diff options
Diffstat (limited to 'crypto/krb5/doc/admin/admin_commands/krb5kdc.rst')
| -rw-r--r-- | crypto/krb5/doc/admin/admin_commands/krb5kdc.rst | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/crypto/krb5/doc/admin/admin_commands/krb5kdc.rst b/crypto/krb5/doc/admin/admin_commands/krb5kdc.rst deleted file mode 100644 index 97fbe5ed7d10..000000000000 --- a/crypto/krb5/doc/admin/admin_commands/krb5kdc.rst +++ /dev/null @@ -1,121 +0,0 @@ -.. _krb5kdc(8): - -krb5kdc -======= - -SYNOPSIS --------- - -**krb5kdc** -[**-x** *db_args*] -[**-d** *dbname*] -[**-k** *keytype*] -[**-M** *mkeyname*] -[**-p** *portnum*] -[**-m**] -[**-r** *realm*] -[**-n**] -[**-w** *numworkers*] -[**-P** *pid_file*] -[**-T** *time_offset*] - - -DESCRIPTION ------------ - -krb5kdc is the Kerberos version 5 Authentication Service and Key -Distribution Center (AS/KDC). - - -OPTIONS -------- - -The **-r** *realm* option specifies the realm for which the server -should provide service. This option may be specified multiple times -to serve multiple realms. If no **-r** option is given, the default -realm (as specified in :ref:`krb5.conf(5)`) will be served. - -The **-d** *dbname* option specifies the name under which the -principal database can be found. This option does not apply to the -LDAP database. - -The **-k** *keytype* option specifies the key type of the master key -to be entered manually as a password when **-m** is given; the default -is |defmkey|. - -The **-M** *mkeyname* option specifies the principal name for the -master key in the database (usually ``K/M`` in the KDC's realm). - -The **-m** option specifies that the master database password should -be fetched from the keyboard rather than from a stash file. - -The **-n** option specifies that the KDC does not put itself in the -background and does not disassociate itself from the terminal. - -The **-P** *pid_file* option tells the KDC to write its PID into -*pid_file* after it starts up. This can be used to identify whether -the KDC is still running and to allow init scripts to stop the correct -process. - -The **-p** *portnum* option specifies the default UDP and TCP port -numbers which the KDC should listen on for Kerberos version 5 -requests, as a comma-separated list. This value overrides the port -numbers specified in the :ref:`kdcdefaults` section of -:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. -If no value is given from any source, the default port is 88. - -The **-w** *numworkers* option tells the KDC to fork *numworkers* -processes to listen to the KDC ports and process requests in parallel. -The top level KDC process (whose pid is recorded in the pid file if -the **-P** option is also given) acts as a supervisor. The supervisor -will relay SIGHUP signals to the worker subprocesses, and will -terminate the worker subprocess if the it is itself terminated or if -any other worker process exits. - -The **-x** *db_args* option specifies database-specific arguments. -See :ref:`Database Options <dboptions>` in :ref:`kadmin(1)` for -supported arguments. - -The **-T** *offset* option specifies a time offset, in seconds, which -the KDC will operate under. It is intended only for testing purposes. - -EXAMPLE -------- - -The KDC may service requests for multiple realms (maximum 32 realms). -The realms are listed on the command line. Per-realm options that can -be specified on the command line pertain for each realm that follows -it and are superseded by subsequent definitions of the same option. - -For example:: - - krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 - -specifies that the KDC listen on port 2001 for REALM1 and on port 2002 -for REALM2 and REALM3. Additionally, per-realm parameters may be -specified in the :ref:`kdc.conf(5)` file. The location of this file -may be specified by the **KRB5_KDC_PROFILE** environment variable. -Per-realm parameters specified in this file take precedence over -options specified on the command line. See the :ref:`kdc.conf(5)` -description for further details. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - -As of release 1.22, krb5kdc supports systemd socket activation via the -LISTEN_PID and LISTEN_FDS environment variables. Sockets provided by -the caller must correspond to configured listener addresses (via the -**kdc_listen** variable or equivalent) or they will be ignored. Any -configured listener addresses that do not correspond to -caller-provided sockets will be ignored if socket activation is used. - - -SEE ALSO --------- - -:ref:`kdb5_util(8)`, :ref:`kdc.conf(5)`, :ref:`krb5.conf(5)`, -:ref:`kdb5_ldap_util(8)`, :ref:`kerberos(7)` |