kadmin - Kerberos administration utility
kadmin [-p string | --principal=string] [-K string |
--keytab=string]
[-c file | --config-file=file] [-k file |
--key-file=file]
[-r realm | --realm=realm] [-a host |
--admin-server=host]
[-s port number | --server-port=port number] [-l |
--local]
[-h | --help] [-v | --version] [command]
The kadmin program is used to make modifications to the Kerberos
database, either remotely via the kadmind(8) daemon, or locally (with the
-l option).
Supported options:
-p string, --principal=string
principal to authenticate as
-K string, --keytab=string
keytab for authentication principal
-c file, --config-file=file
location of config file
-k file, --key-file=file
location of master key file
-r realm, --realm=realm
realm to use
-a host, --admin-server=host
server to contact
-s port number, --server-port=port number
port to use
-l, --local
local admin mode
If no command is given on the command line, kadmin will
prompt for commands
to process. Commands include:
add [-r | --random-key] [--random-password] [-p string
|
--password=string] [--key=string]
[--max-ticket-life=lifetime]
[--max-renewable-life=lifetime]
[--attributes=attributes]
[--expiration-time=time] [--pw-expiration-time=time]
principal...
creates a new principal
passwd [-r | --random-key] [--random-password] [-p
string |
--password=string] [--key=string] principal...
changes the password of an existing principal
delete principal...
removes a principal
del_enctype principal enctypes...
removes some enctypes from a principal; this can
be useful if
the service belonging to the principal is known
to not handle
certain enctypes
ext_keytab [-k string | --keytab=string] principal...
creates a keytab with the keys of the specified
principals
get [-l | --long] [-s | --short] [-t | --terse]
expression...
lists the principals that match the expressions
(which are
shell glob like), long format gives more information, and
terse just prints the names
rename from to
renames a principal
modify [-a attributes | --attributes=attributes]
[--max-ticket-life=lifetime]
[--max-renewable-life=lifetime]
[--expiration-time=time] [--pw-expiration-time=time]
[--kvno=number] principal
modifies certain attributes of a principal
privileges
lists the operations you are allowed to perform
When running in local mode, the following commands can also
be used:
dump [-d | --decrypt] [dump-file]
writes the database in ``human readable'' form
to the specified
file, or standard out
init [--realm-max-ticket-life=string]
[--realm-max-renewable-life=string] realm
initializes the Kerberos database with entries
for a new
realm. It's possible to have more than one realm
served by
one server
load file
reads a previously dumped database, and re-creates that
database from scratch
merge file
similar to list but just modifies the database
with the entries
in the dump file
kadmind(8), kdc(8)
HEIMDAL September 10, 2000
[ Back ] |
