:man| Alphabetical   Categories   About us 
KADMIN (8) | System administration commands and daemons | Unix Manual Pages | :man


kadmin - Kerberos administration utility


See Also


kadmin [-p string | Xo --principal= string ] [-K string | Xo --keytab= string ] [-c file | Xo --config-file= file ] [-k file | Xo --key-file= file ] [-r realm | Xo --realm= realm ] [-a host | Xo --admin-server= host ] [-s port number | Xo --server-port= port number ] [-l-| --local ] [-h-| --help ] [-v-| --version ] [command]


The kadmin program is used to make modifications to the Kerberos database, either remotely via the kadmind(8) daemon, or locally (with the -l option).

Supported options:

-p string, --principal= string
principal to authenticate as
-K string, --keytab= string
keytab for authentication principal
-c file, --config-file= file
location of config file
-k file, --key-file= file
location of master key file
-r realm, --realm= realm
realm to use
-a host, --admin-server= host
server to contact
-s port number, --server-port= port number
port to use
-l , --local
local admin mode

If no command is given on the command line, kadmin will prompt for commands to process. Commands include:


[-r-| --random-key ]


[-p string | Xo

--password= string









creates a new principal

passwd [-r-| --random-key ] [--random-password] [-p string | Xo --password= string ] [--key=string] principal...

changes the password of an existing principal

delete principal...

removes a principal

del_enctype principal enctypes...

removes some enctypes from a principal. This can be useful the service
belonging to the principal is known to not handle certain enctypes

ext_keytab [-k string | Xo --keytab= string ] principal...

creates a keytab with the keys of the specified principals

get [-l-| --long ] [-s-| --short ] [-t-| --terse ] expression...

lists the principals that match the expressions (which are shell glob
like), long format gives more information, and terse just prints the

rename from to

renames a principal

modify [-a attributes | Xo --attributes= attributes ] [--max-ticket-life=lifetime] [--max-renewable-life=lifetime] [--expiration-time=time] [--pw-expiration-time=time] [--kvno=number] principal

modifies certain attributes of a principal


lists the operations you are allowed to perform

When running in local mode, the following commands can also be used:


[-d-| --decrypt ]


writes the database in

"human readable"
form to the specified file, or standard out

init [--realm-max-ticket-life=string] [--realm-max-renewable-life=string] realm

initializes the Kerberos database with entries for a new realm. It’s
possible to have more than one realm served by one server

load file

reads a previously dumped database, and re-creates that database from scratch

merge file

similar to

but just modifies the database with the entries in the dump file


kadmind(8), kdc(8)

Share this page

     Follow us

Facebook Twitter Google+ LinkedIn

Created by Blin Media, 2008-2013