diff options
Diffstat (limited to 'src/man/kadmind.man')
-rw-r--r-- | src/man/kadmind.man | 60 |
1 files changed, 16 insertions, 44 deletions
diff --git a/src/man/kadmind.man b/src/man/kadmind.man index d3be287..833aeed 100644 --- a/src/man/kadmind.man +++ b/src/man/kadmind.man @@ -1,3 +1,5 @@ +.\" Man page generated from reStructuredText. +. .TH "KADMIND" "8" " " "1.13" "MIT Kerberos" .SH NAME kadmind \- KADM5 administration server @@ -28,8 +30,6 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.\" Man page generated from reStructuredText. -. .SH SYNOPSIS .sp \fBkadmind\fP @@ -37,6 +37,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] [\fB\-r\fP \fIrealm\fP] [\fB\-m\fP] [\fB\-nofork\fP] +[\fB\-proponly\fP] [\fB\-port\fP \fIport\-number\fP] [\fB\-P\fP \fIpid_file\fP] [\fB\-p\fP \fIkdb5_util_path\fP] @@ -66,7 +67,7 @@ settings. kadmind\(aqs ACL (access control list) tells it which principals are allowed to perform administration actions. The pathname to the ACL file can be specified with the \fBacl_file\fP \fIkdc.conf(5)\fP -variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP. +variable; by default, it is \fB@LOCALSTATEDIR@\fP\fB/krb5kdc\fP\fB/kadm5.acl\fP\&. .UNINDENT .sp After the server begins running, it puts itself in the background and @@ -78,8 +79,9 @@ and policy updates incrementally instead of receiving full dumps of the database. This facility can be enabled in the \fIkdc.conf(5)\fP file with the \fBiprop_enable\fP option. Incremental propagation requires the principal \fBkiprop/MASTER\e@REALM\fP (where MASTER is the -master KDC\(aqs canonical host name, and REALM the realm name) to be -registered in the database. +master KDC\(aqs canonical host name, and REALM the realm name). In +release 1.13, this principal is automatically created and registered +into the datebase. .SH OPTIONS .INDENT 0.0 .TP @@ -98,10 +100,16 @@ causes the server to remain in the foreground and remain associated to the terminal. In normal operation, you should allow the server to place itself in the background. .TP +.B \fB\-proponly\fP +causes the server to only listen and respond to Kerberos slave +incremental propagation polling requests. This option can be used +to set up a hierarchical propagation topology where a slave KDC +provides incremental updates to other Kerberos slaves. +.TP .B \fB\-port\fP \fIport\-number\fP specifies the port on which the administration server listens for connections. The default port is determined by the -\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP. +\fBkadmind_port\fP configuration variable in \fIkdc.conf(5)\fP\&. .TP .B \fB\-P\fP \fIpid_file\fP specifies the file to which the PID of kadmind process should be @@ -122,43 +130,7 @@ specifies the file path to be used for dumping the KDB in response to full resync requests when iprop is enabled. .TP .B \fB\-x\fP \fIdb_args\fP -specifies database\-specific arguments. -.sp -Options supported for LDAP database are: -.INDENT 7.0 -.INDENT 3.5 -.INDENT 0.0 -.TP -.B \fB\-x nconns=\fP\fInumber_of_connections\fP -specifies the number of connections to be maintained per -LDAP server. -.TP -.B \fB\-x host=\fP\fIldapuri\fP -specifies the LDAP server to connect to by URI. -.TP -.B \fB\-x binddn=\fP\fIbinddn\fP -specifies the DN of the object used by the administration -server to bind to the LDAP server. This object should -have read and write privileges on the realm container, the -principal container, and the subtree that is referenced by -the realm. -.TP -.B \fB\-x bindpwd=\fP\fIbind_password\fP -specifies the password for the above mentioned binddn. -Using this option may expose the password to other users -on the system via the process list; to avoid this, instead -stash the password using the \fBstashsrvpw\fP command of -\fIkdb5_ldap_util(8)\fP. -.TP -.B \fB\-x debug=\fP\fIlevel\fP -sets the OpenLDAP client library debug level. \fIlevel\fP is -an integer to be interpreted by the library. Debugging -messages are printed to standard error, so this option -must be used with the \fB\-nofork\fP option to be useful. -New in release 1.12. -.UNINDENT -.UNINDENT -.UNINDENT +specifies database\-specific arguments. See \fIDatabase Options\fP in \fIkadmin(1)\fP for supported arguments. .UNINDENT .SH SEE ALSO .sp @@ -167,6 +139,6 @@ New in release 1.12. .SH AUTHOR MIT .SH COPYRIGHT -1985-2013, MIT +1985-2014, MIT .\" Generated by docutils manpage writer. . |