KADMIND(8) KADMIND(8)
NAME
kadmind - network daemon for Kerberos database administra-
tion
SYNOPSIS
kadmind [ -n ] [ -m ] [ -h ] [ -r realm ] [ -f filename ]
[ -d dbname ] [ -a acldir ]
DESCRIPTION
kadmind is the network database server for the Kerberos
password-changing and administration tools.
Upon execution, it fetches the master key from the key
cache file.
If the -m option is specified, it instead prompts the user
to enter the master key string for the database.
The -n option is a no-op and is left for compatibility
reasons.
If the -r realm option is specified, the admin server will
pretend that its local realm is realm instead of the
actual local realm of the host it is running on. This
makes it possible to run a server for a foreign kerberos
realm.
If the -f filename option is specified, then that file is
used to hold the log information instead of the default.
If the -d dbname option is specified, then that file is
used as the database name instead of the default.
If the -a acldir option is specified, then acldir is used
as the directory in which to search for access control
lists instead of the default.
If the -h option is specified, kadmind prints out a short
summary of the permissible control arguments, and then
exits.
When performing requests on behalf of clients, kadmind
checks access control lists (ACLs) to determine the autho-
rization of the client to perform the requested action.
Currently four distinct access types are supported:
Addition (.add ACL file). If a principal is on this
list, it may add new principals to the database.
Retrieval (.get ACL file). If a principal is on this
list, it may retrieve database entries. NOTE:
A principal's private key is never returned by
the get functions.
KADMIND(8) KADMIND(8)
Modification
(.mod ACL file). If a principal is on this
list, it may modify entries in the database.
Deletions (.del ACL file). If a principal is on this
list, if may delete entries from the database.
A principal is always granted authorization to change its
own password.
FILES
/kerberos/admin_server.syslog
Default log file.
/kerberos Default access control list directory.
admin_acl.{add,get,mod}
Access control list files (within the
directory)
/kerberos/principal.pag, /kerberos/principal.dir
Default DBM files containing database
/.k Master key cache file.
SEE ALSO
kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
AUTHORS
Douglas A. Church, MIT Project Athena
John T. Kohl, Project Athena/Digital Equipment Corporation
Man(1) output converted with
man2html