Main index | Section 8 | Options |
The kpasswdd(8) daemon is responsible for the Kerberos 5 password changing protocol (used by kpasswd(1)).
This daemon should only be run on the master server, and not on any slaves.
Principals are always allowed to change their own password and list their own principal. Apart from that, doing any operation requires permission explicitly added in the ACL file /var/heimdal/kadmind.acl. The format of this file is: principal rights [ principal-pattern]
Where rights is any (comma separated) combination of:
And the optional principal-pattern restricts the rights to operations on principals that match the glob-style pattern.
Supported options:
| |
location of config file | |
| |
location of master key file | |
| |
what keytab to use | |
| |
realm to use | |
| |
enable debugging | |
| |
ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the special string "+" representing the default port. | |
This acl file will grant Joe all rights, and allow Mallory to view and add host principals.
joe/admin@EXAMPLE.COM all mallory/admin@EXAMPLE.COM add,get host/*@EXAMPLE.COM
HEIMDAL | KADMIND (8) | December 8, 2004 |
Main index | Section 8 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | I'm not interested in developing a powerful brain. All I'm after is just a mediocre brain, something like the President of the American Telephone and Telegraph Company. | ” |
— Alan Turing |