kdcsetup(8) BSD General Commands Manual kdcsetup(8)
NAME
kdcsetup -- Kerberos -- Open Directory Single Sign On
SYNOPSIS
kdcsetup [-e] [-d] [-f dir_node] [-c dir_node] [-x] [-w] -a admin_name
[-p password] REALM
DESCRIPTION
kdcsetup is a tool for configuring an Apple Open Directory KDC, it also
will set up a stock MIT KDC. It creates the needed setup files and adds
the krb5kdc and kadmind servers to the launchd configuration. If the -f
option is used kdcsetup writes the KerbersKDC and KerberosClient config
records into the given open directory node. If the -c option is used
kdcsetup will create a clone (or slave kdc). If neither option is speci-
fied, kdcsetup will set up a stock MIT KDC, prompting for the Master
Password.
-e Eanbles kdcmond and kadmind in the launchd config (other options
except for -v are ignored)
-d Disables kdcmond and kadmind in the launchd config (other
options except for -v are ignored)
-f dir_node
Create a "master" KDC, write the KerberosKDC and KerberosClient
records into the given open directory node
-c dir_node
Create a "replica" KDC, read the KerberosKDC record from the
given open directory node and set this KDC up in the same way.
This does not copy over the Kerberos database or the kad-
min.keytab file. It does update the KerberosClient record,
adding an entry into the kdc list
-x Promotes a replica KDC to a master. This updates the Ker-
berosClient record in the current open directory node
-w Add kdcmond and kadmind to the launchd config
-a admin_name
Name of an administrator authorized to make changes in the open
directory node. Also this admin will be used as the administra-
tor in the KDC database. Note: this is not a principal name
-p password
The password for the above admin
REALM The realm that this KDC serves
EXAMPLES
To use kerberosautoconfig and kdcsetup to set up a stock MIT KDC
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -w -a administrator -p admin_pass REALM.ORG
To use kerberosautoconfig and kdcsetup to set up an Apple KDC as a master
with a local open directory master
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -f /LDAPv3/127.0.0.1 -w -a administrator -p admin_pass REALM.ORG
To use kerberosautoconfig and kdcsetup to set up an Apple KDC as a
replica
kerberosautoconfig -r REALM.ORG -m myserver.org
kdcsetup -c /LDAPv3/127.0.0.1 -w -a administrator -p admin_pass REALM.ORG
FILES
/var/db/krb5kdc/ directory where all the config & database
files for the KDC are stored
/var/log/krb5kdc/ directory where the log files from the KDC
are written
/System/Library/LaunchDaemons/com.apple.kdcmond
/System/Library/LaunchDaemons/edu.mit.kadmind
the -w option adds kdcmond and kadmind to
the launchd config
DIAGNOSTICS
You can add -v debug_level to any kdcsetup command. Debug level 1 pro-
vides status information, higher levels add progressivly more levels of
detail.
NOTES
The kdcsetup tool is used by the Apple Single Sign On system to set up a
KDC integrated with the rest of the Single Sign On components.
SEE ALSO
DirectoryService(1), kerberos(1), launchctl(1), kadmind(8),
kerberosautoconfig(8), kdcmond(8), krbservicesetup(8), krb5kdc(8),
launchd(8), sso_util(8)
Darwin June 12, 2008 Darwin
Mac OS X 10.4 Server - Generated Thu Jun 12 20:00:28 CDT 2008