ドキュメントの品質向上のためのご意見をください

簡潔すぎた
読みづらかった、または難し過ぎた
重要な情報が欠けていた
内容が間違っていた
翻訳版が必要
--選択-- Deutch (German) Español (Spanish) Français (French) Italiano (Italian) Português Brasil (Portuguese) 日本語 (Japanese) 한국어 (Korean) 简体中文 (Simplified Chinese) 繁體中文 (Traditional Chinese) その他の言語 その他

Your rating has been updated

貴重なご意見を有り難うございました!

あなたの貴重なご意見はより良いドキュメント作成の手助けとなります 内容の品質向上と追加コメントのためのアンケートに参加されますか？

アンケートに回答しますいいえ、回答しません

krb5kdc

- KDC daemon

形式

/usr/lib/krb5/krb5kdc [-d dbpath] [-r realm] [-m] 
     [-k masterenctype] [-M masterkeyname] 
     [-p port] [-n] [-x db_args]  [-P pid_file]

機能説明

krb5kdc is the daemon that runs on the master and slave KDCs to process the Kerberos tickets. For Kerberos to function properly, krb5kdc must be running on at least one KDC that the Kerberos clients can access. Prior to running krb5kdc, you must initialize the Kerberos database using kdb5_util(1M). See the 『Oracle Solaris 11.1 の管理: セキュリティーサービス』 for information regarding how to set up KDCs and initialize the Kerberos database.

オプション

The following options are supported:

-d dbpath

Specify the path to the database; default value is /var/krb5.

-k masterenctype

Specify the encryption type for encrypting the database. The default value is des-cbc-crc. des3-cbc-sha1, arcfour-hmac-md5, arcfour-hmac-md5-exp, aes128-cts-hmac-sha1-96, and aes256-cts-hmac-sha1-96 are also valid.

-m

Specify that the master key for the database is to be entered manually.

-M masterkeyname

Specify the principal to retrieve the master Key for the database.

-n

Specify that krb5kdc should not detach from the terminal.

-p port

Specify the port that will be used by the KDC to listen for incoming requests.

-P pid_file

Tells the KDC to write its PID (followed by a newline) into pid_file after it starts up. This can be used to identify whether the KDC is still running and to allow init scripts to stop the correct process.

-r realm

Specify the realm name; default is the local realm name.

-x db_args

Pass database-specific arguments to kadmin. Supported arguments are for the LDAP plug-in. These arguments are:

binddn=binddn

Specifies the DN of the object used by the KDC server to bind to the LDAP server. This object should have the rights to read the realm container, principal container and the subtree that is referenced by the realm. Overrides the ldap_kdc_dn parameter setting in krb5.conf(4).

bindpwd=bindpwd

Specifies the password for the above-mentioned binddn. It is recommended not to use this option. Instead, the password can be stashed using the stashsrvpw command of kdb5_ldap_util(1M).

nconns=num

Specifies the number of connections to be maintained per LDAP server.

host=ldapuri

Specifies, by an LDAP URI, the LDAP server to which to connect.

ファイル

/var/krb5/principal.db

Kerberos principal database.

/var/krb5/principal.kadm5

Kerberos administrative database. This file contains policy information.

/var/krb5/principal.kadm5.lock

Kerberos administrative database lock file. This file works backwards from most other lock files (that is, kadmin will exit with an error if this file does not exist).

/etc/krb5/kdc.conf

KDC configuration file. This file is read at startup.

/etc/krb5/kpropd.acl

File that defines the access control list for propagating the Kerberos database using kprop.

属性

See attributes(5) for descriptions of the following attributes:

関連項目

kill(1), kpasswd(1), gkadmin(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M), kdb5_ldap_util(1M), logadm(1M), krb5.conf(4), attributes(5), krb5envvar(5), kerberos(5),

『Oracle Solaris 11.1 の管理: セキュリティーサービス』

注意事項

The following signal has the specified effect when sent to the server process using the kill(1)command:

SIGHUP

krb5kdc closes and re-opens log files that it directly opens. This can be useful for external log-rotation utilities such as logadm(1M). If this method is used for log file rotation, set the krb5.conf(4) kdc_rotate period relation to never.