Provided by: krb5-kdc_1.4.3-5_i386 bug

NAME

       krb5kdc - Kerberos V5 KDC

SYNOPSIS

       krb5kdc  [  -d dbname ] [ -k keytype ] [ -M mkeyname ] [ -p portnum ] [
       -m ] [ -r realm ] [ -4 v4mode ] [ -n ]

DESCRIPTION

       krb5kdc is the  Kerberos  version  5  Authentication  Service  and  Key
       Distribution Center (AS/KDC).

       The  -r  realm  option  specifies the realm for which the server should
       provide    service;    by    default    the    realm    returned     by
       krb5_default_local_realm(3) is used.

       The  -d  dbname  option  specifies  the  name under which the principal
       database can be found; by default the database is in  DEFAULT_DBM_FILE.

       The  -k  keytype option specifies the key type of the master key in the
       database; the default is KEYTYPE_DES.

       The -M mkeyname option specifies the principal name for the master  key
       in  the  database; the default is KRB5_KDB_M_NAME (usually "K/M" in the
       KDC’s realm).

       The -p portnum option specifies the default UDP port number  which  the
       KDC  should  listen  on for Kerberos version 5 requests.  This value is
       used when no port is specified in the KDC profile and when no  port  is
       specified   in  the  Kerberos  configuration  file.   If  no  value  is
       available, then the value in /etc/services for  service  "kerberos"  is
       used.

       The  -m  option  specifies  that the master database password should be
       fetched from the keyboard rather than from a file on disk.

       The -4 option specifies how the KDC responds to  kerberos  IV  requests
       for  tickets.   The  command line option overrides the value in the KDC
       profile.  The possible values are none,  disable,  full  or  nopreauth.
       These  instruct the KDC to not respond to V4 packets, to respond with a
       version skew error, to issue tickets for all database entries,  and  to
       issue  tickets  for all but preauthentication required database entries
       respectively. The default behaviour is as if none was specified.

       The -n option specifies that  the  KDC  does  not  put  itself  in  the
       background  and  does  not  disassociate  itself from the terminal.  In
       normal operation, you should always allow the KDC to  place  itself  in
       the background.

       The  KDC  may service requests for multiple realms (maximum 32 realms).
       The realms are listed on the command line.  Per-realm options that  can
       be specified on the command line pertain for each realm that follows it
       and are superceded by subsequent definitions of the same  option.   For
       example,

       krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3

       specifies  that the KDC listen on port 2001 for REALM1 and on port 2002
       for REALM2 and  REALM3.   Additionally,  per-realm  parameters  may  be
       specified  in  the  kdc.conf  file.   The  location of this file may be
       specified by the  KRB5_KDC_PROFILE  environment  variable.   Parameters
       specified  in  this  file take precedence over options specified on the
       command line.  See the kdc.conf(5) description for further details.

SEE ALSO

       krb5(3), kdb5_util(8), kdc.conf(5)

BUGS

       It should fork and go into the background when it finishes reading  the
       master password from the terminal.

                                                                    KRB5KDC(8)