Provided by: krb5-kdc_1.20.1-6ubuntu2.1_amd64 bug

NAME

       krb5kdc - Kerberos V5 KDC

SYNOPSIS

       krb5kdc  [-x  db_args] [-d dbname] [-k keytype] [-M mkeyname] [-p portnum] [-m] [-r realm]
       [-n] [-w numworkers] [-P pid_file] [-T time_offset]

DESCRIPTION

       krb5kdc is the Kerberos version 5  Authentication  Service  and  Key  Distribution  Center
       (AS/KDC).

OPTIONS

       The -r realm option specifies the realm for which the server should provide service.  This
       option may be specified multiple times to serve multiple  realms.   If  no  -r  option  is
       given, the default realm (as specified in krb5.conf(5)) will be served.

       The  -d  dbname option specifies the name under which the principal database can be found.
       This option does not apply to the LDAP database.

       The -k keytype option specifies the key type of the master key to be entered manually as a
       password when -m is given; the default is aes256-cts-hmac-sha1-96.

       The  -M  mkeyname  option  specifies the principal name for the master key in the database
       (usually K/M in the KDC's realm).

       The -m option specifies that the master database  password  should  be  fetched  from  the
       keyboard rather than from a stash file.

       The  -n  option  specifies that the KDC does not put itself in the background and does not
       disassociate itself from the terminal.

       The -P pid_file option tells the KDC to write its PID into pid_file after  it  starts  up.
       This can be used to identify whether the KDC is still running and to allow init scripts to
       stop the correct process.

       The -p portnum option specifies the default UDP and TCP port numbers which the KDC  should
       listen  on  for  Kerberos  version  5  requests,  as  a  comma-separated list.  This value
       overrides the port numbers specified in the kdcdefaults section of kdc.conf(5), but may be
       overridden  by  realm-specific  values.  If no value is given from any source, the default
       port is 88.

       The -w numworkers option tells the KDC to fork numworkers processes to listen to  the  KDC
       ports  and process requests in parallel.  The top level KDC process (whose pid is recorded
       in the pid file if the -P option is also given) acts as a supervisor.  The supervisor will
       relay  SIGHUP signals to the worker subprocesses, and will terminate the worker subprocess
       if the it is itself terminated or if any other worker process exits.

       The -x db_args option specifies database-specific  arguments.   See  Database  Options  in
       kadmin(1) for supported arguments.

       The  -T  offset  option  specifies  a  time offset, in seconds, which the KDC will operate
       under.  It is intended only for testing purposes.

EXAMPLE

       The KDC may service requests for multiple realms (maximum  32  realms).   The  realms  are
       listed  on  the command line.  Per-realm options that can be specified on the command line
       pertain for each realm that follows it and are superseded by subsequent definitions of the
       same option.

       For example:

          krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3

       specifies  that  the  KDC  listen  on port 2001 for REALM1 and on port 2002 for REALM2 and
       REALM3.  Additionally, per-realm parameters may be specified in the kdc.conf(5) file.  The
       location  of  this  file  may  be  specified by the KRB5_KDC_PROFILE environment variable.
       Per-realm parameters specified in this file take precedence over options specified on  the
       command line.  See the kdc.conf(5) description for further details.

ENVIRONMENT

       See kerberos(7) for a description of Kerberos environment variables.

SEE ALSO

       kdb5_util(8), kdc.conf(5), krb5.conf(5), kdb5_ldap_util(8), kerberos(7)

AUTHOR

       MIT

COPYRIGHT

       1985-2022, MIT