blob: 606141805b63aea31356a831eeb757097d4429b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
.TH credmonger 8 2009-04-02 "" ""
.SH NAME
credmonger \- maintain Kerberos credential caches for other processes
.SH SYNOPSIS
credmonger [-c \fIconfigdir\fP] [-n] [-p \fIpidfile\fP]
.SH DESCRIPTION
The \fIcredmonger\fP daemon creates and refreshes Kerberos credential cache
files on behalf of other processes and users, which are typically daemons
which need to authenticate to other services using Kerberos.
.SH ARGUMENTS
.IP -c configdir
Changes the directory in which \fIcredmonger\fP searches for its configuration
from the default (\fI@myconfigdir@\fP) to the specified value.
.IP -n
Tells \fIcredmonger\fP to not fork and become a background process. When
running in the foreground, \fIcredmonger\fP will print diagnostic information
to \fIstderr\fP.
.IP -p pidfile
When running as a background process, \fIcredmonger\fP will log its process ID
to the named file.
.SH CONFIGURATION
The \fIcredmonger\fP daemon searches its configuration directory for
files. Each file is expected to contain one or lines, each containing a
colon-separated list of relevant settings.
The first field contains the name or UID of the user for whom the credential
cache should be maintained.
The second field contains the path of the keytab which contains the keys which
can be used to obtain credentials.
The third field contains the user's principal name. The principal name need
not contain a realm component if it is the default realm. If the principal
name ends with a "/" character, the local host name will be appended.
The fourth field contains the path to the file credential cache in which the
credentials will be stored. If the name ends with XXXXXX, then a unique file
name will be generated using mkstemp(\fB3\fP). The file is removed when the
daemon exits.
The work of \fIcredmonger\fP can be accomplished with a combination of
cron(\fB8\fP) and kinit(\fB1\fP)'s \fI-k\fP option.
.SH EXAMPLE
Make sure that the root user has credentials for the local system's
\fIhost\fP service in \fI/tmp/krb5cc_0\fP.
root:/etc/krb5.keytab:host/:/tmp/krb5cc_0
.SH SEE ALSO
kinit(\fB1\fP)
.SH BUGS
How did you get this program?
|
