Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenStep 4.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

KDC(8)			  BSD System Manager's Manual			KDC(8)

NAME
     kdc -- Kerberos 5 server

SYNOPSIS
     kdc [-c file | --config-file=file]	[-p | --no-require-preauth]
	 [--max-request=size] [-H | --enable-http] [--no-524] [--kerberos4]
	 [--kerberos4-cross-realm] [-r string |	--v4-realm=string]
	 [-K | --kaserver] [-P portspec	| --ports=portspec] [--detach]
	 [--addresses=list of addresses]

DESCRIPTION
     kdc serves	requests for tickets.  When it starts, it first	checks the
     flags passed, any options that are	not specified with a command line flag
     are taken from a config file, or from a default compiled-in value.

     Options supported:

     -c	file, --config-file=file
	     Specifies the location of the config file,	the default is
	     /var/heimdal/kdc.conf.  This is the only value that can't be
	     specified in the config file.

     -p, --no-require-preauth
	     Turn off the requirement for pre-autentication in the initial AS-
	     REQ for all principals.  The use of pre-authentication makes it
	     more difficult to do offline password attacks.  You might want to
	     turn it off if you	have clients that don't	support	pre-authenti-
	     cation.  Since the	version	4 protocol doesn't support any pre-au-
	     thentication, serving version 4 clients is	just about the same as
	     not requiring pre-athentication.  The default is to require pre-
	     authentication.  Adding the require-preauth per principal is a
	     more flexible way of handling this.

     --max-request=size
	     Gives an upper limit on the size of the requests that the kdc is
	     willing to	handle.

     -H, --enable-http
	     Makes the kdc listen on port 80 and handle	requests encapsulated
	     in	HTTP.

     --no-524
	     don't respond to 524 requests

     --kerberos4
	     respond to	Kerberos 4 requests

     --kerberos4-cross-realm
	     respond to	Kerberos 4 requests from foreign realms.  This is a
	     known security hole and should not	be enabled unless you under-
	     stand the consequences and	are willing to live with them.

     -r	string,	--v4-realm=string
	     What realm	this server should act as when dealing with version 4
	     requests.	The database can contain any number of realms, but
	     since the version 4 protocol doesn't contain a realm for the
	     server, it	must be	explicitly specified.  The default is whatever
	     is	returned by krb_get_lrealm().  This option is only availabe if
	     the KDC has been compiled with version 4 support.

     -K, --kaserver
	     Enable kaserver emulation (in case	it's compiled in).

     -P	portspec, --ports=portspec
	     Specifies the set of ports	the KDC	should listen on.  It is given
	     as	a white-space separated	list of	services or port numbers.

     --addresses=list of addresses
	     The list of addresses to listen for requests on.  By default, the
	     kdc will listen on	all the	locally	configured addresses.  If only
	     a subset is desired, or the automatic detection fails, this op-
	     tion might	be used.

     All activities are	logged to one or more destinations, see	krb5.conf(5),
     and krb5_openlog(3).  The entity used for logging is kdc.

CONFIGURATION FILE
     The configuration file has	the same syntax	as krb5.conf(5), but will be
     read before /etc/krb5.conf, so it may override settings found there.  Op-
     tions specific to the KDC only are	found in the "[kdc]" section.  All the
     command-line options can preferably be added in the configuration file.
     The only difference is the	pre-authentication flag, which has to be spec-
     ified as:

	   require-preauth = no

     (in fact you can specify the option as --require-preauth=no).

     And there are some	configuration options which do not have	command-line
     equivalents:

	   check-ticket-addresses = boolean
		Check the addresses in the ticket when processing TGS re-
		quests.	 The default is	FALSE.

	   allow-null-ticket-addresses = boolean
		Permit tickets with no addresses.  This	option is only rele-
		vant when check-ticket-addresses is TRUE.

	   allow-anonymous = boolean
		Permit anonymous tickets with no addresses.

	   enforce-transited-policy = boolean
		Always verify the transited policy, ignoring the
		disable-transited-check	flag if	set in the KDC client request.

	   encode_as_rep_as_tgs_rep = boolean
		Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
		code.  The Heimdal clients allow both.

	   kdc_warn_pwexpire = time
		How long before	password/principal expiration the KDC should
		start sending out warning messages.

     The configuration file is only read when the kdc is started.  If changes
     made to the configuration file are	to take	effect,	the kdc	needs to be
     restarted.

     An	example	of a config file:

	   [kdc]
		   require-preauth = no
		   v4-realm = FOO.SE
		   key-file = /key-file

BUGS
     If	the machine running the	KDC has	new addresses added to it, the KDC
     will have to be restarted to listen to them.  The reason it doesn't just
     listen to wildcarded (like	INADDR_ANY) addresses, is that the replies has
     to	come from the same address they	were sent to, and most OS:es doesn't
     pass this information to the application.	If your	normal mode of opera-
     tion require that you add and remove addresses, the best option is	proba-
     bly to listen to a	wildcarded TCP socket, and make	sure your clients use
     TCP to connect.  For instance, this will listen to	IPv4 TCP port 88 only:

	   kdc --addresses=0.0.0.0 --ports="88/tcp"

     There should be a way to specify protocol,	port, and address triplets,
     not just addresses	and protocol, port tuples.

SEE ALSO
     kinit(1), krb5.conf(5)

HEIMDAL			       October 21, 2003			       HEIMDAL

---

NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION FILE | BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=kdc&sektion=8&manpath=FreeBSD+6.0-RELEASE>

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact