SYNOPSIS

       krb5kdc  [  -d dbname ] [ -k keytype ] [ -M mkeyname ] [ -p portnum ] [
       -m ] [ -r realm ] [ -4 v4mode ] [ -n ]

DESCRIPTION

       krb5kdc is the Kerberos version 5 Authentication Service and  Key  Dis-
       tribution Center (AS/KDC).

       The  -r  realm  option  specifies the realm for which the server should
       provide    service;    by    default    the    realm    returned     by
       krb5_default_local_realm(3) is used.

       The -d dbname option specifies the name under which the principal data-
       base can be found; by default the database is in DEFAULT_DBM_FILE.

       The -k keytype option specifies the key type of the master key  in  the
       database; the default is KEYTYPE_DES.

       The  -M mkeyname option specifies the principal name for the master key
       in the database; the default is KRB5_KDB_M_NAME (usually "K/M"  in  the
       KDC's realm).

       The  -p  portnum option specifies the default UDP port number which the
       KDC should listen on for Kerberos version 5 requests.   This  value  is
       used  when  no port is specified in the KDC profile and when no port is
       specified in the Kerberos configuration file.  If no  value  is  avail-
       able, then the value in /etc/services for service "kerberos" is used.

       The  -m  option  specifies  that the master database password should be
       fetched from the keyboard rather than from a file on disk.

       The -4 option specifies how the KDC responds to  kerberos  IV  requests
       for  tickets.   The  command line option overrides the value in the KDC
       profile.  The possible values are none,  disable,  full  or  nopreauth.
       These  instruct the KDC to not respond to V4 packets, to respond with a
       version skew error, to issue tickets for all database entries,  and  to
       issue  tickets  for all but preauthentication required database entries
       respectively. The default behaviour is as if none was specified.

       The -n option specifies that the KDC does not put itself in  the  back-
       ground  and  does not disassociate itself from the terminal.  In normal
       operation, you should always allow the KDC to place itself in the back-
       ground.

       The  KDC  may service requests for multiple realms (maximum 32 realms).
       The realms are listed on the command line.  Per-realm options that  can
       be specified on the command line pertain for each realm that follows it
       and are superceded by subsequent definitions of the same  option.   For
       example,

       krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3



                                                                    KRB5KDC(8)

Man(1) output converted with man2html