Mercurial > repos > rliterman > csp2
comparison CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/share/man/man8/kadmind.8 @ 68:5028fdace37b
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
| author | jpayne |
|---|---|
| date | Tue, 18 Mar 2025 16:23:26 -0400 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 67:0e9998148a16 | 68:5028fdace37b |
|---|---|
| 1 .\" Man page generated from reStructuredText. | |
| 2 . | |
| 3 .TH "KADMIND" "8" " " "1.20.1" "MIT Kerberos" | |
| 4 .SH NAME | |
| 5 kadmind \- KADM5 administration server | |
| 6 . | |
| 7 .nr rst2man-indent-level 0 | |
| 8 . | |
| 9 .de1 rstReportMargin | |
| 10 \\$1 \\n[an-margin] | |
| 11 level \\n[rst2man-indent-level] | |
| 12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] | |
| 13 - | |
| 14 \\n[rst2man-indent0] | |
| 15 \\n[rst2man-indent1] | |
| 16 \\n[rst2man-indent2] | |
| 17 .. | |
| 18 .de1 INDENT | |
| 19 .\" .rstReportMargin pre: | |
| 20 . RS \\$1 | |
| 21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] | |
| 22 . nr rst2man-indent-level +1 | |
| 23 .\" .rstReportMargin post: | |
| 24 .. | |
| 25 .de UNINDENT | |
| 26 . RE | |
| 27 .\" indent \\n[an-margin] | |
| 28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] | |
| 29 .nr rst2man-indent-level -1 | |
| 30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] | |
| 31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u | |
| 32 .. | |
| 33 .SH SYNOPSIS | |
| 34 .sp | |
| 35 \fBkadmind\fP | |
| 36 [\fB\-x\fP \fIdb_args\fP] | |
| 37 [\fB\-r\fP \fIrealm\fP] | |
| 38 [\fB\-m\fP] | |
| 39 [\fB\-nofork\fP] | |
| 40 [\fB\-proponly\fP] | |
| 41 [\fB\-port\fP \fIport\-number\fP] | |
| 42 [\fB\-P\fP \fIpid_file\fP] | |
| 43 [\fB\-p\fP \fIkdb5_util_path\fP] | |
| 44 [\fB\-K\fP \fIkprop_path\fP] | |
| 45 [\fB\-k\fP \fIkprop_port\fP] | |
| 46 [\fB\-F\fP \fIdump_file\fP] | |
| 47 .SH DESCRIPTION | |
| 48 .sp | |
| 49 kadmind starts the Kerberos administration server. kadmind typically | |
| 50 runs on the primary Kerberos server, which stores the KDC database. | |
| 51 If the KDC database uses the LDAP module, the administration server | |
| 52 and the KDC server need not run on the same machine. kadmind accepts | |
| 53 remote requests from programs such as kadmin(1) and | |
| 54 kpasswd(1) to administer the information in these database. | |
| 55 .sp | |
| 56 kadmind requires a number of configuration files to be set up in order | |
| 57 for it to work: | |
| 58 .INDENT 0.0 | |
| 59 .TP | |
| 60 .B kdc.conf(5) | |
| 61 The KDC configuration file contains configuration information for | |
| 62 the KDC and admin servers. kadmind uses settings in this file to | |
| 63 locate the Kerberos database, and is also affected by the | |
| 64 \fBacl_file\fP, \fBdict_file\fP, \fBkadmind_port\fP, and iprop\-related | |
| 65 settings. | |
| 66 .TP | |
| 67 .B kadm5.acl(5) | |
| 68 kadmind\(aqs ACL (access control list) tells it which principals are | |
| 69 allowed to perform administration actions. The pathname to the | |
| 70 ACL file can be specified with the \fBacl_file\fP kdc.conf(5) | |
| 71 variable; by default, it is \fB/mnt/c/Users/crash/Documents/BobLiterman/CSP2_Galaxy/CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/var\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. | |
| 72 .UNINDENT | |
| 73 .sp | |
| 74 After the server begins running, it puts itself in the background and | |
| 75 disassociates itself from its controlling terminal. | |
| 76 .sp | |
| 77 kadmind can be configured for incremental database propagation. | |
