:man| Alphabetical   Categories   Search   About us 
 
KADMIN (8) | System administration commands and daemons | Unix Manual Pages | :man

NAME

kadmin - Kerberos administration utility

CONTENTS

Synopsis
Description
See Also

SYNOPSIS

kadmin [-p string | Xo --principal= string ] [-K string | Xo --keytab= string ] [-c file | Xo --config-file= file ] [-k file | Xo --key-file= file ] [-r realm | Xo --realm= realm ] [-a host | Xo --admin-server= host ] [-s port number | Xo --server-port= port number ] [-l-| --local ] [-h-| --help ] [-v-| --version ] [command]

DESCRIPTION

The kadmin program is used to make modifications to the Kerberos database, either remotely via the kadmind(8) daemon, or locally (with the -l option).

Supported options:
-p string, --principal= string
principal to authenticate as
-K string, --keytab= string
keytab for authentication principal
-c file, --config-file= file
location of config file
-k file, --key-file= file
location of master key file
-r realm, --realm= realm
realm to use
-a host, --admin-server= host
server to contact
-s port number, --server-port= port number
port to use
-l , --local
local admin mode

If no command is given on the command line, kadmin will prompt for commands to process. Commands include:

add

[-r-| --random-key ]

[--random-password]

[-p string | Xo

--password= string


]

[--key=string]

[--max-ticket-life=lifetime]

[--max-renewable-life=lifetime]

[--attributes=attributes]

[--expiration-time=time]

[--pw-expiration-time=time]

principal...



creates a new principal

passwd [-r-| --random-key ] [--random-password] [-p string | Xo --password= string ] [--key=string] principal...


changes the password of an existing principal

delete principal...


removes a principal

del_enctype principal enctypes...


removes some enctypes from a principal. This can be useful the service
belonging to the principal is known to not handle certain enctypes

ext_keytab [-k string | Xo --keytab= string ] principal...


creates a keytab with the keys of the specified principals

get [-l-| --long ] [-s-| --short ] [-t-| --terse ] expression...


lists the principals that match the expressions (which are shell glob
like), long format gives more information, and terse just prints the
names

rename from to


renames a principal

modify [-a attributes | Xo --attributes= attributes ] [--max-ticket-life=lifetime] [--max-renewable-life=lifetime] [--expiration-time=time] [--pw-expiration-time=time] [--kvno=number] principal


modifies certain attributes of a principal

privileges


lists the operations you are allowed to perform

When running in local mode, the following commands can also be used:

dump

[-d-| --decrypt ]

[dump-file]



writes the database in

"human readable"
form to the specified file, or standard out

init [--realm-max-ticket-life=string] [--realm-max-renewable-life=string] realm


initializes the Kerberos database with entries for a new realm. It’s
possible to have more than one realm served by one server

load file


reads a previously dumped database, and re-creates that database from scratch

merge file


similar to

list
but just modifies the database with the entries in the dump file

SEE ALSO

kadmind(8), kdc(8)

 
Free Tech Secrets ;) Copyright © 2008 Free Tect Secrets ;) greatis just4fun network just4fun