Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
KADMIND(8)		    System Manager's Manual		    KADMIND(8)

NAME
       kadmind -- server for administrative access to Kerberos database

SYNOPSIS
       kadmind	  [-c file | --config-file=file]   [-k file | --key-file=file]
	       [--keytab=keytab] [-r realm | --realm=realm] [-d	| --debug] [-p
	       port | --ports=port]

DESCRIPTION
       kadmind listens for requests for	changes	to the Kerberos	 database  and
       performs	 these,	 subject to permissions.  When starting, if stdin is a
       socket it assumes that it has been started by  inetd(8),	 otherwise  it
       behaves	as  a  daemon,	forking	processes for each new connection. The
       --debug option causes kadmind to	accept exactly one  connection,	 which
       is useful for debugging.

       The  kpasswdd(8)	 daemon	 is  responsible  for  the Kerberos 5 password
       changing	protocol (used by kpasswd(1)).

       This daemon should only be run on the master server,  and  not  on  any
       slaves.

       Principals  are	always	allowed	 to change their own password and list
       their own principal.  Apart from	that,  doing  any  operation  requires
       permission  explicitly  added in	the ACL	file /var/heimdal/kadmind.acl.
       The format of this file is:

       principal rights	[principal-pattern]

       Where rights is any (comma separated) combination of:
          change-password or cpw
          list
          delete
          modify
          add
          get
          all

       And the optional	principal-pattern restricts the	rights	to  operations
       on principals that match	the glob-style pattern.

       Supported options:

       -c file,	--config-file=file
	       location	of config file

       -k file,	--key-file=file
	       location	of master key file

       --keytab=keytab
	       what keytab to use

       -r realm, --realm=realm
	       realm to	use

       -d, --debug
	       enable debugging

       -p port,	--ports=port
	       ports  to listen	to. By default,	if run as a daemon, it listens
	       to port 749, but	you can	add any	number of ports	with this  op-
	       tion.  The  port	 string	is a whitespace	separated list of port
	       specifications, with the	special	string	"+"  representing  the
	       default port.

FILES
       /var/heimdal/kadmind.acl

EXAMPLES
       This  will cause	kadmind	to listen to port 4711 in addition to any com-
       piled in	defaults:

	     kadmind --ports="+	4711" &

       This acl	file will grant	Joe all	rights,	and allow Mallory to view  and
       add host	principals.

	     joe/admin@EXAMPLE.COM	all
	     mallory/admin@EXAMPLE.COM	add,get	 host/*@EXAMPLE.COM

SEE ALSO
       kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)

HEIMDAL			       December	8, 2004			    KADMIND(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kadmind&sektion=8&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help