Provided by: openafs-krb5_1.6.15-1ubuntu1_amd64 bug


       ka-forwarder - Forward AFS Authentication Server requests to another server


       ka-forwarder [-p <port>] <server>[/<port>] [...]


       ka-forwarder listens for requests for an AFS Authentication Server and forwards them to a
       remote fakeka server.  fakeka is a server that answers AFS Authentication Server protocol
       requests using a regular Kerberos KDC and is provided with some Kerberos 5
       implementations.  fakeka has to run on the same host as the Kerberos KDC, however, and AFS
       clients send all native AFS authentication requests to the AFS database servers.  If you
       don't want to run your Kerberos KDCs and your AFS database servers on the same host, run
       ka-forwarder on the AFS database servers and point it to fakeka running on the Kerberos

       ka-forwarder takes one or more servers to which to forward the requests.  The default port
       on the remote server to which to forward the command is 7004, but a different port can be
       specified by following the server name with a slash ("/") and the port number.  If
       multiple servers are given, ka-forwarder will send queries to each server in turn in a
       round-robin fashion.


       Due to the way that ka-forwarder distinguishes from client requests and server responses,
       any messages from one of the servers to which ka-forwarder is forwarding will be
       considered a reply rather than a command and will not be forwarded.  This means that the
       servers running fakeka will not be able to use native AFS authentication requests and rely
       on ka-forwarder to send the requests to the right server.

       ka-forwarder does not background itself.  It should either be run in the background via
       the shell, or run via the Basic OverSeer Server (see bosserver(8)).


       -p <port>
           By default, ka-forwarder listens to the standard AFS Authentication Server port
           (7004).  To listen to a different port, specify it with the -p option.


       Forward AFS Authentication Server requests to the fakeka servers on and

           % ka-forwarder &

       Note the "&" to tell the shell to run this command in the background.


       ka-forwarder only has to listen to port 7004 and therefore does not require any special
       privileges unless a privileged port is specified with the -p option.


       bosserver(8), fakeka(8), kaserver(8)


       Copyright 2006 Russ Allbery <>

       This documentation is covered by the IBM Public License Version 1.0.  This man page was
       written by Russ Allbery for OpenAFS.