tail head cat sleep
QR code linking to this page

Manual Pages  — KCM


kcm – process-based credential cache for Kerberos tickets.



kcm [-cache-name= cachename] [-c file | -config-file= file ] [-g group | -group= group ] [-max-request= size] [-disallow-getting-krbtgt] [-detach] [-h | -help] [-k principal | -system-principal= principal ] [-l time | -lifetime= time ] [-m mode | -mode= mode ] [-n | -no-name-constraints] [-r time | -renewable-life= time ] [-s path | -socket-path= path ] [ -door-path= path ] [-S principal | -server= principal ] [-t keytab | -keytab= keytab ] [-u user | -user= user ] [-v | -version]


kcm is a process based credential cache. To use it, set the KRB5CCNAME enviroment variable to ‘KCM:uid’ or add the stanza

[libdefaults] default_cc_name = KCM:%{uid}

to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.

The kcm daemon can hold the credentials for all users in the system. Access control is done with Unix-like permissions. The daemon checks the access on all operations based on the uid and gid of the user. The tickets are renewed as long as is permitted by the KDC's policy.

The kcm daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap module that quickly needs to get credentials and doesn't want to renew the ticket itself.

Supported options:
-cache-name= cachename
  system cache name
-c file , -config-file= file
  location of config file
-g group , -group= group
  system cache group
-max-request= size
  max size for a kcm-request
  disallow extracting any krbtgt from the kcm daemon.
  detach from console
-h -, -help
-k principal , -system-principal= principal
  system principal name
-l time , -lifetime= time
  lifetime of system tickets
-m mode , -mode= mode
  octal mode of system cache
-n -, -no-name-constraints
  disable credentials cache name constraints
-r time , -renewable-life= time
  renewable lifetime of system tickets
-s path , -socket-path= path
  path to kcm domain socket
-door-path= path
  path to kcm door socket
-S principal , -server= principal
  server to get system ticket for
-t keytab , -keytab= keytab
  system keytab name
-u user , -user= user
  system cache owner
-v -, -version

Heimdal KCM (8) May 29, 2005

tail head cat sleep
QR code linking to this page

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.