1.\" Copyright (c) 2000 - 2003 Kungliga Tekniska H�gskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id: kadmin.8,v 1.10 2003/03/31 10:42:32 lha Exp $ 33.\" 34.Dd September 10, 2000 35.Dt KADMIN 8 36.Os HEIMDAL 37.Sh NAME 38.Nm kadmin 39.Nd Kerberos administration utility 40.Sh SYNOPSIS 41.Nm 42.Oo Fl p Ar string \*(Ba Xo 43.Fl -principal= Ns Ar string 44.Xc 45.Oc 46.Oo Fl K Ar string \*(Ba Xo 47.Fl -keytab= Ns Ar string 48.Xc 49.Oc 50.Oo Fl c Ar file \*(Ba Xo 51.Fl -config-file= Ns Ar file 52.Xc 53.Oc 54.Oo Fl k Ar file \*(Ba Xo 55.Fl -key-file= Ns Ar file 56.Xc 57.Oc 58.Oo Fl r Ar realm \*(Ba Xo 59.Fl -realm= Ns Ar realm 60.Xc 61.Oc 62.Oo Fl a Ar host \*(Ba Xo 63.Fl -admin-server= Ns Ar host 64.Xc 65.Oc 66.Oo Fl s Ar port number \*(Ba Xo 67.Fl -server-port= Ns Ar port number 68.Xc 69.Oc 70.Op Fl l | Fl -local 71.Op Fl h | Fl -help 72.Op Fl v | Fl -version 73.Op Ar command 74.Sh DESCRIPTION 75The 76.Nm 77program is used to make modifications to the Kerberos database, either remotely via the 78.Xr kadmind 8 79daemon, or locally (with the 80.Fl l 81option). 82.Pp 83Supported options: 84.Bl -tag -width Ds 85.It Xo 86.Fl p Ar string , 87.Fl -principal= Ns Ar string 88.Xc 89principal to authenticate as 90.It Xo 91.Fl K Ar string , 92.Fl -keytab= Ns Ar string 93.Xc 94keytab for authentication principal 95.It Xo 96.Fl c Ar file , 97.Fl -config-file= Ns Ar file 98.Xc 99location of config file 100.It Xo 101.Fl k Ar file , 102.Fl -key-file= Ns Ar file 103.Xc 104location of master key file 105.It Xo 106.Fl r Ar realm , 107.Fl -realm= Ns Ar realm 108.Xc 109realm to use 110.It Xo 111.Fl a Ar host , 112.Fl -admin-server= Ns Ar host 113.Xc 114server to contact 115.It Xo 116.Fl s Ar port number , 117.Fl -server-port= Ns Ar port number 118.Xc 119port to use 120.It Xo 121.Fl l , 122.Fl -local 123.Xc 124local admin mode 125.El 126.Pp 127If no 128.Ar command 129is given on the command line, 130.Nm 131will prompt for commands to process. Commands include: 132.\" not using a list here, since groff apparently gets confused 133.\" with nested Xo/Xc 134.Bd -ragged -offset indent 135.Nm add 136.Op Fl r | Fl -random-key 137.Op Fl -random-password 138.Oo Fl p Ar string \*(Ba Xo 139.Fl -password= Ns Ar string 140.Xc 141.Oc 142.Op Fl -key= Ns Ar string 143.Op Fl -max-ticket-life= Ns Ar lifetime 144.Op Fl -max-renewable-life= Ns Ar lifetime 145.Op Fl -attributes= Ns Ar attributes 146.Op Fl -expiration-time= Ns Ar time 147.Op Fl -pw-expiration-time= Ns Ar time 148.Ar principal... 149.Pp 150.Bd -ragged -offset indent 151creates a new principal 152.Ed 153.Pp 154.Nm passwd 155.Op Fl r | Fl -random-key 156.Op Fl -random-password 157.Oo Fl p Ar string \*(Ba Xo 158.Fl -password= Ns Ar string 159.Xc 160.Oc 161.Op Fl -key= Ns Ar string 162.Ar principal... 163.Pp 164.Bd -ragged -offset indent 165changes the password of an existing principal 166.Ed 167.Pp 168.Nm delete 169.Ar principal... 170.Pp 171.Bd -ragged -offset indent 172removes a principal 173.Ed 174.Pp 175.Nm del_enctype 176.Ar principal enctypes... 177.Pp 178.Bd -ragged -offset indent 179removes some enctypes from a principal. This can be useful the service 180belonging to the principal is known to not handle certain enctypes 181.Ed 182.Pp 183.Nm ext_keytab 184.Oo Fl k Ar string \*(Ba Xo 185.Fl -keytab= Ns Ar string 186.Xc 187.Oc 188.Ar principal... 189.Pp 190.Bd -ragged -offset indent 191creates a keytab with the keys of the specified principals 192.Ed 193.Pp 194.Nm get 195.Op Fl l | Fl -long 196.Op Fl s | Fl -short 197.Op Fl t | Fl -terse 198.Ar expression... 199.Pp 200.Bd -ragged -offset indent 201lists the principals that match the expressions (which are shell glob 202like), long format gives more information, and terse just prints the 203names 204.Ed 205.Pp 206.Nm rename 207.Ar from to 208.Pp 209.Bd -ragged -offset indent 210renames a principal 211.Ed 212.Pp 213.Nm modify 214.Oo Fl a Ar attributes \*(Ba Xo 215.Fl -attributes= Ns Ar attributes 216.Xc 217.Oc 218.Op Fl -max-ticket-life= Ns Ar lifetime 219.Op Fl -max-renewable-life= Ns Ar lifetime 220.Op Fl -expiration-time= Ns Ar time 221.Op Fl -pw-expiration-time= Ns Ar time 222.Op Fl -kvno= Ns Ar number 223.Ar principal 224.Pp 225.Bd -ragged -offset indent 226modifies certain attributes of a principal 227.Ed 228.Pp 229.Nm privileges 230.Pp 231.Bd -ragged -offset indent 232lists the operations you are allowed to perform 233.Ed 234.Pp 235.Ed 236.Pp 237When running in local mode, the following commands can also be used: 238.Bd -ragged -offset indent 239.Nm dump 240.Op Fl d | Fl -decrypt 241.Op Ar dump-file 242.Pp 243.Bd -ragged -offset indent 244writes the database in 245.Dq human readable 246form to the specified file, or standard out 247.Ed 248.Pp 249.Nm init 250.Op Fl -realm-max-ticket-life= Ns Ar string 251.Op Fl -realm-max-renewable-life= Ns Ar string 252.Ar realm 253.Pp 254.Bd -ragged -offset indent 255initializes the Kerberos database with entries for a new realm. It's 256possible to have more than one realm served by one server 257.Ed 258.Pp 259.Nm load 260.Ar file 261.Pp 262.Bd -ragged -offset indent 263reads a previously dumped database, and re-creates that database from scratch 264.Ed 265.Pp 266.Nm merge 267.Ar file 268.Pp 269.Bd -ragged -offset indent 270similar to 271.Nm list 272but just modifies the database with the entries in the dump file 273.Ed 274.Pp 275.Ed 276.\".Sh ENVIRONMENT 277.\".Sh FILES 278.\".Sh EXAMPLES 279.\".Sh DIAGNOSTICS 280.Sh SEE ALSO 281.Xr kadmind 8 , 282.Xr kdc 8 283.\".Sh STANDARDS 284.\".Sh HISTORY 285.\".Sh AUTHORS 286.\".Sh BUGS 287