Provided by: krb5-kdc_1.4.3-5_i386
krb5kdc - Kerberos V5 KDC
krb5kdc [ -d dbname ] [ -k keytype ] [ -M mkeyname ] [ -p portnum ] [
-m ] [ -r realm ] [ -4 v4mode ] [ -n ]
krb5kdc is the Kerberos version 5 Authentication Service and Key
Distribution Center (AS/KDC).
The -r realm option specifies the realm for which the server should
provide service; by default the realm returned by
krb5_default_local_realm(3) is used.
The -d dbname option specifies the name under which the principal
database can be found; by default the database is in DEFAULT_DBM_FILE.
The -k keytype option specifies the key type of the master key in the
database; the default is KEYTYPE_DES.
The -M mkeyname option specifies the principal name for the master key
in the database; the default is KRB5_KDB_M_NAME (usually "K/M" in the
The -p portnum option specifies the default UDP port number which the
KDC should listen on for Kerberos version 5 requests. This value is
used when no port is specified in the KDC profile and when no port is
specified in the Kerberos configuration file. If no value is
available, then the value in /etc/services for service "kerberos" is
The -m option specifies that the master database password should be
fetched from the keyboard rather than from a file on disk.
The -4 option specifies how the KDC responds to kerberos IV requests
for tickets. The command line option overrides the value in the KDC
profile. The possible values are none, disable, full or nopreauth.
These instruct the KDC to not respond to V4 packets, to respond with a
version skew error, to issue tickets for all database entries, and to
issue tickets for all but preauthentication required database entries
respectively. The default behaviour is as if none was specified.
The -n option specifies that the KDC does not put itself in the
background and does not disassociate itself from the terminal. In
normal operation, you should always allow the KDC to place itself in
The KDC may service requests for multiple realms (maximum 32 realms).
The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows it
and are superceded by subsequent definitions of the same option. For
krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3
specifies that the KDC listen on port 2001 for REALM1 and on port 2002
for REALM2 and REALM3. Additionally, per-realm parameters may be
specified in the kdc.conf file. The location of this file may be
specified by the KRB5_KDC_PROFILE environment variable. Parameters
specified in this file take precedence over options specified on the
command line. See the kdc.conf(5) description for further details.
krb5(3), kdb5_util(8), kdc.conf(5)
It should fork and go into the background when it finishes reading the
master password from the terminal.