| 78 Incremental propagation allows replica KDC servers to receive | |
| 79 principal and policy updates incrementally instead of receiving full | |
| 80 dumps of the database. This facility can be enabled in the | |
| 81 kdc.conf(5) file with the \fBiprop_enable\fP option. Incremental | |
| 82 propagation requires the principal \fBkiprop/PRIMARY\e@REALM\fP (where | |
| 83 PRIMARY is the primary KDC\(aqs canonical host name, and REALM the realm | |
| 84 name). In release 1.13, this principal is automatically created and | |
| 85 registered into the datebase. | |
| 86 .SH OPTIONS | |
| 87 .INDENT 0.0 | |
| 88 .TP | |
| 89 \fB\-r\fP \fIrealm\fP | |
| 90 specifies the realm that kadmind will serve; if it is not | |
| 91 specified, the default realm of the host is used. | |
| 92 .TP | |
| 93 \fB\-m\fP | |
| 94 causes the master database password to be fetched from the | |
| 95 keyboard (before the server puts itself in the background, if not | |
| 96 invoked with the \fB\-nofork\fP option) rather than from a file on | |
| 97 disk. | |
| 98 .TP | |
| 99 \fB\-nofork\fP | |
| 100 causes the server to remain in the foreground and remain | |
| 101 associated to the terminal. | |
| 102 .TP | |
| 103 \fB\-proponly\fP | |
| 104 causes the server to only listen and respond to Kerberos replica | |
| 105 incremental propagation polling requests. This option can be used | |
| 106 to set up a hierarchical propagation topology where a replica KDC | |
| 107 provides incremental updates to other Kerberos replicas. | |
| 108 .TP | |
| 109 \fB\-port\fP \fIport\-number\fP | |
| 110 specifies the port on which the administration server listens for | |
| 111 connections. The default port is determined by the | |
| 112 \fBkadmind_port\fP configuration variable in kdc.conf(5)\&. | |
| 113 .TP | |
| 114 \fB\-P\fP \fIpid_file\fP | |
| 115 specifies the file to which the PID of kadmind process should be | |
| 116 written after it starts up. This file can be used to identify | |
| 117 whether kadmind is still running and to allow init scripts to stop | |
| 118 the correct process. | |
| 119 .TP | |
| 120 \fB\-p\fP \fIkdb5_util_path\fP | |
| 121 specifies the path to the kdb5_util command to use when dumping the | |
| 122 KDB in response to full resync requests when iprop is enabled. | |
| 123 .TP | |
| 124 \fB\-K\fP \fIkprop_path\fP | |
| 125 specifies the path to the kprop command to use to send full dumps | |
| 126 to replicas in response to full resync requests. | |
| 127 .TP | |
| 128 \fB\-k\fP \fIkprop_port\fP | |
| 129 specifies the port by which the kprop process that is spawned by | |
| 130 kadmind connects to the replica kpropd, in order to transfer the | |
| 131 dump file during an iprop full resync request. | |
| 132 .TP | |
| 133 \fB\-F\fP \fIdump_file\fP | |
| 134 specifies the file path to be used for dumping the KDB in response | |
| 135 to full resync requests when iprop is enabled. | |
| 136 .TP | |
| 137 \fB\-x\fP \fIdb_args\fP | |
| 138 specifies database\-specific arguments. See Database Options in kadmin(1) for supported arguments. | |
| 139 .UNINDENT | |
| 140 .SH ENVIRONMENT | |
| 141 .sp | |
| 142 See kerberos(7) for a description of Kerberos environment | |
| 143 variables. | |
| 144 .SH SEE ALSO | |
| 145 .sp | |
| 146 kpasswd(1), kadmin(1), kdb5_util(8), | |
| 147 kdb5_ldap_util(8), kadm5.acl(5), kerberos(7) | |
| 148 .SH AUTHOR | |
| 149 MIT | |
| 150 .SH COPYRIGHT | |
| 151 1985-2022, MIT | |
| 152 .\" Generated by docutils manpage writer. | |
| 153 . |