.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ .\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kadmind \- network daemon for Kerberos database administration .SH SYNOPSIS .B kadmind [ .B \-n ] [ .B \-h ] [ .B \-r realm ] [ .B \-f filename ] [ .B \-d dbname ] [ .B \-a acldir ] .SH DESCRIPTION .I kadmind is the network database server for the Kerberos password-changing and administration tools. .PP Upon execution, it prompts the user to enter the master key string for the database. .PP If the .B \-n option is specified, the master key is instead fetched from the master key cache file. .PP If the .B \-r .I realm option is specified, the admin server will pretend that its local realm is .I realm instead of the actual local realm of the host it is running on. This makes it possible to run a server for a foreign kerberos realm. .PP If the .B \-f .I filename option is specified, then that file is used to hold the log information instead of the default. .PP If the .B \-d .I dbname option is specified, then that file is used as the database name instead of the default. .PP If the .B \-a .I acldir option is specified, then .I acldir is used as the directory in which to search for access control lists instead of the default. .PP If the .B \-h option is specified, .I kadmind prints out a short summary of the permissible control arguments, and then exits. .PP When performing requests on behalf of clients, .I kadmind checks access control lists (ACLs) to determine the authorization of the client to perform the requested action. Currently three distinct access types are supported: .TP 1i Addition (.add ACL file). If a principal is on this list, it may add new principals to the database. .TP Retrieval (.get ACL file). If a principal is on this list, it may retrieve database entries. NOTE: A principal's private key is never returned by the get functions. .TP Modification (.mod ACL file). If a principal is on this list, it may modify entries in the database. .PP A principal is always granted authorization to change its own password. .SH FILES .TP 20n /kerberos/admin_server.syslog Default log file. .TP /kerberos Default access control list directory. .TP admin_acl.{add,get,mod} Access control list files (within the directory) .TP /kerberos/principal.pag, /kerberos/principal.dir Default DBM files containing database .TP /.k Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) .SH AUTHORS Douglas A. Church, MIT Project Athena .br John T. Kohl, Project Athena/Digital Equipment Corporation