:man| Alphabetical   Categories   About us 
 
KADMIN (8) | System administration commands and daemons | Unix Manual Pages | :man

NAME

kadmin - Kerberos administration utility

CONTENTS

Synopsis
Description
See Also

SYNOPSIS

kadmin [-p string | Xo --principal= string ] [-K string | Xo --keytab= string ] [-c file | Xo --config-file= file ] [-k file | Xo --key-file= file ] [-r realm | Xo --realm= realm ] [-a host | Xo --admin-server= host ] [-s port number | Xo --server-port= port number ] [-l-| --local ] [-h-| --help ] [-v-| --version ] [command]

DESCRIPTION

The kadmin program is used to make modifications to the Kerberos database, either remotely via the kadmind(8) daemon, or locally (with the -l option).

Supported options:

-p string, --principal= string
principal to authenticate as
-K string, --keytab= string
keytab for authentication principal
-c file, --config-file= file
location of config file
-k file, --key-file= file
location of master key file
-r realm, --realm= realm
realm to use
-a host, --admin-server= host
server to contact
-s port number, --server-port= port number
port to use
-l , --local
local admin mode

If no command is given on the command line, kadmin will prompt for commands to process. Commands include:

add

[-r-| --random-key ]

[--random-password]

[-p string | Xo

--password= string


]

[--key=string]

[--max-ticket-life=lifetime]

[--max-renewable-life=lifetime]

[--attributes=attributes]

[--expiration-time=time]

[--pw-expiration-time=time]

principal...



creates a new principal

passwd [-r-| --random-key ] [--random-password] [-p string | Xo --password= string ] [--key=string] principal...


changes the password of an existing principal

delete principal...


removes a principal

del_enctype principal enctypes...


removes some enctypes from a principal. This can be useful the service
belonging to the principal is known to not handle certain enctypes

ext_keytab [-k string | Xo --keytab= string ] principal...


creates a keytab with the keys of the specified principals

get [-l-| --long ] [-s-| --short ] [-t-| --terse ] expression...


lists the principals that match the expressions (which are shell glob
like), long format gives more information, and terse just prints the
names

rename from to


renames a principal

modify [-a attributes | Xo --attributes= attributes ] [--max-ticket-life=lifetime] [--max-renewable-life=lifetime] [--expiration-time=time] [--pw-expiration-time=time] [--kvno=number] principal


modifies certain attributes of a principal

privileges


lists the operations you are allowed to perform

When running in local mode, the following commands can also be used:

dump

[-d-| --decrypt ]

[dump-file]



writes the database in

"human readable"
form to the specified file, or standard out

init [--realm-max-ticket-life=string] [--realm-max-renewable-life=string] realm


initializes the Kerberos database with entries for a new realm. It’s
possible to have more than one realm served by one server

load file


reads a previously dumped database, and re-creates that database from scratch

merge file


similar to

list
but just modifies the database with the entries in the dump file

SEE ALSO

kadmind(8), kdc(8)

 
Created by Blin Media, 2008-2013