Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
KADMIN(8)               FreeBSD System Manager's Manual              KADMIN(8)

     kadmin -- Kerberos administration utility

     kadmin [-p string | --principal=string] [-K string | --keytab=string] [-c
            file | --config-file=file] [-k file | --key-file=file] [-r realm |
            --realm=realm] [-a host | --admin-server=host] [-s port number |
            --server-port=port number] [-l | --local] [-h | --help]
            [-v | --version] [command]

     The kadmin program is used to make modifications to the Kerberos data-
     base, either remotely via the kadmind(8) daemon, or locally (with the -l

     Supported options:

     -p string, --principal=string
             principal to authenticate as

     -K string, --keytab=string
             keytab for authentication principal

     -c file, --config-file=file
             location of config file

     -k file, --key-file=file
             location of master key file

     -r realm, --realm=realm
             realm to use

     -a host, --admin-server=host
             server to contact

     -s port number, --server-port=port number
             port to use

     -l, --local
             local admin mode

     If no command is given on the command line, kadmin will prompt for com-
     mands to process. Commands include:

           add [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] [--max-ticket-life=lifetime]
           [--max-renewable-life=lifetime] [--attributes=attributes]
           [--expiration-time=time] [--pw-expiration-time=time] principal...

                 creates a new principal

           passwd [-r | --random-key] [--random-password] [-p string |
           --password=string] [--key=string] principal...

                 changes the password of an existing principal

           delete principal...

                 removes a principal

           del_enctype principal enctypes...

                 removes some enctypes from a principal. This can be useful
                 the service belonging to the principal is known to not handle
                 certain enctypes

           ext_keytab [-k string | --keytab=string] principal...

                 creates a keytab with the keys of the specified principals

           get [-l | --long] [-s | --short] [-t | --terse] expression...

                 lists the principals that match the expressions (which are
                 shell glob like), long format gives more information, and
                 terse just prints the names

           rename from to

                 renames a principal

           modify [-a attributes | --attributes=attributes]
           [--max-ticket-life=lifetime] [--max-renewable-life=lifetime]
           [--expiration-time=time] [--pw-expiration-time=time]
           [--kvno=number] principal

                 modifies certain attributes of a principal


                 lists the operations you are allowed to perform

     When running in local mode, the following commands can also be used:

           dump [-d | --decrypt] [dump-file]

                 writes the database in ``human readable'' form to the speci-
                 fied file, or standard out

           init [--realm-max-ticket-life=string]
           [--realm-max-renewable-life=string] realm

                 initializes the Kerberos database with entries for a new
                 realm. It's possible to have more than one realm served by
                 one server

           load file

                 reads a previously dumped database, and re-creates that data-
                 base from scratch

           merge file

                 similar to list but just modifies the database with the
                 entries in the dump file

     kadmind(8), kdc(8)

HEIMDAL                       September 10, 2000                       HEIMDAL


Want to link to this manual page? Use this URL:

home | help