2
KADMIND(8) BSD System Manager's Manual KADMIND(8)
5
kkaaddmmiinndd -- server for administrative access to Kerberos database
8
kkaaddmmiinndd [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
9
[----kkeeyyttaabb==_k_e_y_t_a_b] [--rr _r_e_a_l_m | ----rreeaallmm==_r_e_a_l_m] [--dd | ----ddeebbuugg] [--pp
10
_p_o_r_t | ----ppoorrttss==_p_o_r_t]
12
DDEESSCCRRIIPPTTIIOONN
13
kkaaddmmiinndd listens for requests for changes to the Kerberos database and
14
performs these, subject to permissions. When starting, if stdin is a
15
socket it assumes that it has been started by inetd(8), otherwise it
16
behaves as a daemon, forking processes for each new connection. The
17
----ddeebbuugg option causes kkaaddmmiinndd to accept exactly one connection, which is
20
The kpasswdd(8) daemon is responsible for the Kerberos 5 password chang-
21
ing protocol (used by kpasswd(1)).
23
This daemon should only be run on the master server, and not on any
26
Principals are always allowed to change their own password and list their
27
own principal. Apart from that, doing any operation requires permission
28
explicitly added in the ACL file _/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l. The format of
31
_p_r_i_n_c_i_p_a_l _r_i_g_h_t_s [_p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n]
33
Where rights is any (comma separated) combination of:
34
++oo change-password or cpw
42
And the optional _p_r_i_n_c_i_p_a_l_-_p_a_t_t_e_r_n restricts the rights to operations on
43
principals that match the glob-style pattern.
47
--cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
48
location of config file
50
--kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
51
location of master key file
53
----kkeeyyttaabb==_k_e_y_t_a_b
56
--rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
62
--pp _p_o_r_t, ----ppoorrttss==_p_o_r_t
63
ports to listen to. By default, if run as a daemon, it listens to
64
port 749, but you can add any number of ports with this option.
65
The port string is a whitespace separated list of port specifica-
66
tions, with the special string ``+'' representing the default
70
_/_v_a_r_/_h_e_i_m_d_a_l_/_k_a_d_m_i_n_d_._a_c_l
73
This will cause kkaaddmmiinndd to listen to port 4711 in addition to any com-
76
kkaaddmmiinndd ----ppoorrttss="+ 4711" &
78
This acl file will grant Joe all rights, and allow Mallory to view and
81
joe/admin@EXAMPLE.COM all
82
mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
85
kpasswd(1), kadmin(8), kdc(8), kpasswdd(8)
87
HEIMDAL December 8, 2004 HEIMDAL