1 .\" $Id: kadmind.8,v 1.6 1999/09/15 15:10:08 assar Exp $
2 .\" Copyright 1989 by the Massachusetts Institute of Technology.
4 .\" For copying and distribution information,
5 .\" please see the file <mit-copyright.h>.
7 .TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
9 kadmind \- network daemon for Kerberos database administration
31 is the network database server for the Kerberos password-changing and
34 Upon execution, it fetches the master key from the key cache file.
38 option is specified, it instead prompts the user to enter the master
39 key string for the database.
43 option is a no-op and is left for compatibility reasons.
48 option is specified, the admin server will pretend that its
51 instead of the actual local realm of the host it is running on.
52 This makes it possible to run a server for a foreign kerberos
58 option is specified, then that file is used to hold the log information
59 instead of the default.
64 option is specified, then that file is used as the database name instead
70 option is specified, then
72 is used as the directory in which to search for access control lists
73 instead of the default.
79 prints out a short summary of the permissible control arguments, and
86 will only listen on that particular address and not on all configured
87 addresses of the host, which is the default.
89 When performing requests on behalf of clients,
91 checks access control lists (ACLs) to determine the authorization of the client
92 to perform the requested action.
93 Currently four distinct access types are supported:
96 (.add ACL file). If a principal is on this list, it may add new
97 principals to the database.
100 (.get ACL file). If a principal is on this list, it may retrieve
101 database entries. NOTE: A principal's private key is never returned by
105 (.mod ACL file). If a principal is on this list, it may modify entries
109 (.del ACL file). If a principal is on this list, if may delete
110 entries from the database.
112 A principal is always granted authorization to change its own password.
115 /var/log/admin_server.syslog
119 Default access control list directory.
121 admin_acl.{add,get,mod}
122 Access control list files (within the directory)
124 /var/kerberos/principal.pag, /var/kerberos/principal.dir
125 Default DBM files containing database
128 Master key cache file.
130 kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
132 Douglas A. Church, MIT Project Athena
134 John T. Kohl, Project Athena/Digital Equipment Corporation