KADMIN(8) KADMIN(8)
NAME
kadmin - network utility for Kerberos database administra-
tion
SYNOPSIS
kadmin [-u user] [-r default_realm] [-m] [-t]
DESCRIPTION
This utility provides a unified administration interface
to the Kerberos master database. Kerberos administrators
use kadmin to register new users and services to the mas-
ter database, and to change information about existing
database entries. For instance, an administrator can use
kadmin to change a user's Kerberos password. A Kerberos
administrator is a user with an ``admin'' instance whose
name appears on one of the Kerberos administration access
control lists. If the -u option is used, user will be
used as the administrator instead of the local user. If
the -r option is used, default_realm will be used as the
default realm for transactions. Otherwise, the local
realm will be used by default. If the -m option is used,
multiple requests will be permitted on only one entry of
the admin password. Some sites won't support this option.
The -t option is used to tell kadmin to use the existing
ticket file instead of creating a new one.
The kadmin program communicates over the network with the
kadmind program, which runs on the machine housing the
Kerberos master database. The kadmind creates new entries
and makes modifications to the database.
When you enter the kadmin command, the program displays a
message that welcomes you and explains how to ask for
help. Then kadmin waits for you to enter commands (which
are described below). It then asks you for your admin
password before accessing the database.
All commands can be abbreviated as long as they are
unique. Some short versions of the commands are also rec-
ognized for backwards compatibility.
Use the add_new_key (or ank for short) command to register
a new principal with the master database. The command
requires one argument, the principal's name. The name
given can be fully qualified using the standard
name.instance@realm convention. You are asked to enter
your admin password, then prompted twice to enter the
principal's new password. If no realm is specified, the
local realm is used unless another was given on the com-
mandline with the -r flag. If no instance is specified, a
null instance is used. If a realm other than the default
realm is specified, you will need to supply your admin
password for the other realm.
KADMIN(8) KADMIN(8)
Use the change_password (cpw) to change a principal's Ker-
beros password. The command requires one argument, the
principal's name. You are asked to enter your admin pass-
word, then prompted twice to enter the principal's new
password. The name given can be fully qualified using the
standard name.instance@realm convention.
Use the change_key (ckey) if you have a need to change the
raw key of a particular principal. In other words, if you
do not want to input a DES key instead of a password that
will get converted into a DES key.
Use the change_admin_password (cap) to change your admin
instance password. This command requires no arguments.
It prompts you for your old admin password, then prompts
you twice to enter the new admin password. If this is
your first command, the default realm is used. Otherwise,
the realm used in the last command is used.
Use the del_entry (del) to remove an entry from the ker-
beros database.
Use the mod_entry (mod) to modify a particular entry, for
example to change the expire date.
Use the destroy_tickets (dest) command to destroy your
admin tickets explicitly.
Use the list_requests (lr) command to get a list of possi-
ble commands.
Use the help command to display kadmin's various help mes-
sages. If entered without an argument, help displays a
general help message. You can get detailed information on
specific kadmin commands by entering help command_name.
To quit the program, type quit.
BUGS
The user interface is primitive, and the command names
could be better.
SEE ALSO
kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
AUTHORS
Jeffrey I. Schiller, MIT Project Athena
Emanuel Jay Berkenbilt, MIT Project Athena
Man(1) output converted with
man2html