KADMIN(8) MidnightBSD System Manager’s Manual KADMIN(8)

NAME

kadmin — Kerberos administration utility

SYNOPSIS

kadmin [

−p string |
−-principal=
string ] [
−K
string |
−-keytab=
string ] [
−c
file |
−-config-file=
file ] [
−k
file |
−-key-file=
file ] [
−r
realm |
−-realm=
realm ] [
−a
host |
−-admin-server=
host ] [
−s
port number |
−-server-port=
port number ] [−l −-local] [−h −-help] [−v −-version] [command]

DESCRIPTION

The kadmin program is used to make modifications to the Kerberos database, either remotely via the kadmind(8) daemon, or locally (with the −l option).

Supported options:

−p string, −-principal=string

principal to authenticate as

−K string, −-keytab=string

keytab for authentication principal

−c file, −-config-file=file

location of config file

−k file, −-key-file=file

location of master key file

−r realm, −-realm=realm

realm to use

−a host, −-admin-server=host

server to contact

−s port number, −-server-port=port number

port to use

−l, −-local

local admin mode

If no command is given on the command line, kadmin will prompt for commands to process. Commands include:

add [−r | −-random-key] [−-random-password] [

−p string |
−-password=
string ] [−-key=string] [−-max-ticket-life=lifetime] [−-max-renewable-life=lifetime] [−-attributes=attributes] [−-expiration-time=time] [−-pw-expiration-time=time] principal...

creates a new principal

passwd [−r | −-random-key] [−-random-password] [

−p string |
−-password=
string ] [−-key=string] principal...

changes the password of an existing principal

delete principal...

removes a principal

del_enctype principal enctypes...

removes some enctypes from a principal. This can be useful the service belonging to the principal is known to not handle certain enctypes

ext_keytab [

−k string |
−-keytab=
string ] principal...

creates a keytab with the keys of the specified principals

get [−l | −-long] [−s | −-short] [−t | −-terse] expression...

lists the principals that match the expressions (which are shell glob like), long format gives more information, and terse just prints the names

rename from to

renames a principal

modify [

−a attributes |
−-attributes=
attributes ] [−-max-ticket-life=lifetime] [−-max-renewable-life=lifetime] [−-expiration-time=time] [−-pw-expiration-time=time] [−-kvno=number] principal

modifies certain attributes of a principal

privileges

lists the operations you are allowed to perform

When running in local mode, the following commands can also be used:

dump [−d | −-decrypt] [dump-file]

writes the database in ‘‘human readable’’ form to the specified file, or standard out

init [−-realm-max-ticket-life=string] [−-realm-max-renewable-life=string] realm

initializes the Kerberos database with entries for a new realm. It’s possible to have more than one realm served by one server

load file

reads a previously dumped database, and re-creates that database from scratch

merge file

similar to list but just modifies the database with the entries in the dump file

SEE ALSO

kadmind(8), kdc(8)

HEIMDAL September 10, 2000 HEIMDAL