Ubuntu Manpage: kcm — process-based credential cache for Kerberos tickets.

Provided by: heimdal-kcm_1.6~git20131207+dfsg-1ubuntu1.2_amd64

NAME

       kcm — process-based credential cache for Kerberos tickets.

SYNOPSIS

       kcm    [--cache-name=cachename]   [-c   file   |   --config-file=file]   [-g   group   |   --group=group]
           [--max-request=size]  [--disallow-getting-krbtgt]  [--detach]  [-h  |   --help]   [-k   principal   |
           --system-principal=principal]    [-l    time    |    --lifetime=time]   [-m   mode   |   --mode=mode]
           [-n | --no-name-constraints]  [-r  time  |  --renewable-life=time]  [-s  path  |  --socket-path=path]
           [--door-path=path]  [-S  principal  |  --server=principal]  [-t  keytab | --keytab=keytab] [-u user |
           --user=user] [-v | --version]

DESCRIPTION

       kcm is a process based credential cache.  To use it, set the KRB5CCNAME enviroment variable to  ‘KCM:uid’
       or add the stanza

       [libdefaults]
               default_cc_name = KCM:%{uid}

       to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.

       The  kcm  daemon can hold the credentials for all users in the system.  Access control is done with Unix-
       like permissions.  The daemon checks the access on all operations based on the uid and gid of  the  user.
       The tickets are renewed as long as is permitted by the KDC's policy.

       The  kcm  daemon can also keep a SYSTEM credential that server processes can use to access services.  One
       example of usage might be an nss_ldap module that quickly needs to get credentials and  doesn't  want  to
       renew the ticket itself.

       Supported options:

       --cache-name=cachename
               system cache name

       -c file, --config-file=file
               location of config file

       -g group, --group=group
               system cache group

       --max-request=size
               max size for a kcm-request

       --disallow-getting-krbtgt
               disallow extracting any krbtgt from the kcm daemon.

       --detach
               detach from console

       -h, --help

       -k principal, --system-principal=principal
               system principal name

       -l time, --lifetime=time
               lifetime of system tickets

       -m mode, --mode=mode
               octal mode of system cache

       -n, --no-name-constraints
               disable credentials cache name constraints

       -r time, --renewable-life=time
               renewable lifetime of system tickets

       -s path, --socket-path=path
               path to kcm domain socket

       --door-path=path
               path to kcm door socket

       -S principal, --server=principal
               server to get system ticket for

       -t keytab, --keytab=keytab
               system keytab name

       -u user, --user=user
               system cache owner

       -v, --version

Heimdal                                           May 29, 2005                                            KCM(8)