|
|
This manual page is for Mac OS X version 10.6.3If you are running a different version of Mac OS X, view the documentation locally:
Reading manual pagesManual pages are intended as a quick reference for people who already understand a technology.
|
kdcsetup(1) BSD General Commands Manual kdcsetup(1)
NAME
kdcsetup -- Kerberos -- Open Directory Single Sign On
SYNOPSIS
kdcsetup [-e] [-d] [-f dir_node] [-c dir_node] [-x] [-w] -a admin_name [-p password] REALM
DESCRIPTION
kdcsetup is a tool for configuring an Apple Open Directory KDC, it also will set up a stock MIT KDC. It
creates the needed setup files and adds the krb5kdc and kadmind servers to the launchd configuration.
If the -f option is used kdcsetup writes the KerbersKDC and KerberosClient config records into the
given open directory node. If the -c option is used kdcsetup will create a clone (or slave kdc). If
neither option is specified, kdcsetup will set up a stock MIT KDC, prompting for the Master Password.
-e Eanbles krb5kdc and kadmind in the launchd config (other options except for -v are ignored)
-d Disables krb5kdc and kadmind in the launchd config (other options except for -v are ignored)
-f dir_node
Create a "master" KDC, write the KerberosKDC and KerberosClient records into the given open
directory node
-c dir_node
Create a "replica" KDC, read the KerberosKDC record from the given open directory node and set
this KDC up in the same way. This does not copy over the Kerberos database or the kad-min.keytab kadmin.keytab
min.keytab file. It does update the KerberosClient record, adding an entry into the kdc list
-x Promotes a replica KDC to a master. This updates the KerberosClient record in the current open
directory node
-w Add krb5kdc and kadmind to the launchd config
-a admin_name
Name of an administrator authorized to make changes in the open directory node. Also this
admin will be used as the administrator in the KDC database. Note: this is not a principal
name
-p password
The password for the above admin
REALM The realm that this KDC serves
EXAMPLES
To use kerberosautoconfig and kdcsetup to set up a stock MIT KDC
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -w -a administrator -p admin_pass REALM.ORG
To use kerberosautoconfig and kdcsetup to set up an Apple KDC as a master with a local open directory
master
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -f /LDAPv3/127.0.0.1 -w -a administrator -p admin_pass REALM.ORG
To use kerberosautoconfig and kdcsetup to set up an Apple KDC as a replica
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -c /LDAPv3/127.0.0.1 -w -a administrator -p admin_pass REALM.ORG
FILES
/var/db/krb5kdc/ directory where all the config & database files for the KDC are stored
/var/log/krb5kdc/ directory where the log files from the KDC are written
/System/Library/LaunchDaemons/edu.mit.Kerberos.krb5kdc
/System/Library/LaunchDaemons/edu.mit.Kerberos.kadmind
the -w option adds krb5kdc and kadmind to the launchd config
DIAGNOSTICS
You can add -v debug_level to any kdcsetup command. Debug level 1 provides status information, higher
levels add progressivly more levels of detail.
NOTES
The kdcsetup tool is used by the Apple Single Sign On system to set up a KDC integrated with the rest
of the Single Sign On components.
SEE ALSO
DirectoryService(1), kerberos(1), launchctl(1), kadmind(8), kerberosautoconfig(8), krbservicesetup(8),
krb5kdc(8), launchd(8), sso_util(8)
Darwin May 12, 2010 Darwin
|
The way to report a problem with this manual page depends on the type of problem: