Nagios is a popular monitoring system and its plugin architecture allows it to be easily expanded. The site has a large number of Nagios plugins. Although there are a couple of plugins for testing the Kerberos KDC, there are no plugins to monitors the Kadmin daemon, so I wrote on and here it is.

Geting the files

The plugin can be downloaded from Monitoring Exchange or you can get the latest code from subversion. There are two files,, which is the plugin and README which speaks for itself.

Installation and configuration

Start by copying to your Nagios plugins directory, eg. /usr/lib/nagios/plugins.

Next create a Nagios command definition:

define command{
command_name check_kadmin
command_line /usr/lib/nagios/plugins/ -w 10 -u $ARG1$ -k $ARG2$ -r $ARG3$

Now create a service definition:

define service {
host_name server1
service_description Kadmin
check_command check_kadmin!user/admin@REALM.COM!/etc/user.keytab!REALM.COM
use generic-service
notification_interval 0

Make sure that the Kerberos realm exits in your krb5.conf for the realms that you want to monitor:

kdc =
admin_server =
default_domain =

Now create an admin user and keytab to be used for checks:

kadmin.local: addprinc -randkey user/admin
ktadd -k /etc/user.keytab user/admin

Give user user minimal permissions in the kadm5.acl file:

user/admin@REALM.COM l

You should now be able to reload the Nagios config and hey presto!