kcm
- is a process based credential cache for Kerberos tickets.
SYNOPSIS
[--cache-name= cachename
]
[-c file |
--config-file= file
]
[-g group |
--group= group
]
[--max-request= size
]
[--disallow-getting-krbtgt
]
[--detach
]
[-h | --help
]
[-k principal |
--system-principal= principal
]
[-l time |
--lifetime= time
]
[-m mode |
--mode= mode
]
[-n | --no-name-constraints
]
[-r time |
--renewable-life= time
]
[-s path |
--socket-path= path
]
[
--door-path= path
]
[-S principal |
--server= principal
]
[-t keytab |
--keytab= keytab
]
[-u user |
--user= user
]
[-v | --version
]
DESCRIPTION
is a process based credential cache.
To use it, set the
KRB5CCNAME
enviroment variable to
`KCM:'
Ns Ar uid
or add the stanza
[libdefaults]
default_cc_name = KCM:%{uid}
to the
/etc/krb5.conf
configuration file and make sure
kcm
is started in the system startup files.
The
daemon can hold the credentials for all users in the system. Access
control is done with Unix-like permissions. The daemon checks the
access on all operations based on the uid and gid of the user. The
tickets are renewed as long as is permitted by the KDC's policy.
The
daemon can also keep a SYSTEM credential that server processes can
use to access services. One example of usage might be an nss_ldap
module that quickly needs to get credentials and doesn't want to renew
the ticket itself.
Supported options:
--cache-name= cachename
system cache name
-c file
--config-file= file
location of config file
-g group
--group= group
system cache group
--max-request= size
max size for a kcm-request
--disallow-getting-krbtgt
disallow extracting any krbtgt from the
kcm
daemon.