| KCM(8) | System Manager's Manual | KCM(8) | 
kcm —
| kcm | [ --cache-name=cachename]
      [-cfile |--config-file=file]
      [-ggroup |--group=group]
      [--max-request=size]
      [--disallow-getting-krbtgt]
      [--detach]
      [-h|--help]
      [-kprincipal |--system-principal=principal]
      [-ltime |--lifetime=time]
      [-mmode |--mode=mode]
      [-n|--no-name-constraints]
      [-rtime |--renewable-life=time]
      [-spath |--socket-path=path]
      [--door-path=path]
      [-Sprincipal |--server=principal]
      [-tkeytab |--keytab=keytab]
      [-uuser |--user=user]
      [-v|--version] | 
kcm is a process based credential cache. To use it, set
  the KRB5CCNAME environment variable to
  ‘KCM:uid’ or add
  the stanza
[libdefaults]
        default_cc_name = KCM:%{uid}
kcm is started in the system startup files.
The kcm daemon can hold the credentials
    for all users in the system. Access control is done with Unix-like
    permissions. The daemon checks the access on all operations based on the uid
    and gid of the user. The tickets are renewed as long as is permitted by the
    KDC's policy.
The kcm daemon can also keep a SYSTEM
    credential that server processes can use to access services. One example of
    usage might be an nss_ldap module that quickly needs to get credentials and
    doesn't want to renew the ticket itself.
Supported options:
--cache-name=cachename-c
    file,
    --config-file=file-g
    group,
    --group=group--max-request=size--disallow-getting-krbtgtkcm
      daemon.--detach-h,
    --help-k
    principal,
    --system-principal=principal-l
    time,
    --lifetime=time-m
    mode,
    --mode=mode-n,
    --no-name-constraints-r
    time,
    --renewable-life=time-s
    path,
    --socket-path=path--door-path=path-S
    principal,
    --server=principal-t
    keytab,
    --keytab=keytab-u
    user,
    --user=user-v,
    --version| May 29, 2005 | NetBSD 10.0 |