DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

kadmin(8)


KADMIN(8)                UNIX System Manager's Manual                KADMIN(8)

NAME

     kadmin - Kerberos administration utility

SYNOPSIS

     kadmin [-p string | --principal=string] [-K string | --keytab=string] [-c
     file | --config-file=file] [-k file | --key-file=file] [-r realm |
     --realm=realm] [-a host | --admin-server=host] [-s port number |
     --server-port=port number] [-l | --local] [-h | --help] [-v | --version]
     [command]

DESCRIPTION

     The kadmin program is used to make modifications to the Kerberos
     database, either remotely via the kadmind(8) daemon, or locally (with the
     -l option).

     Supported options:

     -p string, --principal=string
             principal to authenticate as

     -K string, --keytab=string
             keytab for authentication principal

     -c file, --config-file=file
             location of config file

     -k file, --key-file=file
             location of master key file

     -r realm, --realm=realm
             realm to use

     -a host, --admin-server=host
             server to contact

     -s port number, --server-port=port number
             port to use

     -l, --local
             local admin mode

     If no command is given on the command line, kadmin will prompt for com-
     mands to process. Commands include:

           add [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] [--max-ticket-life=lifetime]
           [--max-renewable-life=lifetime] [--attributes=attributes]
           [--expiration-time=time] [--pw-expiration-time=time] principal...

                 creates a new principal

           passwd [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] principal...

                 changes the password of an existing principal

           delete principal...

                 removes a principal

           del_enctype principal enctypes...

                 removes some enctypes from a principal. This can be useful
                 the service belonging to the principal is known to not handle
                 certain enctypes

           ext_keytab [-k string | --keytab=string] principal...

                 creates a keytab with the keys of the specified principals

           get [-l | --long] [-s | --short] [-t | --terse] expression...

                 lists the principals that match the expressions (which are
                 shell glob like), long format gives more information, and
                 terse just prints the names

           rename from to

                 renames a principal

           modify [-a attributes | --attributes=attributes]
           [--max-ticket-life=lifetime] [--max-renewable-life=lifetime]
           [--expiration-time=time] [--pw-expiration-time=time]
           [--kvno=number] principal

                 modifies certain attributes of a principal

           privileges

                 lists the operations you are allowed to perform

     When running in local mode, the following commands can also be used:

           dump [-d | --decrypt] [dump-file]

                 writes the database in ``human readable'' form to the speci-
                 fied file, or standard out

           init [--realm-max-ticket-life=string]
           [--realm-max-renewable-life=string] realm

                 initializes the Kerberos database with entries for a new
                 realm. It's possible to have more than one realm served by
                 one server

           load file

                 reads a previously dumped database, and re-creates that
                 database from scratch

           merge file

                 similar to list but just modifies the database with the en-
                 tries in the dump file

SEE ALSO

     kadmind(8),  kdc(8)

 HEIMDAL                      September 10, 2000                             2
Man(1) output converted with man2html