1 .TH "KRB5KDC" "8" " " "0.0.1" "MIT Kerberos"
3 krb5kdc \- Kerberos V5 KDC
5 .nr rst2man-indent-level 0
9 level \\n[rst2man-indent-level]
10 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
17 .\" .rstReportMargin pre:
19 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
20 . nr rst2man-indent-level +1
21 .\" .rstReportMargin post:
25 .\" indent \\n[an-margin]
26 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 .nr rst2man-indent-level -1
28 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
29 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
31 .\" Man page generated from reStructeredText.
36 [\fB\-x\fP \fIdb_args\fP]
37 [\fB\-d\fP \fIdbname\fP]
38 [\fB\-k\fP \fIkeytype\fP]
39 [\fB\-M\fP \fImkeyname\fP]
40 [\fB\-p\fP \fIportnum\fP]
42 [\fB\-r\fP \fIrealm\fP]
44 [\fB\-w\fP \fInumworkers\fP]
45 [\fB\-P\fP \fIpid_file\fP]
48 krb5kdc is the Kerberos version 5 Authentication Service and Key
49 Distribution Center (AS/KDC).
52 The \fB\-r\fP \fIrealm\fP option specifies the realm for which the server
53 should provide service.
55 The \fB\-d\fP \fIdbname\fP option specifies the name under which the
56 principal database can be found. This option does not apply to the
59 The \fB\-k\fP \fIkeytype\fP option specifies the key type of the master key
60 to be entered manually as a password when \fB\-m\fP is given; the default
61 is \fBdes\-cbc\-crc\fP.
63 The \fB\-M\fP \fImkeyname\fP option specifies the principal name for the
64 master key in the database (usually \fBK/M\fP in the KDC\(aqs realm).
66 The \fB\-m\fP option specifies that the master database password should
67 be fetched from the keyboard rather than from a stash file.
69 The \fB\-n\fP option specifies that the KDC does not put itself in the
70 background and does not disassociate itself from the terminal. In
71 normal operation, you should always allow the KDC to place itself in
74 The \fB\-P\fP \fIpid_file\fP option tells the KDC to write its PID into
75 \fIpid_file\fP after it starts up. This can be used to identify whether
76 the KDC is still running and to allow init scripts to stop the correct
79 The \fB\-p\fP \fIportnum\fP option specifies the default UDP port numbers
80 which the KDC should listen on for Kerberos version 5 requests, as a
81 comma\-separated list. This value overrides the UDP port numbers
82 specified in the \fIkdcdefaults\fP section of \fIkdc.conf(5)\fP, but
83 may be overridden by realm\-specific values. If no value is given from
84 any source, the default ports are 88 and 750.
86 The \fB\-w\fP \fInumworkers\fP option tells the KDC to fork \fInumworkers\fP
87 processes to listen to the KDC ports and process requests in parallel.
88 The top level KDC process (whose pid is recorded in the pid file if
89 the \fB\-P\fP option is also given) acts as a supervisor. The supervisor
90 will relay SIGHUP signals to the worker subprocesses, and will
91 terminate the worker subprocess if the it is itself terminated or if
92 any other worker process exits.
95 On operating systems which do not have \fIpktinfo\fP support,
96 using worker processes will prevent the KDC from listening
97 for UDP packets on network interfaces created after the KDC
101 The \fB\-x\fP \fIdb_args\fP option specifies database\-specific arguments.
102 Options supported for the LDAP database module are:
107 .B \fB\-x\fP nconns=<number_of_connections>
109 Specifies the number of connections to be maintained per
112 .B \fB\-x\fP host=<ldapuri>
114 Specifies the LDAP server to connect to by URI.
116 .B \fB\-x\fP binddn=<binddn>
118 Specifies the DN of the object used by the KDC server to bind
119 to the LDAP server. This object should have read and write
120 privileges to the realm container, the principal container,
121 and the subtree that is referenced by the realm.
123 .B \fB\-x\fP bindpwd=<bind_password>
125 Specifies the password for the above mentioned binddn. Using
126 this option may expose the password to other users on the
127 system via the process list; to avoid this, instead stash the
128 password using the \fBstashsrvpw\fP command of
129 \fIkdb5_ldap_util(8)\fP.
135 The KDC may service requests for multiple realms (maximum 32 realms).
136 The realms are listed on the command line. Per\-realm options that can
137 be specified on the command line pertain for each realm that follows
138 it and are superseded by subsequent definitions of the same option.
146 krb5kdc \-p 2001 \-r REALM1 \-p 2002 \-r REALM2 \-r REALM3
152 specifies that the KDC listen on port 2001 for REALM1 and on port 2002
153 for REALM2 and REALM3. Additionally, per\-realm parameters may be
154 specified in the \fIkdc.conf(5)\fP file. The location of this file
155 may be specified by the \fBKRB5_KDC_PROFILE\fP environment variable.
156 Per\-realm parameters specified in this file take precedence over
157 options specified on the command line. See the \fIkdc.conf(5)\fP
158 description for further details.
161 krb5kdc uses the following environment variables:
168 \fBKRB5_KDC_PROFILE\fP
172 \fIkdb5_util(8)\fP, \fIkdc.conf(5)\fP, \fIkrb5.conf(5)\fP,
173 \fIkdb5_ldap_util(8)\fP
178 .\" Generated by docutils manpage writer.