1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
KADMIN(8) UNIX System Manager's Manual KADMIN(8)
N�NA�AM�ME�E
k�ka�ad�dm�mi�in�n - Kerberos administration utility
S�SY�YN�NO�OP�PS�SI�IS�S
k�ka�ad�dm�mi�in�n [-�-p�p _�s_�t_�r_�i_�n_�g | -�--�-p�pr�ri�in�nc�ci�ip�pa�al�l=�=_�s_�t_�r_�i_�n_�g] [-�-K�K _�s_�t_�r_�i_�n_�g | -�--�-k�ke�ey�yt�ta�ab�b=�=_�s_�t_�r_�i_�n_�g] [-�-c�c
_�f_�i_�l_�e | -�--�-c�co�on�nf�fi�ig�g-�-f�fi�il�le�e=�=_�f_�i_�l_�e] [-�-k�k _�f_�i_�l_�e | -�--�-k�ke�ey�y-�-f�fi�il�le�e=�=_�f_�i_�l_�e] [-�-r�r _�r_�e_�a_�l_�m |
-�--�-r�re�ea�al�lm�m=�=_�r_�e_�a_�l_�m] [-�-a�a _�h_�o_�s_�t | -�--�-a�ad�dm�mi�in�n-�-s�se�er�rv�ve�er�r=�=_�h_�o_�s_�t] [-�-s�s _�p_�o_�r_�t _�n_�u_�m_�b_�e_�r |
-�--�-s�se�er�rv�ve�er�r-�-p�po�or�rt�t=�=_�p_�o_�r_�t _�n_�u_�m_�b_�e_�r] [-�-l�l | -�--�-l�lo�oc�ca�al�l] [-�-h�h | -�--�-h�he�el�lp�p] [-�-v�v | -�--�-v�ve�er�rs�si�io�on�n]
[_�c_�o_�m_�m_�a_�n_�d]
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
The k�ka�ad�dm�mi�in�n program is used to make modification to the Kerberos database,
either remotely via the kadmind(8) daemon, or locally (with the -�-l�l op-
tion).
Supported options:
-�-p�p _�s_�t_�r_�i_�n_�g, -�--�-p�pr�ri�in�nc�ci�ip�pa�al�l=�=_�s_�t_�r_�i_�n_�g
principal to authenticate as
-�-K�K _�s_�t_�r_�i_�n_�g, -�--�-k�ke�ey�yt�ta�ab�b=�=_�s_�t_�r_�i_�n_�g
keytab for authentication pricipal
-�-c�c _�f_�i_�l_�e, -�--�-c�co�on�nf�fi�ig�g-�-f�fi�il�le�e=�=_�f_�i_�l_�e
location of config file
-�-k�k _�f_�i_�l_�e, -�--�-k�ke�ey�y-�-f�fi�il�le�e=�=_�f_�i_�l_�e
location of master key file
-�-r�r _�r_�e_�a_�l_�m, -�--�-r�re�ea�al�lm�m=�=_�r_�e_�a_�l_�m
realm to use
-�-a�a _�h_�o_�s_�t, -�--�-a�ad�dm�mi�in�n-�-s�se�er�rv�ve�er�r=�=_�h_�o_�s_�t
server to contact
-�-s�s _�p_�o_�r_�t _�n_�u_�m_�b_�e_�r, -�--�-s�se�er�rv�ve�er�r-�-p�po�or�rt�t=�=_�p_�o_�r_�t _�n_�u_�m_�b_�e_�r
port to use
-�-l�l, -�--�-l�lo�oc�ca�al�l
local admin mode
If no _�c_�o_�m_�m_�a_�n_�d is given on the command line, k�ka�ad�dm�mi�in�n will prompt for com-
mands to process. Commands include:
a�ad�dd�d [-�-r�r | -�--�-r�ra�an�nd�do�om�m-�-k�ke�ey�y] [-�--�-r�ra�an�nd�do�om�m-�-p�pa�as�ss�sw�wo�or�rd�d] [-�-p�p _�s_�t_�r_�i_�n_�g |
-�--�-p�pa�as�ss�sw�wo�or�rd�d=�=_�s_�t_�r_�i_�n_�g] [-�--�-k�ke�ey�y=�=_�s_�t_�r_�i_�n_�g] [-�--�-m�ma�ax�x-�-t�ti�ic�ck�ke�et�t-�-l�li�if�fe�e=�=_�l_�i_�f_�e_�t_�i_�m_�e]
[-�--�-m�ma�ax�x-�-r�re�en�ne�ew�wa�ab�bl�le�e-�-l�li�if�fe�e=�=_�l_�i_�f_�e_�t_�i_�m_�e] [-�--�-a�at�tt�tr�ri�ib�bu�ut�te�es�s=�=_�a_�t_�t_�r_�i_�b_�u_�t_�e_�s]
[-�--�-e�ex�xp�pi�ir�ra�at�ti�io�on�n-�-t�ti�im�me�e=�=_�t_�i_�m_�e] [-�--�-p�pw�w-�-e�ex�xp�pi�ir�ra�at�ti�io�on�n-�-t�ti�im�me�e=�=_�t_�i_�m_�e] _�p_�r_�i_�n_�c_�i_�p_�a_�l_�._�._�.
