Provided by: krb5-admin-server_1.13.2+dfsg-5_i386 bug


       kadmind - KADM5 administration server


       kadmind  [-x  db_args]  [-r  realm]  [-m]  [-nofork] [-proponly] [-port
       port-number] [-P pid_file]  [-p  kdb5_util_path]  [-K  kprop_path]  [-F


       kadmind  starts  the Kerberos administration server.  kadmind typically
       runs on the master Kerberos server, which stores the KDC database.   If
       the  KDC  database  uses the LDAP module, the administration server and
       the KDC server need not run  on  the  same  machine.   kadmind  accepts
       remote  requests  from  programs  such  as  kadmin(1) and kpasswd(1) to
       administer the information in these database.

       kadmind requires a number of configuration files to be set up in  order
       for it to work:

              The  KDC  configuration  file contains configuration information
              for the KDC and admin servers.  kadmind uses  settings  in  this
              file  to  locate  the Kerberos database, and is also affected by
              the  acl_file,  dict_file,   kadmind_port,   and   iprop-related

              kadmind's  ACL  (access  control list) tells it which principals
              are allowed to perform administration actions.  The pathname  to
              the  ACL  file  can  be  specified with the acl_file kdc.conf(5)
              variable; by default, it is /etc/krb5kdc/kadm5.acl.

       After the server begins running, it puts itself in the  background  and
       disassociates itself from its controlling terminal.

       kadmind   can  be  configured  for  incremental  database  propagation.
       Incremental propagation allows slave KDC servers to  receive  principal
       and policy updates incrementally instead of receiving full dumps of the
       database.  This facility can be enabled in the  kdc.conf(5)  file  with
       the   iprop_enable   option.    Incremental  propagation  requires  the
       principal  kiprop/MASTER\@REALM  (where  MASTER  is  the  master  KDC's
       canonical  host name, and REALM the realm name).  In release 1.13, this
       principal is automatically created and registered into the datebase.


       -r realm
              specifies the realm that  kadmind  will  serve;  if  it  is  not
              specified, the default realm of the host is used.

       -m     causes  the  master  database  password  to  be fetched from the
              keyboard (before the server puts itself in  the  background,  if
              not  invoked with the -nofork option) rather than from a file on

              causes the  server  to  remain  in  the  foreground  and  remain
              associated  to  the  terminal.   In normal operation, you should
              allow the server to place itself in the background.

              causes the server to only listen and respond to  Kerberos  slave
              incremental  propagation  polling  requests.  This option can be
              used to set up a hierarchical propagation topology where a slave
              KDC provides incremental updates to other Kerberos slaves.

       -port port-number
              specifies  the  port  on which the administration server listens
              for  connections.   The  default  port  is  determined  by   the
              kadmind_port configuration variable in kdc.conf(5).

       -P pid_file
              specifies the file to which the PID of kadmind process should be
              written after it starts up.  This file can be used  to  identify
              whether  kadmind  is  still running and to allow init scripts to
              stop the correct process.

       -p kdb5_util_path
              specifies the path to the kdb5_util command to use when  dumping
              the  KDB  in  response  to  full  resync  requests when iprop is

       -K kprop_path
              specifies the path to the kprop command  to  use  to  send  full
              dumps to slaves in response to full resync requests.

       -F dump_file
              specifies  the  file  path  to  be  used  for dumping the KDB in
              response to full resync requests when iprop is enabled.

       -x db_args
              specifies database-specific arguments.  See Database Options  in
              kadmin(1) for supported arguments.


       kpasswd(1), kadmin(1), kdb5_util(8), kdb5_ldap_util(8), kadm5.acl(5)




       1985-2015, MIT