kadmind(8) - NetBSD Manual Pages

Command:
Section:
Arch:
Collection:
>>>



KADMIND(8)                                             KADMIND(8)



NAME

       kadmind - Kerberos database administration daemon


SYNOPSIS

       kadmind  [  -n  ] [ -h ] [ -r realm ] [ -f filename ] [ -d
       dbname ] [ -a acldir ]


DESCRIPTION

       kadmind is the network database server  for  the  Kerberos
       password-changing and administration tools.

       Upon  execution,  it  prompts the user to enter the master
       key string for the database.

       If the -n option is specified, the master key  is  instead
       fetched from the master key cache file.

       If the -r realm option is specified, the admin server will
       pretend that its local  realm  is  realm  instead  of  the
       actual  local  realm  of  the host it is running on.  This
       makes it possible to run a server for a  foreign  kerberos
       realm.

       If  the -f filename option is specified, then that file is
       used to hold the log information instead of the default.

       If the -d dbname option is specified, then  that  file  is
       used as the database name instead of the default.

       If  the -a acldir option is specified, then acldir is used
       as the directory in which to  search  for  access  control
       lists instead of the default.

       If  the -h option is specified, kadmind prints out a short
       summary of the permissible  control  arguments,  and  then
       exits.

       When  performing  requests  on  behalf of clients, kadmind
       checks access control lists (ACLs) to determine the autho-
       rization  of  the  client to perform the requested action.
       Currently three distinct access types are supported:

       Addition  (.add ACL file).  If  a  principal  is  on  this
                 list, it may add new principals to the database.

       Retrieval (.get ACL file).  If  a  principal  is  on  this
                 list,  it  may retrieve database entries.  NOTE:
                 A principal's private key is never  returned  by
                 the get functions.

       Modification
                 (.mod  ACL  file).   If  a  principal is on this
                 list, it may modify entries in the database.




MIT Project Athena     Kerberos Version 4.0                     1





KADMIND(8)                                             KADMIND(8)


       A principal is always granted authorization to change  its
       own password.


FILES

       /etc/kerberosIV/admin_server.syslog
                           Default log file.

       /etc/kerberosIV     Default access control list directory.

       admin_acl.{add,get,mod}
                           Access control list files (within  the
                           directory)

       /etc/kerberosIV/principal.pag, /etc/kerberosIV/princi-
                           pal.dir
                           Default DBM files containing database

       /etc/kerberosIV/master_key
                           Master key cache file.


SEE ALSO

       kerberos(1), kpasswd(1), kadmin(8), acl_check(3)


AUTHORS

       Douglas A. Church, MIT Project Athena
       John T. Kohl, Project Athena/Digital Equipment Corporation































MIT Project Athena     Kerberos Version 4.0                     2