Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (NetBSD-2.0)
Apropos / Subsearch:
optional field

KADMIN(8)                 BSD System Manager's Manual                KADMIN(8)

     kadmin -- Kerberos administration utility

     kadmin [-p string | --principal=string] [-K string | --keytab=string] [-c
            file | --config-file=file] [-k file | --key-file=file] [-r realm |
            --realm=realm] [-a host | --admin-server=host] [-s port number |
            --server-port=port number] [-l | --local] [-h | --help]
            [-v | --version] [command]

     The kadmin program is used to make modifications to the Kerberos data-
     base, either remotely via the kadmind(8) daemon, or locally (with the -l

     Supported options:

     -p string, --principal=string
             principal to authenticate as

     -K string, --keytab=string
             keytab for authentication principal

     -c file, --config-file=file
             location of config file

     -k file, --key-file=file
             location of master key file

     -r realm, --realm=realm
             realm to use

     -a host, --admin-server=host
             server to contact

     -s port number, --server-port=port number
             port to use

     -l, --local
             local admin mode

     If no command is given on the command line, kadmin will prompt for com-
     mands to process. Commands include:

           add [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] [--max-ticket-life=lifetime]
           [--max-renewable-life=lifetime] [--attributes=attributes]
           [--expiration-time=time] [--pw-expiration-time=time] principal ...

                 creates a new principal

           passwd [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] principal ...

                 changes the password of an existing principal

           delete principal ...

                 removes a principal

           del_enctype principal enctypes ...

                 removes some enctypes from a principal. This can be useful
                 the service belonging to the principal is known to not handle
                 certain enctypes

           ext_keytab [-k string | --keytab=string] principal ...

                 creates a keytab with the keys of the specified principals

           get [-l | --long] [-s | --short] [-t | --terse] expression ...

                 lists the principals that match the expressions (which are
                 shell glob like), long format gives more information, and
                 terse just prints the names

           rename from to

                 renames a principal

           modify [-a attributes | --attributes=attributes]
           [--max-ticket-life=lifetime] [--max-renewable-life=lifetime]
           [--expiration-time=time] [--pw-expiration-time=time]
           [--kvno=number] principal

                 modifies certain attributes of a principal


                 lists the operations you are allowed to perform

     When running in local mode, the following commands can also be used:

           dump [-d | --decrypt] [dump-file]

                 writes the database in ``human readable'' form to the speci-
                 fied file, or standard out

           init [--realm-max-ticket-life=string]
           [--realm-max-renewable-life=string] realm

                 initializes the Kerberos database with entries for a new
                 realm. It's possible to have more than one realm served by
                 one server

           load file

                 reads a previously dumped database, and re-creates that data-
                 base from scratch

           merge file

                 similar to list but just modifies the database with the
                 entries in the dump file

     kadmind(8), kdc(8)

BSD                           September 10, 2000                           BSD