Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
KADMIND(8)              FreeBSD System Manager's Manual             KADMIND(8)

NAME
       kadmind - network daemon for Kerberos database administration

SYNOPSIS
       kadmind [ -n ] [ -m ] [ -h ] [ -r realm ] [ -f filename ] [ -d dbname ]
       [ -a acldir ] [ -i address ]

DESCRIPTION
       kadmind is the network database server for the Kerberos password-
       changing and administration tools.

       Upon execution, it fetches the master key from the key cache file.

       If the -m option is specified, it instead prompts the user to enter the
       master key string for the database.

       The -n option is a no-op and is left for compatibility reasons.

       If the -r realm option is specified, the admin server will pretend that
       its local realm is realm instead of the actual local realm of the host
       it is running on.  This makes it possible to run a server for a foreign
       kerberos realm.

       If the -f filename option is specified, then that file is used to hold
       the log information instead of the default.

       If the -d dbname option is specified, then that file is used as the
       database name instead of the default.

       If the -a acldir option is specified, then acldir is used as the
       directory in which to search for access control lists instead of the
       default.

       If the -h option is specified, kadmind prints out a short summary of
       the permissible control arguments, and then exits.

       If the -i option is specified, kadmind will only listen on that
       particular address and not on all configured addresses of the host,
       which is the default.

       When performing requests on behalf of clients, kadmind checks access
       control lists (ACLs) to determine the authorization of the client to
       perform the requested action.  Currently four distinct access types are
       supported:

       Addition  (.add ACL file).  If a principal is on this list, it may add
                 new principals to the database.

       Retrieval (.get ACL file).  If a principal is on this list, it may
                 retrieve database entries.  NOTE:  A principal's private key
                 is never returned by the get functions.

       Modification
                 (.mod ACL file).  If a principal is on this list, it may
                 modify entries in the database.

       Deletions (.del ACL file).  If a principal is on this list, if may
                 delete entries from the database.

       A principal is always granted authorization to change its own password.

FILES
       /var/log/admin_server.syslog
                           Default log file.

       /var/kerberos       Default access control list directory.

       admin_acl.{add,get,mod}
                           Access control list files (within the directory)

       /var/kerberos/principal.pag, /var/kerberos/principal.dir
                           Default DBM files containing database

       /.k                 Master key cache file.

SEE ALSO
       kerberos(1), kpasswd(1), kadmin(8), acl_check(3)

AUTHORS
       Douglas A. Church, MIT Project Athena
       John T. Kohl, Project Athena/Digital Equipment Corporation

MIT Project Athena           Kerberos Version 4.0                   KADMIND(8)

NAME | SYNOPSIS | DESCRIPTION | FILES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=kadmind&sektion=8&manpath=FreeBSD+4.9-RELEASE>

home | help