Provided by: krb5-kdc_1.10+dfsg~beta1-2_amd64 bug

NAME

       krb5kdc - Kerberos V5 KDC

SYNOPSIS

       krb5kdc  [ -x db_args ] [ -d dbname ] [ -k keytype ] [ -M mkeyname ] [ -p portnum ] [ -m ]
       [ -r realm ] [ -n ] [ -w numworkers ] [ -P pid_file ]

DESCRIPTION

       krb5kdc is the Kerberos version 5  Authentication  Service  and  Key  Distribution  Center
       (AS/KDC).

       The -x db_args option specifies the database specific arguments.

       Options supported for LDAP database are:

               -x nconns=<number_of_connections>
               specifies the number of connections to be maintained per LDAP server.

               -x host=<ldapuri>
               specifies the LDAP server to connect to by a LDAP URI.

               -x binddn=<binddn>
               specifies  the DN of the object used by the KDC server to bind to the LDAP server.
               This object should  have  the  rights  to  read  the  realm  container,  principal
               container and the subtree that is referenced by the realm.

               -x bindpwd=<bind_password>
               specifies  the  password  for the above mentioned binddn. It is recommended not to
               use this option.  Instead, the  password  can  be  stashed  using  the  stashsrvpw
               command of kdb5_ldap_util.

       The  -r  realm  option specifies the realm for which the server should provide service; by
       default the realm returned by krb5_default_local_realm(3) is used.

       The -d dbname option specifies the name under which the principal database can  be  found;
       by  default  the  database is in DEFAULT_DBM_FILE.  This option does not apply to the LDAP
       database.

       The -k keytype option specifies the key type of the master key to be entered manually as a
       password when -m is given; the default is "des-cbc-crc".

       The  -M  mkeyname  option specifies the principal name for the master key in the database;
       the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).

       The -p portnum option specifies the default UDP port number which the KDC should listen on
       for  Kerberos version 5 requests.  This value is used when no port is specified in the KDC
       profile and when no port is specified in the Kerberos configuration file.  If no value  is
       available, then the value in /etc/services for service "kerberos" is used.

       The  -m  option  specifies  that  the  master database password should be fetched from the
       keyboard rather than from a file on disk.

       The -n option specifies that the KDC does not put itself in the background  and  does  not
       disassociate  itself  from the terminal.  In normal operation, you should always allow the
       KDC to place itself in the background.

       The -w numworkers option tells the KDC to fork numworkers processes to listen to  the  KDC
       ports  and process requests in parallel.  The top level KDC process (whose pid is recorded
       in the pid file if the -P option is also given) acts as a supervisor.  The supervisor will
       relay  SIGHUP signals to the worker subprocesses, and will terminate the worker subprocess
       if the it is itself terminated or if any other worker process exits.  NOTE:  on  operating
       systems  which  do  not  have pktinfo support, using worker processes will prevent the KDC
       from listening for UDP packets on network interfaces created after the KDC starts.

       The -P pid_file option tells the KDC to  write  its  PID  (followed  by  a  newline)  into
       pid_file  after  it  starts  up.   This  can  be used to identify whether the KDC is still
       running and to allow init scripts to stop the correct process.

       The KDC may service requests for multiple realms (maximum  32  realms).   The  realms  are
       listed  on  the command line.  Per-realm options that can be specified on the command line
       pertain for each realm that follows it and are superseded by subsequent definitions of the
       same option.  For example,

       krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3

       specifies  that  the  KDC  listen  on port 2001 for REALM1 and on port 2002 for REALM2 and
       REALM3.  Additionally, per-realm parameters may be specified in the  kdc.conf  file.   The
       location  of  this  file  may  be  specified by the KRB5_KDC_PROFILE environment variable.
       Parameters specified in this file take precedence over options specified  on  the  command
       line.  See the kdc.conf(5) description for further details.

SEE ALSO

       krb5(3), kdb5_util(8), kdc.conf(5), kdb5_ldap_util(8)

BUGS

       It  should  fork  and  go into the background when it finishes reading the master password
       from the terminal.

                                                                                       KRB5KDC(8)