15e9cd1aeSAssar Westerlund.Dd June 7, 2000 25e9cd1aeSAssar Westerlund.Dt KADMIND 8 35e9cd1aeSAssar Westerlund.Os HEIMDAL 45e9cd1aeSAssar Westerlund.Sh NAME 55e9cd1aeSAssar Westerlund.Nm kadmind 65e9cd1aeSAssar Westerlund.Nd 75e9cd1aeSAssar Westerlundserver for administrative access to kerberos database 85e9cd1aeSAssar Westerlund.Sh SYNOPSIS 95e9cd1aeSAssar Westerlund.Nm 105e9cd1aeSAssar Westerlund.Oo Fl c Ar file \*(Ba Xo 115e9cd1aeSAssar Westerlund.Fl -config-file= Ns Ar file Oc 125e9cd1aeSAssar Westerlund.Xc 135e9cd1aeSAssar Westerlund.Oo Fl k Ar file \*(Ba Xo 145e9cd1aeSAssar Westerlund.Fl -key-file= Ns Ar file Oc 155e9cd1aeSAssar Westerlund.Xc 165e9cd1aeSAssar Westerlund.Op Fl -keytab= Ns Ar keytab 175e9cd1aeSAssar Westerlund.Oo Fl r Ar realm \*(Ba Xo 185e9cd1aeSAssar Westerlund.Fl -realm= Ns Ar realm Oc 195e9cd1aeSAssar Westerlund.Xc 205e9cd1aeSAssar Westerlund.Op Fl d | Fl -debug 215e9cd1aeSAssar Westerlund.Oo Fl p Ar port \*(Ba Xo 225e9cd1aeSAssar Westerlund.Fl -ports= Ns Ar port Oc 235e9cd1aeSAssar Westerlund.Xc 245e9cd1aeSAssar Westerlund.Sh DESCRIPTION 255e9cd1aeSAssar Westerlund.Nm 265e9cd1aeSAssar Westerlundlistens for requests for changes to the Kerberos database and performs 275e9cd1aeSAssar Westerlundthese, subject to permissions. When starting, if stdin is a socket it assumes that it has been started by 285e9cd1aeSAssar Westerlund.Xr inetd 8 , 295e9cd1aeSAssar Westerlundotherwise it behaves as a daemon, forking processes for each new 305e9cd1aeSAssar Westerlundconnection. The 315e9cd1aeSAssar Westerlund.Fl -debug 325e9cd1aeSAssar Westerlundoption causes 335e9cd1aeSAssar Westerlund.Nm 345e9cd1aeSAssar Westerlundto accept exactly one connection, which is useful for debugging. 355e9cd1aeSAssar Westerlund 365e9cd1aeSAssar WesterlundIf built with krb4 support, it implements both the Heimdal Kerberos 5 375e9cd1aeSAssar Westerlundadministrative protocol and the Kerberos 4 protocol. Password changes 385e9cd1aeSAssar Westerlundvia the Kerberos 4 protocol are also performed by 395e9cd1aeSAssar Westerlund.Nm kadmind , 405e9cd1aeSAssar Westerlundbut the 415e9cd1aeSAssar Westerlund.Xr kpasswdd 8 425e9cd1aeSAssar Westerlunddaemon is responsible for the Kerberos 5 password changing protocol 435e9cd1aeSAssar Westerlund(used by 445e9cd1aeSAssar Westerlund.Xr kpasswd 1 ). 455e9cd1aeSAssar Westerlund.Pp 465e9cd1aeSAssar WesterlundThis daemon should only be run on ther master server, and not on any 475e9cd1aeSAssar Westerlundslaves. 485e9cd1aeSAssar Westerlund.Pp 495e9cd1aeSAssar WesterlundPrincipals are always allowed to change their own password and list 505e9cd1aeSAssar Westerlundtheir own principals. Apart from that, doing any operation requires 515e9cd1aeSAssar Westerlundpermission explicitly added in the ACL file 525e9cd1aeSAssar Westerlund.Pa /var/heimdal/kadmind.acl . 