FreeBSD Manual Pages
KADMIND(8) MIT Kerberos KADMIND(8) NAME kadmind - KADM5 administration server SYNOPSIS kadmind [-x db_args] [-r realm] [-m] [-nofork] [-proponly] [-port port-number] [-P pid_file] [-p kdb5_util_path] [-K kprop_path] [-k kprop_port] [-F dump_file] DESCRIPTION kadmind starts the Kerberos administration server. kadmind typically runs on the primary Kerberos server, which stores the KDC database. If the KDC database uses the LDAP module, the administration server and the KDC server need not run on the same machine. kadmind accepts re- mote requests from programs such as kadmin(1) and kpasswd(1) to admin- ister the information in these database. kadmind requires a number of configuration files to be set up in order for it to work: kdc.conf(5) The KDC configuration file contains configuration information for the KDC and admin servers. kadmind uses settings in this file to locate the Kerberos database, and is also affected by the acl_file, dict_file, kadmind_port, and iprop-related set- tings. kadm5.acl(5) kadmind's ACL (access control list) tells it which principals are allowed to perform administration actions. The pathname to the ACL file can be specified with the acl_file kdc.conf(5) variable; by default, it is /usr/local/var/krb5kdc/kadm5.acl. After the server begins running, it puts itself in the background and disassociates itself from its controlling terminal. kadmind can be configured for incremental database propagation. Incre- mental propagation allows replica KDC servers to receive principal and policy updates incrementally instead of receiving full dumps of the database. This facility can be enabled in the kdc.conf(5) file with the iprop_enable option. Incremental propagation requires the princi- pal kiprop/PRIMARY\@REALM (where PRIMARY is the primary KDC's canonical host name, and REALM the realm name). In release 1.13, this principal is automatically created and registered into the datebase. OPTIONS -r realm specifies the realm that kadmind will serve; if it is not speci- fied, the default realm of the host is used. -m causes the master database password to be fetched from the key- board (before the server puts itself in the background, if not invoked with the -nofork option) rather than from a file on disk. -nofork causes the server to remain in the foreground and remain associ- ated to the terminal. -proponly causes the server to only listen and respond to Kerberos replica incremental propagation polling requests. This option can be used to set up a hierarchical propagation topology where a replica KDC provides incremental updates to other Kerberos replicas. -port port-number specifies the port on which the administration server listens for connections. The default port is determined by the kad- mind_port configuration variable in kdc.conf(5). -P pid_file specifies the file to which the PID of kadmind process should be written after it starts up. This file can be used to identify whether kadmind is still running and to allow init scripts to stop the correct process. -p kdb5_util_path specifies the path to the kdb5_util command to use when dumping the KDB in response to full resync requests when iprop is en- abled. -K kprop_path specifies the path to the kprop command to use to send full dumps to replicas in response to full resync requests. -k kprop_port specifies the port by which the kprop process that is spawned by kadmind connects to the replica kpropd, in order to transfer the dump file during an iprop full resync request. -F dump_file specifies the file path to be used for dumping the KDB in re- sponse to full resync requests when iprop is enabled. -x db_args specifies database-specific arguments. See Database Options in kadmin(1) for supported arguments. ENVIRONMENT See kerberos(7) for a description of Kerberos environment variables. SEE ALSO kpasswd(1), kadmin(1), kdb5_util(8), kdb5_ldap_util(8), kadm5.acl(5), kerberos(7) AUTHOR MIT COPYRIGHT 1985-2024, MIT 1.22 KADMIND(8)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | ENVIRONMENT | SEE ALSO | AUTHOR | COPYRIGHT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kadmind&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>