1.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $ 2.\" 3.Dd July 27, 1997 4.Dt KDC 8 5.Os HEIMDAL 6.Sh NAME 7.Nm kdc 8.Nd 9Kerberos 5 server 10.Sh SYNOPSIS 11.Nm 12.Op Fl c Ar file 13.Op Fl -config-file= Ns Ar file 14.Op Fl k Ar file 15.Op Fl -key-file= Ns Ar file 16.Op Fl p 17.Op Fl -no-require-preauth 18.Op Fl r Ar realm 19.Op Fl -v4-realm= Ns Ar realm 20 21.Sh DESCRIPTION 22.Nm 23serves requests for tickets. When it starts, it first checks the flags 24passed, any options that are not specified with a command line flag is 25taken from a config file, or from a default compiled-in value. 26.Pp 27Options supported: 28.Bl -tag -width Ds 29.It Fl c Ar file 30.It Fl -config-file= Ns Ar file 31Specifies the location of the config file, the default is 32.Pa /var/heimdal/kdc.conf . 33This is the only value that can't be specified in the config file. 34.It Fl k Ar file 35.It Fl -key-file= Ns Ar file 36The location of the master-key file. All keys in the database is 37encrypted with this master key. The use of a master key is currently 38optional, so there is no default. 39.Em "Don't specify a master key file if your database is not encrypted." 40.It Fl p 41.It Fl -no-require-preauth 42Turn off the requirement for pre-autentication in the initial 43AS-REQ. The use of pre-authentication makes it more difficult to do 44offline password attacks. You might want to turn it off if you have 45clients that doesn't do pre-authentication. Since the version 4 46protocol doesn't support any pre-authentication, so serving version 4 47clients is just about the same as not requiring pre-athentication. The 48default is to require pre-authentication. 49.It Fl r Ar realm 50.It Fl -v4-realm= Ns Ar realm 51What realm this server should act as when dealing with version 4 52requests. The database can contain any number of realms, but since the 53version 4 protocol doesn't contain a realm for the server, it must be 54explicitly specified. The default is whatever is returned by 55.Fn krb_get_lrealm . 56This option is only availabe if the KDC has been compiled with version 574 support. 58.El 59.Pp 60All activities , are logged to one or more destinations, see 61.Xr krb5.conf 5 , 62and 63.Xr krb5_openlog 3 . 64The entity used for logging is 65.Nm kdc . 66.Sh CONFIGURATION FILE 67The configuration file has the same syntax as the 68.Pa krb5.conf 69file (you can actually put the configuration in 70.Pa /etc/krb5.conf , 71and then start the KDC with 72.Fl -config-file= Ns Ar /etc/krb5.conf ) . 73All options should be in a section called 74.Dq kdc . 75Options are called the same as the long option name, and takes the 76same arguments. The only difference is the pre-authentication flag, 77that has to be specified as: 78.Pp 79.Dl require-preauth = no 80.Pp 81(in fact you can specify the option as 82.Fl -require-preauth=no ) . 83.Pp 84An example of a config file: 85.Bd -literal -offset indent 86[kdc] 87 require-preauth = no 88 v4-realm = FOO.SE 89 key-file = /key-file 90.Ed 91.Sh SEE ALSO 92.Xr kinit 1 93