535e9cd1aeSAssar WesterlundThe format of this file is: 545e9cd1aeSAssar Westerlund.Bd -ragged 555e9cd1aeSAssar Westerlund.Va principal 565e9cd1aeSAssar Westerlund.Va rights 575e9cd1aeSAssar Westerlund.Op Va principal-pattern 585e9cd1aeSAssar Westerlund.Ed 595e9cd1aeSAssar Westerlund.Pp 605e9cd1aeSAssar WesterlundWhere rights is any combination of: 615e9cd1aeSAssar Westerlund.Bl -bullet 625e9cd1aeSAssar Westerlund.It 635e9cd1aeSAssar Westerlundchange-password | cpw 645e9cd1aeSAssar Westerlund.It 655e9cd1aeSAssar Westerlundlist 665e9cd1aeSAssar Westerlund.It 675e9cd1aeSAssar Westerlunddelete 685e9cd1aeSAssar Westerlund.It 695e9cd1aeSAssar Westerlundmodify 705e9cd1aeSAssar Westerlund.It 715e9cd1aeSAssar Westerlundadd 725e9cd1aeSAssar Westerlund.It 735e9cd1aeSAssar Westerlundget 745e9cd1aeSAssar Westerlund.It 755e9cd1aeSAssar Westerlundall 765e9cd1aeSAssar Westerlund.El 775e9cd1aeSAssar Westerlund.Pp 785e9cd1aeSAssar WesterlundAnd the optional 795e9cd1aeSAssar Westerlund.Ar principal-pattern 805e9cd1aeSAssar Westerlundrestricts the rights to principals that match the glob-style pattern. 815e9cd1aeSAssar Westerlund.Pp 825e9cd1aeSAssar WesterlundSupported options: 835e9cd1aeSAssar Westerlund.Bl -tag -width Ds 845e9cd1aeSAssar Westerlund.It Xo 855e9cd1aeSAssar Westerlund.Fl c Ar file Ns , 865e9cd1aeSAssar Westerlund.Fl -config-file= Ns Ar file 875e9cd1aeSAssar Westerlund.Xc 885e9cd1aeSAssar Westerlundlocation of config file 895e9cd1aeSAssar Westerlund.It Xo 905e9cd1aeSAssar Westerlund.Fl k Ar file Ns , 915e9cd1aeSAssar Westerlund.Fl -key-file= Ns Ar file 925e9cd1aeSAssar Westerlund.Xc 935e9cd1aeSAssar Westerlundlocation of master key file 945e9cd1aeSAssar Westerlund.It Xo 955e9cd1aeSAssar Westerlund.Fl -keytab= Ns Ar keytab 965e9cd1aeSAssar Westerlund.Xc 975e9cd1aeSAssar Westerlundwhat keytab to use 985e9cd1aeSAssar Westerlund.It Xo 995e9cd1aeSAssar Westerlund.Fl r Ar realm Ns , 1005e9cd1aeSAssar Westerlund.Fl -realm= Ns Ar realm 1015e9cd1aeSAssar Westerlund.Xc 1025e9cd1aeSAssar Westerlundrealm to use 1035e9cd1aeSAssar Westerlund.It Xo 1045e9cd1aeSAssar Westerlund.Fl d Ns , 1055e9cd1aeSAssar Westerlund.Fl -debug 1065e9cd1aeSAssar Westerlund.Xc 1075e9cd1aeSAssar Westerlundenable debugging 1085e9cd1aeSAssar Westerlund.It Xo 1095e9cd1aeSAssar Westerlund.Fl p Ar port Ns , 1105e9cd1aeSAssar Westerlund.Fl -ports= Ns Ar port 1115e9cd1aeSAssar Westerlund.Xc 1125e9cd1aeSAssar Westerlundports to listen to. By default, if run as a daemon, it listen to ports 1135e9cd1aeSAssar Westerlund749, and 751 (if built with Kerberos 4 support), but you can add any 1145e9cd1aeSAssar Westerlundnumber of ports with this option. The port string is a whitespace 1155e9cd1aeSAssar Westerlundseparated list of port specifications, with the special string 1165e9cd1aeSAssar Westerlund.Dq + 1175e9cd1aeSAssar Westerlundrepresenting the default set of ports. 1185e9cd1aeSAssar Westerlund.El 1195e9cd1aeSAssar Westerlund.\".Sh ENVIRONMENT 1205e9cd1aeSAssar Westerlund.Sh FILES 1215e9cd1aeSAssar Westerlund.Pa /var/heimdal/kadmind.acl 1225e9cd1aeSAssar Westerlund.Sh EXAMPLES 1235e9cd1aeSAssar WesterlundThis will cause kadmind to listen to port 4711 in addition to any 1245e9cd1aeSAssar Westerlundcompiled in defaults: 1255e9cd1aeSAssar Westerlund.Bd -literal -offset indent 1265e9cd1aeSAssar Westerlund# kadmind --ports="+ 4711" & 1275e9cd1aeSAssar Westerlund.Ed 1285e9cd1aeSAssar Westerlund.\".Sh DIAGNOSTICS 1295e9cd1aeSAssar Westerlund.Sh SEE ALSO 1305e9cd1aeSAssar Westerlund.Xr kdc 8 , 1315e9cd1aeSAssar Westerlund.Xr kadmin 1 , 1325e9cd1aeSAssar Westerlund.Xr kpasswdd 8 , 1335e9cd1aeSAssar Westerlund.Xr kpasswd 1 134