1.. _krb5kdc(8): 2 3krb5kdc 4======= 5 6SYNOPSIS 7-------- 8 9**krb5kdc** 10[**-x** *db_args*] 11[**-d** *dbname*] 12[**-k** *keytype*] 13[**-M** *mkeyname*] 14[**-p** *portnum*] 15[**-m**] 16[**-r** *realm*] 17[**-n**] 18[**-w** *numworkers*] 19[**-P** *pid_file*] 20[**-T** *time_offset*] 21 22 23DESCRIPTION 24----------- 25 26krb5kdc is the Kerberos version 5 Authentication Service and Key 27Distribution Center (AS/KDC). 28 29 30OPTIONS 31------- 32 33The **-r** *realm* option specifies the realm for which the server 34should provide service. This option may be specified multiple times 35to serve multiple realms. If no **-r** option is given, the default 36realm (as specified in :ref:`krb5.conf(5)`) will be served. 37 38The **-d** *dbname* option specifies the name under which the 39principal database can be found. This option does not apply to the 40LDAP database. 41 42The **-k** *keytype* option specifies the key type of the master key 43to be entered manually as a password when **-m** is given; the default 44is |defmkey|. 45 46The **-M** *mkeyname* option specifies the principal name for the 47master key in the database (usually ``K/M`` in the KDC's realm). 48 49The **-m** option specifies that the master database password should 50be fetched from the keyboard rather than from a stash file. 51 52The **-n** option specifies that the KDC does not put itself in the 53background and does not disassociate itself from the terminal. 54 55The **-P** *pid_file* option tells the KDC to write its PID into 56*pid_file* after it starts up. This can be used to identify whether 57the KDC is still running and to allow init scripts to stop the correct 58process. 59 60The **-p** *portnum* option specifies the default UDP and TCP port 61numbers which the KDC should listen on for Kerberos version 5 62requests, as a comma-separated list. This value overrides the port 63numbers specified in the :ref:`kdcdefaults` section of 64:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. 65If no value is given from any source, the default port is 88. 66 67The **-w** *numworkers* option tells the KDC to fork *numworkers* 68processes to listen to the KDC ports and process requests in parallel. 69The top level KDC process (whose pid is recorded in the pid file if 70the **-P** option is also given) acts as a supervisor. The supervisor 71will relay SIGHUP signals to the worker subprocesses, and will 72terminate the worker subprocess if the it is itself terminated or if 73any other worker process exits. 74 75The **-x** *db_args* option specifies database-specific arguments. 76See :ref:`Database Options <dboptions>` in :ref:`kadmin(1)` for 77supported arguments. 78 79The **-T** *offset* option specifies a time offset, in seconds, which 80the KDC will operate under. It is intended only for testing purposes. 81 82EXAMPLE 83------- 84 85The KDC may service requests for multiple realms (maximum 32 realms). 86The realms are listed on the command line. Per-realm options that can 87be specified on the command line pertain for each realm that follows 88it and are superseded by subsequent definitions of the same option. 89 90For example:: 91 92 krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 93 94specifies that the KDC listen on port 2001 for REALM1 and on port 2002 95for REALM2 and REALM3. Additionally, per-realm parameters may be 96specified in the :ref:`kdc.conf(5)` file. The location of this file 97may be specified by the **KRB5_KDC_PROFILE** environment variable. 98Per-realm parameters specified in this file take precedence over 99options specified on the command line. See the :ref:`kdc.conf(5)` 100description for further details. 101 102 103ENVIRONMENT 104----------- 105 106See :ref:`kerberos(7)` for a description of Kerberos environment 107variables. 108 109 110SEE ALSO 111-------- 112 113:ref:`kdb5_util(8)`, :ref:`kdc.conf(5)`, :ref:`krb5.conf(5)`, 114:ref:`kdb5_ldap_util(8)`, :ref:`kerberos(7)` 115