:man| Alphabetical   Categories   About us 
KADMIN (8) | System administration commands and daemons | Unix Manual Pages | :man


kadmin - Kerberos administration utility


See Also


kadmin [-p string | Xo --principal= string ] [-K string | Xo --keytab= string ] [-c file | Xo --config-file= file ] [-k file | Xo --key-file= file ] [-r realm | Xo --realm= realm ] [-a host | Xo --admin-server= host ] [-s port number | Xo --server-port= port number ] [-l-| --local ] [-h-| --help ] [-v-| --version ] [command]


The kadmin program is used to make modifications to the Kerberos database, either remotely via the kadmind(8) daemon, or locally (with the -l option).

Supported options:

-p string, --principal= string
principal to authenticate as
-K string, --keytab= string
keytab for authentication principal
-c file, --config-file= file
location of config file
-k file, --key-file= file
location of master key file
-r realm, --realm= realm
realm to use
-a host, --admin-server= host
server to contact
-s port number, --server-port= port number
port to use
-l , --local
local admin mode

If no command is given on the command line, kadmin will prompt for commands to process. Commands include:


[-r-| --random-key ]


[-p string | Xo

--password= string









creates a new principal

passwd [-r-| --random-key ] [--random-password] [-p string | Xo --password= string ] [--key=string] principal...

changes the password of an existing principal

delete principal...

removes a principal

del_enctype principal enctypes...

removes some enctypes from a principal. This can be useful the service
belonging to the principal is known to not handle certain enctypes

ext_keytab [-k string | Xo --keytab= string ] principal...

creates a keytab with the keys of the specified principals

get [-l-| --long ] [-s-| --short ] [-t-| --terse ] expression...

lists the principals that match the expressions (which are shell glob
like), long format gives more information, and terse just prints the

rename from to

renames a principal

modify [-a attributes | Xo --attributes= attributes ] [--max-ticket-life=lifetime] [--max-renewable-life=lifetime] [--expiration-time=time] [--pw-expiration-time=time] [--kvno=number] principal

modifies certain attributes of a principal


lists the operations you are allowed to perform

When running in local mode, the following commands can also be used:


[-d-| --decrypt ]


writes the database in

"human readable"
form to the specified file, or standard out

init [--realm-max-ticket-life=string] [--realm-max-renewable-life=string] realm

initializes the Kerberos database with entries for a new realm. It’s
possible to have more than one realm served by one server

load file

reads a previously dumped database, and re-creates that database from scratch

merge file

similar to

but just modifies the database with the entries in the dump file


kadmind(8), kdc(8)

Created by Blin Media, 2008-2013