NAME

kcm - is a process based credential cache for Kerberos tickets.

SYNOPSIS

kcm [--cache-name=cachename] file=file [-c file Xo --config-] --group=group [-g group Xo] [--max-request=size] [--disallow-getting-krbtgt] [--detach] [-h | --help] --system-principal=principal [-k principal Xo] --lifetime=time [-l time Xo] --mode=mode [-m mode Xo] [-n | --no-name-constraints] --renewable-life=time [-r time Xo] --socket-path=path [-s path Xo] --door-path=path [Xo] --server=principal [-S principal Xo] --keytab=keytab [-t keytab Xo] --user=user [-u user Xo] [-v | --version]

DESCRIPTION

kcm is a process based credential cache. To use it, set the KRB5CCNAME enviroment variable to `KCM:uid' or add the stanza
        

[libdefaults] default_cc_name = KCM:%{uid}

to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.

The kcm daemon can hold the credentials for all users in the system. Access control is done with Unix-like permissions. The daemon checks the access on all operations based on the uid and gid of the user. The tickets are renewed as long as is permitted by the KDC's policy.

The kcm daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap module that quickly needs to get credentials and doesn't want to renew the ticket itself.

Supported options:

Xo
--cache-name=cachename system cache name

Xo
-c file, --config-file=file location of config file

Xo
-g group, --group=group system cache group

Xo
--max-request=size max size for a kcm-request

Xo
--disallow-getting-krbtgt disallow extracting any krbtgt from the kcm daemon.

Xo
--detach detach from console

Xo
-h, --help

Xo
-k principal, --system-principal=principal system principal name

Xo
-l time, --lifetime=time lifetime of system tickets

Xo
-m mode, --mode=mode octal mode of system cache

Xo
-n, --no-name-constraints disable credentials cache name constraints

Xo
-r time, --renewable-life=time renewable lifetime of system tickets

Xo
-s path, --socket-path=path path to kcm domain socket

Xo
--door-path=path path to kcm door socket

Xo
-S principal, --server=principal server to get system ticket for

Xo
-t keytab, --keytab=keytab system keytab name

Xo
-u user, --user=user system cache owner

Xo
-v, --version