Fix "(empty" typo in "{etypes}" handler in trace.c

[krb5.git] / src / man / krb5kdc.man

.TH "KRB5KDC" "8" " " "0.0.1" "MIT Kerberos"
.SH NAME
krb5kdc \- Kerberos V5 KDC
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.\" Man page generated from reStructeredText.
.
.SH SYNOPSIS
.sp
\fBkrb5kdc\fP
[\fB\-x\fP \fIdb_args\fP]
[\fB\-d\fP \fIdbname\fP]
[\fB\-k\fP \fIkeytype\fP]
[\fB\-M\fP \fImkeyname\fP]
[\fB\-p\fP \fIportnum\fP]
[\fB\-m\fP]
[\fB\-r\fP \fIrealm\fP]
[\fB\-n\fP]
[\fB\-w\fP \fInumworkers\fP]
[\fB\-P\fP \fIpid_file\fP]
.SH DESCRIPTION
.sp
krb5kdc is the Kerberos version 5 Authentication Service and Key
Distribution Center (AS/KDC).
.SH OPTIONS
.sp
The \fB\-r\fP \fIrealm\fP option specifies the realm for which the server
should provide service.
.sp
The \fB\-d\fP \fIdbname\fP option specifies the name under which the
principal database can be found.  This option does not apply to the
LDAP database.
.sp
The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
to be entered manually as a password when \fB\-m\fP is given; the default
is \fBdes\-cbc\-crc\fP.
.sp
The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
.sp
The \fB\-m\fP option specifies that the master database password should
be fetched from the keyboard rather than from a stash file.
.sp
The \fB\-n\fP option specifies that the KDC does not put itself in the
background and does not disassociate itself from the terminal.  In
normal operation, you should always allow the KDC to place itself in
the background.
.sp
The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into
\fIpid_file\fP after it starts up.  This can be used to identify whether
the KDC is still running and to allow init scripts to stop the correct
process.
.sp
The \fB\-p\fP \fIportnum\fP option specifies the default UDP port numbers
which the KDC should listen on for Kerberos version 5 requests, as a
comma\-separated list.  This value overrides the UDP port numbers
specified in the \fIkdcdefaults\fP section of \fIkdc.conf(5)\fP, but
may be overridden by realm\-specific values.  If no value is given from
any source, the default ports are 88 and 750.
.sp
The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP
processes to listen to the KDC ports and process requests in parallel.
The top level KDC process (whose pid is recorded in the pid file if
the \fB\-P\fP option is also given) acts as a supervisor.  The supervisor
will relay SIGHUP signals to the worker subprocesses, and will
terminate the worker subprocess if the it is itself terminated or if
any other worker process exits.
.IP Note
.
On operating systems which do not have \fIpktinfo\fP support,
using worker processes will prevent the KDC from listening
for UDP packets on network interfaces created after the KDC
starts.
.RE
.sp
The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments.
Options supported for the LDAP database module are:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
.B \fB\-x\fP nconns=<number_of_connections>
.sp
Specifies the number of connections to be maintained per
LDAP server.
.TP
.B \fB\-x\fP host=<ldapuri>
.sp
Specifies the LDAP server to connect to by URI.
.TP
.B \fB\-x\fP binddn=<binddn>
.sp
Specifies the DN of the object used by the KDC server to bind
to the LDAP server.  This object should have read and write
privileges to the realm container, the principal container,
and the subtree that is referenced by the realm.
.TP
.B \fB\-x\fP bindpwd=<bind_password>
.sp
Specifies the password for the above mentioned binddn.  Using
this option may expose the password to other users on the
system via the process list; to avoid this, instead stash the
password using the \fBstashsrvpw\fP command of
\fIkdb5_ldap_util(8)\fP.
.UNINDENT
.UNINDENT
.UNINDENT
.SH EXAMPLE
.sp
The KDC may service requests for multiple realms (maximum 32 realms).
The realms are listed on the command line.  Per\-realm options that can
be specified on the command line pertain for each realm that follows
it and are superseded by subsequent definitions of the same option.
.sp
For example:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
krb5kdc \-p 2001 \-r REALM1 \-p 2002 \-r REALM2 \-r REALM3
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
specifies that the KDC listen on port 2001 for REALM1 and on port 2002
for REALM2 and REALM3.  Additionally, per\-realm parameters may be
specified in the \fIkdc.conf(5)\fP file.  The location of this file
may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable.
Per\-realm parameters specified in this file take precedence over
options specified on the command line.  See the \fIkdc.conf(5)\fP
description for further details.
.SH ENVIRONMENT
.sp
krb5kdc uses the following environment variables:
.INDENT 0.0
.IP \(bu 2
.
\fBKRB5_CONFIG\fP
.IP \(bu 2
.
\fBKRB5_KDC_PROFILE\fP
.UNINDENT
.SH SEE ALSO
.sp
\fIkdb5_util(8)\fP, \fIkdc.conf(5)\fP, \fIkrb5.conf(5)\fP,
\fIkdb5_ldap_util(8)\fP
.SH AUTHOR
MIT
.SH COPYRIGHT
2011, MIT
.\" Generated by docutils manpage writer.
.