Administering the Kerberos Server

The kadmind Command

The kadmind Command

The kadmind command starts the administrative server. This administrative server runs on the Kerberos server that stores the Kerberos principal database. The kadmind command accepts password change requests and remote requests to administer the information in the Kerberos principal database.

Table 8-1 describes the configuration files that you must set for kadmind to work properly.

Table 8-1

Configuration Files Required for kadmind

 

 

 

 

File Name

Description

 

 

 

 

/opt/krb5/krb.conf

This is the Kerberos configuration

 

 

file that contains configuration

 

 

information for the Kerberos server.

 

 

For more information, see “The

 

 

krb.conf File” on page 65.

 

 

 

 

/opt/krb5/krb.realms

This is the Kerberos realms file that

 

 

maps host names to their realm

 

 

names. For more information, see

 

 

“The krb.realms File” on page 66.

 

 

 

 

/opt/krb5/admin_acl_file

This is the access control list (ACL)

 

 

of kadmind that lists the various

 

 

principals along with their

 

 

respective permissions. For more

 

 

information, see “The admin_acl_file

 

 

File” on page 113.

 

 

 

 

/opt/krb5/password.policy

This is the file that controls the

 

 

password policy for all the

 

 

principals. For more information,

 

 

see “Password Policy File” on

 

 

page 119.

 

 

 

112

Chapter 8

Page 112
Image 112
HP UX Kerberos Data Security Software Kadmind Command, Configuration Files Required for kadmind, File Name Description