aboutsummaryrefslogtreecommitdiff
path: root/src/man/kadmind.man
diff options
context:
space:
mode:
Diffstat (limited to 'src/man/kadmind.man')
-rw-r--r--src/man/kadmind.man60
1 files changed, 16 insertions, 44 deletions
diff --git a/src/man/kadmind.man b/src/man/kadmind.man
index d3be287..833aeed 100644
--- a/src/man/kadmind.man
+++ b/src/man/kadmind.man
@@ -1,3 +1,5 @@
+.\" Man page generated from reStructuredText.
+.
.TH "KADMIND" "8" " " "1.13" "MIT Kerberos"
.SH NAME
kadmind \- KADM5 administration server
@@ -28,8 +30,6 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
-.\" Man page generated from reStructuredText.
-.
.SH SYNOPSIS
.sp
\fBkadmind\fP
@@ -37,6 +37,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
[\fB\-r\fP \fIrealm\fP]
[\fB\-m\fP]
[\fB\-nofork\fP]
+[\fB\-proponly\fP]
[\fB\-port\fP \fIport\-number\fP]
[\fB\-P\fP \fIpid_file\fP]
[\fB\-p\fP \fIkdb5_util_path\fP]
@@ -66,7 +67,7 @@ settings.
kadmind\(aqs ACL (access control list) tells it which principals are
allowed to perform administration actions. The pathname to the
ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP
-variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP.
+variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&.
.UNINDENT
.sp
After the server begins running, it puts itself in the background and
@@ -78,8 +79,9 @@ and policy updates incrementally instead of receiving full dumps of
the database. This facility can be enabled in the \fIkdc.conf(5)\fP
file with the \fBiprop_enable\fP option. Incremental propagation
requires the principal \fBkiprop/MASTER\e@REALM\fP (where MASTER is the
-master KDC\(aqs canonical host name, and REALM the realm name) to be
-registered in the database.
+master KDC\(aqs canonical host name, and REALM the realm name). In
+release 1.13, this principal is automatically created and registered
+into the datebase.
.SH OPTIONS
.INDENT 0.0
.TP
@@ -98,10 +100,16 @@ causes the server to remain in the foreground and remain
associated to the terminal. In normal operation, you should allow
the server to place itself in the background.
.TP
+.B \fB\-proponly\fP
+causes the server to only listen and respond to Kerberos slave
+incremental propagation polling requests. This option can be used
+to set up a hierarchical propagation topology where a slave KDC
+provides incremental updates to other Kerberos slaves.
+.TP
.B \fB\-port\fP \fIport\-number\fP
specifies the port on which the administration server listens for
connections. The default port is determined by the
-\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP.
+\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP\&.
.TP
.B \fB\-P\fP \fIpid_file\fP
specifies the file to which the PID of kadmind process should be
@@ -122,43 +130,7 @@ specifies the file path to be used for dumping the KDB in response
to full resync requests when iprop is enabled.
.TP
.B \fB\-x\fP \fIdb_args\fP
-specifies database\-specific arguments.
-.sp
-Options supported for LDAP database are:
-.INDENT 7.0
-.INDENT 3.5
-.INDENT 0.0
-.TP
-.B \fB\-x nconns=\fP\fInumber_of_connections\fP
-specifies the number of connections to be maintained per
-LDAP server.
-.TP
-.B \fB\-x host=\fP\fIldapuri\fP
-specifies the LDAP server to connect to by URI.
-.TP
-.B \fB\-x binddn=\fP\fIbinddn\fP
-specifies the DN of the object used by the administration
-server to bind to the LDAP server. This object should
-have read and write privileges on the realm container, the
-principal container, and the subtree that is referenced by
-the realm.
-.TP
-.B \fB\-x bindpwd=\fP\fIbind_password\fP
-specifies the password for the above mentioned binddn.
-Using this option may expose the password to other users
-on the system via the process list; to avoid this, instead
-stash the password using the \fBstashsrvpw\fP command of
-\fIkdb5_ldap_util(8)\fP.
-.TP
-.B \fB\-x debug=\fP\fIlevel\fP
-sets the OpenLDAP client library debug level. \fIlevel\fP is
-an integer to be interpreted by the library. Debugging
-messages are printed to standard error, so this option
-must be used with the \fB\-nofork\fP option to be useful.
-New in release 1.12.
-.UNINDENT
-.UNINDENT
-.UNINDENT
+specifies database\-specific arguments. See \fIDatabase Options\fP in \fIkadmin(1)\fP for supported arguments.
.UNINDENT
.SH SEE ALSO
.sp
@@ -167,6 +139,6 @@ New in release 1.12.
.SH AUTHOR
MIT
.SH COPYRIGHT
-1985-2013, MIT
+1985-2014, MIT
.\" Generated by docutils manpage writer.
.
generated by cgit v1.1 at 2024-08-02 03:55:49 +0000