creates a new principal
p�pa�as�ss�sw�wd�d [-�-r�r | -�--�-r�ra�an�nd�do�om�m-�-k�ke�ey�y] [-�--�-r�ra�an�nd�do�om�m-�-p�pa�as�ss�sw�wo�or�rd�d] [-�-p�p _�s_�t_�r_�i_�n_�g |
-�--�-p�pa�as�ss�sw�wo�or�rd�d=�=_�s_�t_�r_�i_�n_�g] [-�--�-k�ke�ey�y=�=_�s_�t_�r_�i_�n_�g] _�p_�r_�i_�n_�c_�i_�p_�a_�l_�._�._�.
changes the password of an existing principal
d�de�el�le�et�te�e _�p_�r_�i_�n_�c_�i_�p_�a_�l_�._�._�.
removes a principal
d�de�el�l_�_e�en�nc�ct�ty�yp�pe�e _�p_�r_�i_�n_�c_�i_�p_�a_�l _�e_�n_�c_�t_�y_�p_�e_�s_�._�._�.
removes some enctypes from a principal, this can be useful
the service belonging to the principal is known to not handle
certain enctypes
e�ex�xt�t_�_k�ke�ey�yt�ta�ab�b [-�-k�k _�s_�t_�r_�i_�n_�g | -�--�-k�ke�ey�yt�ta�ab�b=�=_�s_�t_�r_�i_�n_�g] _�p_�r_�i_�n_�c_�i_�p_�a_�l_�._�._�.
creates a keytab with the keys of the specified principals
g�ge�et�t [-�-l�l | -�--�-l�lo�on�ng�g] [-�-s�s | -�--�-s�sh�ho�or�rt�t] [-�-t�t | -�--�-t�te�er�rs�se�e] _�e_�x_�p_�r_�e_�s_�s_�i_�o_�n_�._�._�.
lists the principals that match the expressions (which are
shell glob like), long format gives more information, and
terse just prints the names
r�re�en�na�am�me�e _�f_�r_�o_�m _�t_�o
renames a principal
m�mo�od�di�if�fy�y [-�-a�a _�a_�t_�t_�r_�i_�b_�u_�t_�e_�s | -�--�-a�at�tt�tr�ri�ib�bu�ut�te�es�s=�=_�a_�t_�t_�r_�i_�b_�u_�t_�e_�s]
[-�--�-m�ma�ax�x-�-t�ti�ic�ck�ke�et�t-�-l�li�if�fe�e=�=_�l_�i_�f_�e_�t_�i_�m_�e] [-�--�-m�ma�ax�x-�-r�re�en�ne�ew�wa�ab�bl�le�e-�-l�li�if�fe�e=�=_�l_�i_�f_�e_�t_�i_�m_�e]
[-�--�-e�ex�xp�pi�ir�ra�at�ti�io�on�n-�-t�ti�im�me�e=�=_�t_�i_�m_�e] [-�--�-p�pw�w-�-e�ex�xp�pi�ir�ra�at�ti�io�on�n-�-t�ti�im�me�e=�=_�t_�i_�m_�e]
[-�--�-k�kv�vn�no�o=�=_�n_�u_�m_�b_�e_�r] _�p_�r_�i_�n_�c_�i_�p_�a_�l
modifies certain attributes of a principal
p�pr�ri�iv�vi�il�le�eg�ge�es�s
lists the operations you are allowd to perform
When running in local mode, the following commands can also be used.
d�du�um�mp�p [-�-d�d | -�--�-d�de�ec�cr�ry�yp�pt�t] [_�d_�u_�m_�p_�-_�f_�i_�l_�e]
writes the database in ``human readable'' form to the speci-
fied file, or standard out
i�in�ni�it�t [-�--�-r�re�ea�al�lm�m-�-m�ma�ax�x-�-t�ti�ic�ck�ke�et�t-�-l�li�if�fe�e=�=_�s_�t_�r_�i_�n_�g]
[-�--�-r�re�ea�al�lm�m-�-m�ma�ax�x-�-r�re�en�ne�ew�wa�ab�bl�le�e-�-l�li�if�fe�e=�=_�s_�t_�r_�i_�n_�g] _�r_�e_�a_�l_�m
initialises the Kerberos database with entries for a new
realm, it's possible to have more than one realm served by
one server
l�lo�oa�ad�d _�f_�i_�l_�e
reads a previously dumped database, and re-creates that
database from scratch
m�me�er�rg�ge�e _�f_�i_�l_�e
similar to l�li�is�st�t but just modifies the database with the en-
tries in the dump file
S�SE�EE�E A�AL�LS�SO�O
kadmind(8), kdc(8)
HEIMDAL September 10, 2000 2
|
