1 .\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" $Id: kadmind.8,v 1.14 2003/04/06 17:47:57 lha Exp $
39 .Nd "server for administrative access to Kerberos database"
42 .Oo Fl c Ar file \*(Ba Xo
43 .Fl -config-file= Ns Ar file
46 .Oo Fl k Ar file \*(Ba Xo
47 .Fl -key-file= Ns Ar file
50 .Op Fl -keytab= Ns Ar keytab
51 .Oo Fl r Ar realm \*(Ba Xo
52 .Fl -realm= Ns Ar realm
56 .Oo Fl p Ar port \*(Ba Xo
57 .Fl -ports= Ns Ar port
63 listens for requests for changes to the Kerberos database and performs
64 these, subject to permissions. When starting, if stdin is a socket it
65 assumes that it has been started by
67 otherwise it behaves as a daemon, forking processes for each new
72 to accept exactly one connection, which is useful for debugging.
74 If built with krb4 support, it implements both the Heimdal Kerberos 5
75 administrative protocol and the Kerberos 4 protocol. Password changes
76 via the Kerberos 4 protocol are also performed by
80 daemon is responsible for the Kerberos 5 password changing protocol
85 This daemon should only be run on the master server, and not on any
88 Principals are always allowed to change their own password and list
89 their own principal. Apart from that, doing any operation requires
90 permission explicitly added in the ACL file
91 .Pa /var/heimdal/kadmind.acl .
92 The format of this file is:
96 .Op Va principal-pattern
99 Where rights is any (comma separated) combination of:
102 change-password or cpw
118 .Ar principal-pattern
119 restricts the rights to operations on principals that match the
126 .Fl -config-file= Ns Ar file
128 location of config file
131 .Fl -key-file= Ns Ar file
133 location of master key file
135 .Fl -keytab= Ns Ar keytab
140 .Fl -realm= Ns Ar realm
150 .Fl -ports= Ns Ar port
152 ports to listen to. By default, if run as a daemon, it listens to ports
153 749, and 751 (if Kerberos 4 support is built and enabled), but you can
154 add any number of ports with this option. The port string is a
155 whitespace separated list of port specifications, with the special
158 representing the default set of ports.
162 ignore Kerberos 4 kadmin requests.
166 .Pa /var/heimdal/kadmind.acl
170 to listen to port 4711 in addition to any
171 compiled in defaults:
173 .D1 Nm Fl -ports Ns Li "=\*[q]+ 4711\*[q] &"
175 This acl file will grant Joe all rights, and allow Mallory to view and
177 .Bd -literal -offset indent
178 joe/admin@EXAMPLE.COM all
179 mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM