Starting the servers
Now we’re ready to start the KDC server processes. There are several daemons that are included with the MIT Kerberos 5 package, and we’ll detail them in Table 4-2. Unless otherwise specified, these daemons run on the master KDC only. All of these servers can be found in /usr/local/sbin (for the default installation prefix of /usr/local).
Daemon | Purpose |
krb5kdc | The Kerberos 5 KDC itself. It runs on both the master and all of the slave KDCs. |
krb524d | A daemon to translate Kerberos 5 service tickets into Kerberos 4 tickets. Used for backwards-compatibility with Kerberos 4-based services. For more information on running krb524d, see Chapter 8. |
kadmind | The Kerberos 5 administration daemon. This daemon is the server component to the kadmin administrative client. It also handles password change requests. |
kadmind4 | The Kerberos 4 administration daemon. This daemon is only necessary for compatibility with the Kerberos 4 version of kadmin. Not required for Kerberos 4 compatibility unless you’re using the Kerberos 4 administrative tools for some reason. Not recommended for new installs. |
v5passwdd | Implements an old version of the Kerberos 5 password-changing protocol. This daemon is not needed on most installations, and there are only a few clients which speak this older password-changing protocol. |
kpropd | This is the Kerberos 5 database propagation daemon. Unlike the daemons above, this daemon is run only on the slave KDCs. |
Typically, you’ll only need ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
