Unix/Linux Go Back    


NetBSD 6.1.5 - man page for kcm (netbsd section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


KCM(8)				   BSD System Manager's Manual				   KCM(8)

NAME
     kcm -- is a process based credential cache for Kerberos tickets.

SYNOPSIS
     kcm [--cache-name=cachename] [-c file | --config-file=file] [-g group | --group=group]
	 [--max-request=size] [--disallow-getting-krbtgt] [--detach] [-h | --help] [-k principal
	 | --system-principal=principal] [-l time | --lifetime=time] [-m mode | --mode=mode]
	 [-n | --no-name-constraints] [-r time | --renewable-life=time] [-s path |
	 --socket-path=path] [--door-path=path] [-S principal | --server=principal] [-t keytab |
	 --keytab=keytab] [-u user | --user=user] [-v | --version]

DESCRIPTION
     kcm is a process based credential cache.  To use it, set the KRB5CCNAME enviroment variable
     to 'KCM:uid' or add the stanza

     [libdefaults]
	     default_cc_name = KCM:%{uid}

     to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup
     files.

     The kcm daemon can hold the credentials for all users in the system.  Access control is done
     with Unix-like permissions.  The daemon checks the access on all operations based on the uid
     and gid of the user.  The tickets are renewed as long as is permitted by the KDC's policy.

     The kcm daemon can also keep a SYSTEM credential that server processes can use to access
     services.	One example of usage might be an nss_ldap module that quickly needs to get cre-
     dentials and doesn't want to renew the ticket itself.

     Supported options:

     --cache-name=cachename
	     system cache name

     -c file, --config-file=file
	     location of config file

     -g group, --group=group
	     system cache group

     --max-request=size
	     max size for a kcm-request

     --disallow-getting-krbtgt
	     disallow extracting any krbtgt from the kcm daemon.

     --detach
	     detach from console

     -h, --help

     -k principal, --system-principal=principal
	     system principal name

     -l time, --lifetime=time
	     lifetime of system tickets

     -m mode, --mode=mode
	     octal mode of system cache

     -n, --no-name-constraints
	     disable credentials cache name constraints

     -r time, --renewable-life=time
	     renewable lifetime of system tickets

     -s path, --socket-path=path
	     path to kcm domain socket

     --door-path=path
	     path to kcm door socket

     -S principal, --server=principal
	     server to get system ticket for

     -t keytab, --keytab=keytab
	     system keytab name

     -u user, --user=user
	     system cache owner

     -v, --version

BSD					   May 29, 2005 				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 06:04 PM.