Mercurial > repos > rliterman > csp2

annotate CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/share/man/man8/kadmind.8 @ 68:5028fdace37b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
author jpayne
date Tue, 18 Mar 2025 16:23:26 -0400
parents
children
rev   line source
jpayne@68 1 .\" Man page generated from reStructuredText.
jpayne@68 2 .
jpayne@68 3 .TH "KADMIND" "8" " " "1.20.1" "MIT Kerberos"
jpayne@68 4 .SH NAME
jpayne@68 5 kadmind \- KADM5 administration server
jpayne@68 6 .
jpayne@68 7 .nr rst2man-indent-level 0
jpayne@68 8 .
jpayne@68 9 .de1 rstReportMargin
jpayne@68 10 \\$1 \\n[an-margin]
jpayne@68 11 level \\n[rst2man-indent-level]
jpayne@68 12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68 13 -
jpayne@68 14 \\n[rst2man-indent0]
jpayne@68 15 \\n[rst2man-indent1]
jpayne@68 16 \\n[rst2man-indent2]
jpayne@68 17 ..
jpayne@68 18 .de1 INDENT
jpayne@68 19 .\" .rstReportMargin pre:
jpayne@68 20 . RS \\$1
jpayne@68 21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
jpayne@68 22 . nr rst2man-indent-level +1
jpayne@68 23 .\" .rstReportMargin post:
jpayne@68 24 ..
jpayne@68 25 .de UNINDENT
jpayne@68 26 . RE
jpayne@68 27 .\" indent \\n[an-margin]
jpayne@68 28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68 29 .nr rst2man-indent-level -1
jpayne@68 30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
jpayne@68 31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
jpayne@68 32 ..
jpayne@68 33 .SH SYNOPSIS
jpayne@68 34 .sp
jpayne@68 35 \fBkadmind\fP
jpayne@68 36 [\fB\-x\fP \fIdb_args\fP]
jpayne@68 37 [\fB\-r\fP \fIrealm\fP]
jpayne@68 38 [\fB\-m\fP]
jpayne@68 39 [\fB\-nofork\fP]
jpayne@68 40 [\fB\-proponly\fP]
jpayne@68 41 [\fB\-port\fP \fIport\-number\fP]
jpayne@68 42 [\fB\-P\fP \fIpid_file\fP]
jpayne@68 43 [\fB\-p\fP \fIkdb5_util_path\fP]
jpayne@68 44 [\fB\-K\fP \fIkprop_path\fP]
jpayne@68 45 [\fB\-k\fP \fIkprop_port\fP]
jpayne@68 46 [\fB\-F\fP \fIdump_file\fP]
jpayne@68 47 .SH DESCRIPTION
jpayne@68 48 .sp
jpayne@68 49 kadmind starts the Kerberos administration server. kadmind typically
jpayne@68 50 runs on the primary Kerberos server, which stores the KDC database.
jpayne@68 51 If the KDC database uses the LDAP module, the administration server
jpayne@68 52 and the KDC server need not run on the same machine. kadmind accepts
jpayne@68 53 remote requests from programs such as kadmin(1) and
jpayne@68 54 kpasswd(1) to administer the information in these database.
jpayne@68 55 .sp
jpayne@68 56 kadmind requires a number of configuration files to be set up in order
jpayne@68 57 for it to work:
jpayne@68 58 .INDENT 0.0
jpayne@68 59 .TP
jpayne@68 60 .B kdc.conf(5)
jpayne@68 61 The KDC configuration file contains configuration information for
jpayne@68 62 the KDC and admin servers. kadmind uses settings in this file to
jpayne@68 63 locate the Kerberos database, and is also affected by the
jpayne@68 64 \fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related
jpayne@68 65 settings.
jpayne@68 66 .TP
jpayne@68 67 .B kadm5.acl(5)
jpayne@68 68 kadmind\(aqs ACL (access control list) tells it which principals are
jpayne@68 69 allowed to perform administration actions. The pathname to the
jpayne@68 70 ACL file can be specified with the \fBacl_file\fP kdc.conf(5)
jpayne@68 71 variable; by default, it is \fB/mnt/c/Users/crash/Documents/BobLiterman/CSP2_Galaxy/CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/var\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.
jpayne@68 72 .UNINDENT
jpayne@68 73 .sp
jpayne@68 74 After the server begins running, it puts itself in the background and
jpayne@68 75 disassociates itself from its controlling terminal.
jpayne@68 76 .sp
jpayne@68 77 kadmind can be configured for incremental database propagation.
