NAME
kcm —
process-based credential cache
for Kerberos tickets.
SYNOPSIS
kcm |
[--cache-name=cachename]
[-c file |
--config-file=file]
[-g group |
--group=group]
[--max-request=size]
[--disallow-getting-krbtgt]
[--detach]
[-h |
--help]
[-k principal |
--system-principal=principal]
[-l time |
--lifetime=time]
[-m mode |
--mode=mode]
[-n |
--no-name-constraints]
[-r time |
--renewable-life=time]
[-s path |
--socket-path=path]
[--door-path=path]
[-S principal |
--server=principal]
[-t keytab |
--keytab=keytab]
[-u user |
--user=user]
[-v |
--version] |
DESCRIPTION
kcm is a process based credential cache. To use it, set the
KRB5CCNAME
environment variable to
‘
KCM:uid
’ or add the
stanza
[libdefaults]
default_cc_name = KCM:%{uid}
to the
/etc/krb5.conf configuration file and make sure
kcm is started in the system startup files.
The
kcm daemon can hold the credentials for all users in the
system. Access control is done with Unix-like permissions. The daemon checks
the access on all operations based on the uid and gid of the user. The tickets
are renewed as long as is permitted by the KDC's policy.
The
kcm daemon can also keep a SYSTEM credential that server
processes can use to access services. One example of usage might be an
nss_ldap module that quickly needs to get credentials and doesn't want to
renew the ticket itself.
Supported options:
-
-
- --cache-name=cachename
- system cache name
-
-
- -c
file,
--config-file=file
- location of config file
-
-
- -g
group,
--group=group
- system cache group
-
-
- --max-request=size
- max size for a kcm-request
-
-
- --disallow-getting-krbtgt
- disallow extracting any krbtgt from the
kcm daemon.
-
-
- --detach
- detach from console
-
-
- -h,
--help
-
- -k
principal,
--system-principal=principal
- system principal name
-
-
- -l
time,
--lifetime=time
- lifetime of system tickets
-
-
- -m
mode,
--mode=mode
- octal mode of system cache
-
-
- -n,
--no-name-constraints
- disable credentials cache name constraints
-
-
- -r
time,
--renewable-life=time
- renewable lifetime of system tickets
-
-
- -s
path,
--socket-path=path
- path to kcm domain socket
-
-
- --door-path=path
- path to kcm door socket
-
-
- -S
principal,
--server=principal
- server to get system ticket for
-
-
- -t
keytab,
--keytab=keytab
- system keytab name
-
-
- -u
user,
--user=user
- system cache owner
-
-
- -v,
--version
-