| KCM(8) | System Manager's Manual | KCM(8) |
| kcm | [--cache-name=cachename] [-c file | --config-file=file] [-g group | --group=group] [--max-request=size] [--disallow-getting-krbtgt] [--detach] [-h | --help] [-k principal | --system-principal=principal] [-l time | --lifetime=time] [-m mode | --mode=mode] [-n | --no-name-constraints] [-r time | --renewable-life=time] [-s path | --socket-path=path] [--door-path=path] [-S principal | --server=principal] [-t keytab | --keytab=keytab] [-u user | --user=user] [-v | --version] |
KCM:uid' or add the stanza
[libdefaults]
default_cc_name = KCM:%{uid}
to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.The kcm daemon can hold the credentials for all users in the system. Access control is done with Unix-like permissions. The daemon checks the access on all operations based on the uid and gid of the user. The tickets are renewed as long as is permitted by the KDC's policy.
The kcm daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap module that quickly needs to get credentials and doesn't want to renew the ticket itself.
Supported options:
| May 29, 2005 | NetBSD 6.1 |