Specifies the location of the config file, the default is /var/heimdal/kdc.conf. This is the only value that cant be specified in the config file.
-p , --no-require-preauth
Turn off the requirement for pre-autentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline password attacks. You might want to turn it off if you have clients that dont support pre-authentication. Since the version 4 protocol doesnt support any pre-authentication, serving version 4 clients is just about the same as not requiring pre-athentication. The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this.
Gives an upper limit on the size of the requests that the kdc is willing to handle.
-H , --enable-http
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
dont respond to 524 requests
respond to Kerberos 4 requests
respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them.
-r string, --v4-realm= string
What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 protocol doesnt contain a realm for the server, it must be explicitly specified. The default is whatever is returned by krb_get_lrealm. This option is only availabe if the KDC has been compiled with version 4 support.
-K , --kaserver
Enable kaserver emulation (in case its compiled in).
-P portspec, --ports= portspec
Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers.
--addresses= list of addresses
The list of addresses to listen for requests on. By default, the kdc will listen on all the locally configured addresses. If only a subset is desired, or the automatic detection fails, this option might be used.
All activities are logged to one or more destinations, see krb5.conf(5), and krb5_openlog(3). The entity used for logging is kdc.