Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
KCM(8)			FreeBSD	System Manager's Manual			KCM(8)

     kcm -- process-based credential cache for Kerberos	tickets.

     kcm [--cache-name=cachename] [-c file | --config-file=file] [-g group |
	 --group=group]	[--max-request=size] [--disallow-getting-krbtgt]
	 [--detach] [-h	| --help] [-k principal	|
	 --system-principal=principal] [-l time	| --lifetime=time] [-m mode |
	 --mode=mode] [-n | --no-name-constraints] [-r time |
	 --renewable-life=time]	[-s path | --socket-path=path]
	 [--door-path=path] [-S	principal | --server=principal]	[-t keytab |
	 --keytab=keytab] [-u user | --user=user] [-v |	--version]

     kcm is a process based credential cache.  To use it, set the KRB5CCNAME
     enviroment	variable to `KCM:uid' or add the stanza

	     default_cc_name = KCM:%{uid}

     to	the /etc/krb5.conf configuration file and make sure kcm	is started in
     the system	startup	files.

     The kcm daemon can	hold the credentials for all users in the system.  Ac-
     cess control is done with Unix-like permissions.  The daemon checks the
     access on all operations based on the uid and gid of the user.  The tick-
     ets are renewed as	long as	is permitted by	the KDC's policy.

     The kcm daemon can	also keep a SYSTEM credential that server processes
     can use to	access services.  One example of usage might be	an nss_ldap
     module that quickly needs to get credentials and doesn't want to renew
     the ticket	itself.

     Supported options:

	     system cache name

     -c	file, --config-file=file
	     location of config	file

     -g	group, --group=group
	     system cache group

	     max size for a kcm-request

	     disallow extracting any krbtgt from the kcm daemon.

	     detach from console

     -h, --help

     -k	principal, --system-principal=principal
	     system principal name

     -l	time, --lifetime=time
	     lifetime of system	tickets

     -m	mode, --mode=mode
	     octal mode	of system cache

     -n, --no-name-constraints
	     disable credentials cache name constraints

     -r	time, --renewable-life=time
	     renewable lifetime	of system tickets

     -s	path, --socket-path=path
	     path to kcm domain	socket

	     path to kcm door socket

     -S	principal, --server=principal
	     server to get system ticket for

     -t	keytab,	--keytab=keytab
	     system keytab name

     -u	user, --user=user
	     system cache owner

     -v, --version

Heimdal				 May 29, 2005			       Heimdal


Want to link to this manual page? Use this URL:

home | help