Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
KADMIND(8)							    KADMIND(8)

NAME
       kadmind - network daemon	for Kerberos database administration

SYNOPSIS
       kadmind [ -n ] [	-m ] [ -h ] [ -r realm ] [ -f filename ] [ -d dbname ]
       [ -a acldir ] [ -i address ]

DESCRIPTION
       kadmind is the network database server for the Kerberos password-chang-
       ing and administration tools.

       Upon execution, it fetches the master key from the key cache file.

       If the -m option	is specified, it instead prompts the user to enter the
       master key string for the database.

       The -n option is	a no-op	and is left for	compatibility reasons.

       If the -r realm option is specified, the	admin server will pretend that
       its  local realm	is realm instead of the	actual local realm of the host
       it is running on.  This makes it	possible to run	a server for a foreign
       kerberos	realm.

       If  the -f filename option is specified,	then that file is used to hold
       the log information instead of the default.

       If the -d dbname	option is specified, then that file  is	 used  as  the
       database	name instead of	the default.

       If the -a acldir	option is specified, then acldir is used as the	direc-
       tory in which to	 search	 for  access  control  lists  instead  of  the
       default.

       If  the	-h  option is specified, kadmind prints	out a short summary of
       the permissible control arguments, and then exits.

       If the -i option	is specified, kadmind will only	listen on that partic-
       ular  address and not on	all configured addresses of the	host, which is
       the default.

       When performing requests	on behalf of clients,  kadmind	checks	access
       control	lists  (ACLs)  to determine the	authorization of the client to
       perform the requested action.  Currently	four distinct access types are
       supported:

       Addition	 (.add	ACL file).  If a principal is on this list, it may add
		 new principals	to the database.

       Retrieval (.get ACL file).  If a	principal is  on  this	list,  it  may
		 retrieve  database entries.  NOTE:  A principal's private key
		 is never returned by the get functions.

       Modification
		 (.mod ACL file).  If a	principal is on	this list, it may mod-
		 ify entries in	the database.

       Deletions (.del	ACL  file).   If  a  principal is on this list,	if may
		 delete	entries	from the database.

       A principal is always granted authorization to change its own password.

FILES
       /var/log/admin_server.syslog
			   Default log file.

       /var/kerberos	   Default access control list directory.

       admin_acl.{add,get,mod}
			   Access control list files (within the directory)

       /var/kerberos/principal.pag, /var/kerberos/principal.dir
			   Default DBM files containing	database

       /.k		   Master key cache file.

SEE ALSO
       kerberos(1), kpasswd(1),	kadmin(8), acl_check(3)

AUTHORS
       Douglas A. Church, MIT Project Athena
       John T. Kohl, Project Athena/Digital Equipment Corporation

MIT Project Athena	     Kerberos Version 4.0		    KADMIND(8)

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=kadmind&sektion=8&manpath=FreeBSD+4.11-RELEASE>

home | help