenBSD Kerberos 5 server
kpasswdd OpenBSD Kerberos 5 password changing server
kpasswdd FreeBSD Kerberos 5 password changing server
ypserv FreeBSD NIS database server
netmasks Tru64 DHCP server database
namepool Tru64 DHCP server database
named.reload FreeBSD cause the name server to synchronize its database
xrdb IRIX X server resource database utility
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service