Provided by: krb5-kdc_1.10+dfsg~beta1-2_amd64
krb5kdc - Kerberos V5 KDC
krb5kdc [ -x db_args ] [ -d dbname ] [ -k keytype ] [ -M mkeyname ] [ -p portnum ] [ -m ] [ -r realm ] [ -n ] [ -w numworkers ] [ -P pid_file ]
krb5kdc is the Kerberos version 5 Authentication Service and Key Distribution Center (AS/KDC). The -x db_args option specifies the database specific arguments. Options supported for LDAP database are: -x nconns=<number_of_connections> specifies the number of connections to be maintained per LDAP server. -x host=<ldapuri> specifies the LDAP server to connect to by a LDAP URI. -x binddn=<binddn> specifies the DN of the object used by the KDC server to bind to the LDAP server. This object should have the rights to read the realm container, principal container and the subtree that is referenced by the realm. -x bindpwd=<bind_password> specifies the password for the above mentioned binddn. It is recommended not to use this option. Instead, the password can be stashed using the stashsrvpw command of kdb5_ldap_util. The -r realm option specifies the realm for which the server should provide service; by default the realm returned by krb5_default_local_realm(3) is used. The -d dbname option specifies the name under which the principal database can be found; by default the database is in DEFAULT_DBM_FILE. This option does not apply to the LDAP database. The -k keytype option specifies the key type of the master key to be entered manually as a password when -m is given; the default is "des-cbc-crc". The -M mkeyname option specifies the principal name for the master key in the database; the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm). The -p portnum option specifies the default UDP port number which the KDC should listen on for Kerberos version 5 requests. This value is used when no port is specified in the KDC profile and when no port is specified in the Kerberos configuration file. If no value is available, then the value in /etc/services for service "kerberos" is used. The -m option specifies that the master database password should be fetched from the keyboard rather than from a file on disk. The -n option specifies that the KDC does not put itself in the background and does not disassociate itself from the terminal. In normal operation, you should always allow the KDC to place itself in the background. The -w numworkers option tells the KDC to fork numworkers processes to listen to the KDC ports and process requests in parallel. The top level KDC process (whose pid is recorded in the pid file if the -P option is also given) acts as a supervisor. The supervisor will relay SIGHUP signals to the worker subprocesses, and will terminate the worker subprocess if the it is itself terminated or if any other worker process exits. NOTE: on operating systems which do not have pktinfo support, using worker processes will prevent the KDC from listening for UDP packets on network interfaces created after the KDC starts. The -P pid_file option tells the KDC to write its PID (followed by a newline) into pid_file after it starts up. This can be used to identify whether the KDC is still running and to allow init scripts to stop the correct process. The KDC may service requests for multiple realms (maximum 32 realms). The realms are listed on the command line. Per-realm options that can be specified on the command line pertain for each realm that follows it and are superseded by subsequent definitions of the same option. For example, krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 specifies that the KDC listen on port 2001 for REALM1 and on port 2002 for REALM2 and REALM3. Additionally, per-realm parameters may be specified in the kdc.conf file. The location of this file may be specified by the KRB5_KDC_PROFILE environment variable. Parameters specified in this file take precedence over options specified on the command line. See the kdc.conf(5) description for further details.
krb5(3), kdb5_util(8), kdc.conf(5), kdb5_ldap_util(8)
It should fork and go into the background when it finishes reading the master password from the terminal. KRB5KDC(8)