© 2014 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later
Strictly speaking you do not need kadmind. With the use of kadmin.local and your LDAP tools you can completelt manage your Kerberos environment, but adding kadmind makes life a lot easier. To give an example, later on you need to deploy keytab-files. These can be written out on the master server using the -k filename option to ktadd and then secure copy them over to the right host, but it is much easier to run ktadd on the right host.
It is also easier for your users, with kadmind running they can change their password from their own machines.
kadmind should only run on the master KDC and not on the slaves. The server listens on TCP port 749, as described in the DNS document, so make sure this port is opened in the firewall.
Now you can start the kadmind service.
Use kpasswd to change your password from a workstation.