jpayne@68 78 Incremental propagation allows replica KDC servers to receive
jpayne@68 79 principal and policy updates incrementally instead of receiving full
jpayne@68 80 dumps of the database. This facility can be enabled in the
jpayne@68 81 kdc.conf(5) file with the \fBiprop_enable\fP option. Incremental
jpayne@68 82 propagation requires the principal \fBkiprop/PRIMARY\e@REALM\fP (where
jpayne@68 83 PRIMARY is the primary KDC\(aqs canonical host name, and REALM the realm
jpayne@68 84 name). In release 1.13, this principal is automatically created and
jpayne@68 85 registered into the datebase.
jpayne@68 86 .SH OPTIONS
jpayne@68 87 .INDENT 0.0
jpayne@68 88 .TP
jpayne@68 89 \fB\-r\fP \fIrealm\fP
jpayne@68 90 specifies the realm that kadmind will serve; if it is not
jpayne@68 91 specified, the default realm of the host is used.
jpayne@68 92 .TP
jpayne@68 93 \fB\-m\fP
jpayne@68 94 causes the master database password to be fetched from the
jpayne@68 95 keyboard (before the server puts itself in the background, if not
jpayne@68 96 invoked with the \fB\-nofork\fP option) rather than from a file on
jpayne@68 97 disk.
jpayne@68 98 .TP
jpayne@68 99 \fB\-nofork\fP
jpayne@68 100 causes the server to remain in the foreground and remain
jpayne@68 101 associated to the terminal.
jpayne@68 102 .TP
jpayne@68 103 \fB\-proponly\fP
jpayne@68 104 causes the server to only listen and respond to Kerberos replica
jpayne@68 105 incremental propagation polling requests. This option can be used
jpayne@68 106 to set up a hierarchical propagation topology where a replica KDC
jpayne@68 107 provides incremental updates to other Kerberos replicas.
jpayne@68 108 .TP
jpayne@68 109 \fB\-port\fP \fIport\-number\fP
jpayne@68 110 specifies the port on which the administration server listens for
jpayne@68 111 connections. The default port is determined by the
jpayne@68 112 \fBkadmind_port\fP configuration variable in kdc.conf(5)\&.
jpayne@68 113 .TP
jpayne@68 114 \fB\-P\fP \fIpid_file\fP
jpayne@68 115 specifies the file to which the PID of kadmind process should be
jpayne@68 116 written after it starts up. This file can be used to identify
jpayne@68 117 whether kadmind is still running and to allow init scripts to stop
jpayne@68 118 the correct process.
jpayne@68 119 .TP
jpayne@68 120 \fB\-p\fP \fIkdb5_util_path\fP
jpayne@68 121 specifies the path to the kdb5_util command to use when dumping the
jpayne@68 122 KDB in response to full resync requests when iprop is enabled.
jpayne@68 123 .TP
jpayne@68 124 \fB\-K\fP \fIkprop_path\fP
jpayne@68 125 specifies the path to the kprop command to use to send full dumps
jpayne@68 126 to replicas in response to full resync requests.
jpayne@68 127 .TP
jpayne@68 128 \fB\-k\fP \fIkprop_port\fP
jpayne@68 129 specifies the port by which the kprop process that is spawned by
jpayne@68 130 kadmind connects to the replica kpropd, in order to transfer the
jpayne@68 131 dump file during an iprop full resync request.
jpayne@68 132 .TP
jpayne@68 133 \fB\-F\fP \fIdump_file\fP
jpayne@68 134 specifies the file path to be used for dumping the KDB in response
jpayne@68 135 to full resync requests when iprop is enabled.
jpayne@68 136 .TP
jpayne@68 137 \fB\-x\fP \fIdb_args\fP
jpayne@68 138 specifies database\-specific arguments. See Database Options in kadmin(1) for supported arguments.
jpayne@68 139 .UNINDENT
jpayne@68 140 .SH ENVIRONMENT
jpayne@68 141 .sp
jpayne@68 142 See kerberos(7) for a description of Kerberos environment
jpayne@68 143 variables.
jpayne@68 144 .SH SEE ALSO
jpayne@68 145 .sp
jpayne@68 146 kpasswd(1), kadmin(1), kdb5_util(8),
jpayne@68 147 kdb5_ldap_util(8), kadm5.acl(5), kerberos(7)
jpayne@68 148 .SH AUTHOR
jpayne@68 149 MIT
jpayne@68 150 .SH COPYRIGHT
jpayne@68 151 1985-2022, MIT
jpayne@68 152 .\" Generated by docutils manpage writer.
jpayne@68 153 .