GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
KADMIND(8) FreeBSD System Manager's Manual KADMIND(8)

kadmind
server for administrative access to Kerberos database

kadmind [-c file | --config-file=file] [-k file | --key-file=file] [--keytab=keytab] [-r realm | --realm=realm] [-d | --debug] [-p port | --ports=port]

kadmind listens for requests for changes to the Kerberos database and performs these, subject to permissions. When starting, if stdin is a socket it assumes that it has been started by inetd(8), otherwise it behaves as a daemon, forking processes for each new connection. The --debug option causes kadmind to accept exactly one connection, which is useful for debugging.

The kpasswdd(8) daemon is responsible for the Kerberos 5 password changing protocol (used by kpasswd(1)).

This daemon should only be run on the master server, and not on any slaves.

Principals are always allowed to change their own password and list their own principal. Apart from that, doing any operation requires permission explicitly added in the ACL file /var/heimdal/kadmind.acl. The format of this file is:

principal rights [principal-pattern]

Where rights is any (comma separated) combination of:

  • change-password or cpw
  • list
  • delete
  • modify
  • add
  • get
  • all

And the optional principal-pattern restricts the rights to operations on principals that match the glob-style pattern.

Supported options:

file, --config-file=file
location of config file
file, --key-file=file
location of master key file
--keytab=keytab
what keytab to use
realm, --realm=realm
realm to use
, --debug
enable debugging
port, --ports=port
ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the special string “+” representing the default port.

/var/heimdal/kadmind.acl

This will cause kadmind to listen to port 4711 in addition to any compiled in defaults:

kadmind - -ports="+ 4711" &

This acl file will grant Joe all rights, and allow Mallory to view and add host principals.

joe/admin@EXAMPLE.COM      all
mallory/admin@EXAMPLE.COM  add,get  host/*@EXAMPLE.COM

kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
December 8, 2004 HEIMDAL
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.