Poster of Linux kernelThe best gift for a Linux geek
KCM

KCM

Section: Maintenance Commands (8)
Local index Up

BSD mandoc
Heimdal  

NAME

kcm - is a process based credential cache for Kerberos tickets.  

SYNOPSIS

[--cache-name= cachename ] [-c file | --config-file= file ] [-g group | --group= group ] [--max-request= size ] [--disallow-getting-krbtgt ] [--detach ] [-h | --help ] [-k principal | --system-principal= principal ] [-l time | --lifetime= time ] [-m mode | --mode= mode ] [-n | --no-name-constraints ] [-r time | --renewable-life= time ] [-s path | --socket-path= path ] [ --door-path= path ] [-S principal | --server= principal ] [-t keytab | --keytab= keytab ] [-u user | --user= user ] [-v | --version ]  

DESCRIPTION

is a process based credential cache. To use it, set the KRB5CCNAME enviroment variable to `KCM:' Ns Ar uid or add the stanza

[libdefaults]
        default_cc_name = KCM:%{uid}

to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.

The daemon can hold the credentials for all users in the system. Access control is done with Unix-like permissions. The daemon checks the access on all operations based on the uid and gid of the user. The tickets are renewed as long as is permitted by the KDC's policy.

The daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap module that quickly needs to get credentials and doesn't want to renew the ticket itself.

Supported options:

--cache-name= cachename
system cache name
-c file --config-file= file
location of config file
-g group --group= group
system cache group
--max-request= size
max size for a kcm-request
--disallow-getting-krbtgt
disallow extracting any krbtgt from the kcm daemon.
--detach
detach from console
-h --help
-k principal --system-principal= principal
system principal name
-l time --lifetime= time
lifetime of system tickets
-m mode --mode= mode
octal mode of system cache
-n --no-name-constraints
disable credentials cache name constraints
-r time --renewable-life= time
renewable lifetime of system tickets
-s path --socket-path= path
path to kcm domain socket
--door-path= path
path to kcm door socket
-S principal --server= principal
server to get system ticket for
-t keytab --keytab= keytab
system keytab name
-u user --user= user
system cache owner
-v --version


 

Index

NAME
SYNOPSIS
DESCRIPTION

This document was created by man2html, using the manual pages.
Time: 22:01:52 GMT, April 16, 2011