Provided by: krb5-kdc_1.13.2+dfsg-5_i386 bug


       krb5kdc - Kerberos V5 KDC


       krb5kdc  [-x  db_args]  [-d  dbname]  [-k  keytype]  [-M  mkeyname] [-p
       portnum] [-m]  [-r  realm]  [-n]  [-w  numworkers]  [-P  pid_file]  [-T


       krb5kdc  is  the  Kerberos  version  5  Authentication  Service and Key
       Distribution Center (AS/KDC).


       The -r realm option specifies the realm for  which  the  server  should
       provide service.

       The  -d  dbname  option  specifies  the  name under which the principal
       database can be  found.   This  option  does  not  apply  to  the  LDAP

       The  -k  keytype  option specifies the key type of the master key to be
       entered manually as a  password  when  -m  is  given;  the  default  is

       The  -M mkeyname option specifies the principal name for the master key
       in the database (usually K/M in the KDC's realm).

       The -m option specifies that the master  database  password  should  be
       fetched from the keyboard rather than from a stash file.

       The  -n  option  specifies  that  the  KDC  does  not put itself in the
       background and does not disassociate  itself  from  the  terminal.   In
       normal  operation,  you  should always allow the KDC to place itself in
       the background.

       The -P pid_file option tells the KDC to write  its  PID  into  pid_file
       after  it  starts  up.  This can be used to identify whether the KDC is
       still running and to allow init scripts to stop the correct process.

       The -p portnum option specifies the default UDP port numbers which  the
       KDC   should   listen   on  for  Kerberos  version  5  requests,  as  a
       comma-separated list.   This  value  overrides  the  UDP  port  numbers
       specified  in  the  kdcdefaults  section  of  kdc.conf(5),  but  may be
       overridden by realm-specific values.  If no value  is  given  from  any
       source, the default ports are 88 and 750.

       The  -w numworkers option tells the KDC to fork numworkers processes to
       listen to the KDC ports and process  requests  in  parallel.   The  top
       level  KDC  process  (whose  pid  is recorded in the pid file if the -P
       option is also given) acts as a supervisor.  The supervisor will  relay
       SIGHUP  signals  to  the  worker  subprocesses,  and will terminate the
       worker subprocess if the it is itself terminated or if any other worker
       process exits.

          On operating systems which do not have pktinfo support, using worker
          processes will prevent the KDC from listening  for  UDP  packets  on
          network interfaces created after the KDC starts.

       The  -x  db_args  option  specifies  database-specific  arguments.  See
       Database Options in kadmin(1) for supported arguments.

       The -T offset option specifies a time offset, in seconds, which the KDC
       will operate under.  It is intended only for testing purposes.


       The  KDC  may service requests for multiple realms (maximum 32 realms).
       The realms are listed on the command line.  Per-realm options that  can
       be specified on the command line pertain for each realm that follows it
       and are superseded by subsequent definitions of the same option.

       For example:

          krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3

       specifies that the KDC listen on port 2001 for REALM1 and on port  2002
       for  REALM2  and  REALM3.   Additionally,  per-realm  parameters may be
       specified in the kdc.conf(5) file.  The location of this  file  may  be
       specified  by  the  KRB5_KDC_PROFILE  environment  variable.  Per-realm
       parameters  specified  in  this  file  take  precedence  over   options
       specified  on  the  command  line.  See the kdc.conf(5) description for
       further details.


       krb5kdc uses the following environment variables:

       · KRB5_CONFIG



       kdb5_util(8), kdc.conf(5), krb5.conf(5), kdb5_ldap_util(8)




       1985-2015, MIT