1.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $ 2.\" 3.Dd September 10, 2000 4.Dt KADMIN 8 5.Os HEIMDAL 6.Sh NAME 7.Nm kadmin 8.Nd Kerberos administration utility 9.Sh SYNOPSIS 10.Nm 11.Oo Fl p Ar string \*(Ba Xo 12.Fl -principal= Ns Ar string Oc 13.Xc 14.Oo Fl c Ar file \*(Ba Xo 15.Fl -config-file= Ns Ar file Oc 16.Xc 17.Oo Fl k Ar file \*(Ba Xo 18.Fl -key-file= Ns Ar file Oc 19.Xc 20.Oo Fl r Ar realm \*(Ba Xo 21.Fl -realm= Ns Ar realm Oc 22.Xc 23.Oo Fl a Ar host \*(Ba Xo 24.Fl -admin-server= Ns Ar host Oc 25.Xc 26.Oo Fl s Ar port number \*(Ba Xo 27.Fl -server-port= Ns Ar port number Oc 28.Xc 29.Op Fl l | Fl -local 30.Op Fl h | Fl -help 31.Op Fl v | Fl -version 32.Op Ar command 33.Sh DESCRIPTION 34The 35.Nm 36program is used to make modification to the Kerberos database, either remotely via the 37.Xr kadmind 8 38daemon, or locally (with the 39.Fl l 40option). 41.Pp 42Supported options: 43.Bl -tag -width Ds 44.It Xo 45.Fl p Ar string Ns , 46.Fl -principal= Ns Ar string 47.Xc 48principal to authenticate as 49.It Xo 50.Fl c Ar file Ns , 51.Fl -config-file= Ns Ar file 52.Xc 53location of config file 54.It Xo 55.Fl k Ar file Ns , 56.Fl -key-file= Ns Ar file 57.Xc 58location of master key file 59.It Xo 60.Fl r Ar realm Ns , 61.Fl -realm= Ns Ar realm 62.Xc 63realm to use 64.It Xo 65.Fl a Ar host Ns , 66.Fl -admin-server= Ns Ar host 67.Xc 68server to contact 69.It Xo 70.Fl s Ar port number Ns , 71.Fl -server-port= Ns Ar port number 72.Xc 73port to use 74.It Xo 75.Fl l Ns , 76.Fl -local 77.Xc 78local admin mode 79.El 80.Pp 81If no 82.Ar command 83is given on the command line, 84.Nm 85will prompt for commands to process. Commands include: 86.\" not using a list here, since groff apparently gets confused 87.\" with nested Xo/Xc 88.Bd -ragged -offset indent 89.Nm add 90.Op Fl r | Fl -random-key 91.Op Fl -random-password 92.Oo Fl p Ar string \*(Ba Xo 93.Fl -password= Ns Ar string Oc 94.Xc 95.Op Fl -key= Ns Ar string 96.Op Fl -max-ticket-life= Ns Ar lifetime 97.Op Fl -max-renewable-life= Ns Ar lifetime 98.Op Fl -attributes= Ns Ar attributes 99.Op Fl -expiration-time= Ns Ar time 100.Op Fl -pw-expiration-time= Ns Ar time 101.Ar principal... 102.Pp 103.Bd -ragged -offset indent 104creates a new principal 105.Ed 106.Pp 107.Nm passwd 108.Op Fl r | Fl -random-key 109.Op Fl -random-password 110.Oo Fl p Ar string \*(Ba Xo 111.Fl -password= Ns Ar string Oc 112.Xc 113.Op Fl -key= Ns Ar string 114.Ar principal... 115.Pp 116.Bd -ragged -offset indent 117changes the password of an existing principal 118.Ed 119.Pp 120.Nm delete 121.Ar principal... 122.Pp 123.Bd -ragged -offset indent 124removes a principal 125.Ed 126.Pp 127.Nm del_enctype 128.Ar principal enctypes... 129.Pp 130.Bd -ragged -offset indent 131removes some enctypes from a principal, this can be useful the service 132belonging to the principal is known to not handle certain enctypes 133.Ed 134.Pp 135.Nm ext_keytab 136.Oo Fl k Ar string \*(Ba Xo 137.Fl -keytab= Ns Ar string Oc 138.Xc 139.Ar principal... 140.Pp 141.Bd -ragged -offset indent 142creates a keytab with the keys of the specified principals 143.Ed 144.Pp 145.Nm get 146.Op Fl l | Fl -long 147.Op Fl s | Fl -short 148.Op Fl t | Fl -terse 149.Ar expression... 150.Pp 151.Bd -ragged -offset indent 152lists the principals that match the expressions (which are shell glob 153like), long format gives more information, and terse just prints the 154names 155.Ed 156.Pp 157.Nm rename 158.Ar from to 159.Pp 160.Bd -ragged -offset indent 161renames a principal 162.Ed 163.Pp 164.Nm modify 165.Oo Fl a Ar attributes \*(Ba Xo 166.Fl -attributes= Ns Ar attributes Oc 167.Xc 168.Op Fl -max-ticket-life= Ns Ar lifetime 169.Op Fl -max-renewable-life= Ns Ar lifetime 170.Op Fl -expiration-time= Ns Ar time 171.Op Fl -pw-expiration-time= Ns Ar time 172.Op Fl -kvno= Ns Ar number 173.Ar principal 174.Pp 175.Bd -ragged -offset indent 176modifies certain attributes of a principal 177.Ed 178.Pp 179.Nm privileges 180.Pp 181.Bd -ragged -offset indent 182lists the operations you are allowd to perform 183.Ed 184.Pp 185.Ed 186.Pp 187When running in local mode, the following commands can also be used. 188.Bd -ragged -offset indent 189.Nm dump 190.Op Fl d | Fl -decrypt 191.Op Ar dump-file 192.Pp 193.Bd -ragged -offset indent 194writes the database in 195.Dq human readable 196form to the specified file, or standard out 197.Ed 198.Pp 199.Nm init 200.Op Fl -realm-max-ticket-life= Ns Ar string 201.Op Fl -realm-max-renewable-life= Ns Ar string 202.Ar realm 203.Pp 204.Bd -ragged -offset indent 205initialises the Kerberos database with entries for a new realm, it's 206possible to have more than one realm served by one server 207.Ed 208.Pp 209.Nm load 210.Ar file 211.Pp 212.Bd -ragged -offset indent 213reads a previously dumped database, and re-creates that database from scratch 214.Ed 215.Pp 216.Nm merge 217.Ar file 218.Pp 219.Bd -ragged -offset indent 220similar to 221.Nm list 222but just modifies the database with the entries in the dump file 223.Ed 224.Pp 225.Ed 226.\".Sh ENVIRONMENT 227.\".Sh FILES 228.\".Sh EXAMPLES 229.\".Sh DIAGNOSTICS 230.Sh SEE ALSO 231.Xr kadmind 8 , 232.Xr kdc 8 233.\".Sh STANDARDS 234.\".Sh HISTORY 235.\".Sh AUTHORS 236.\".Sh BUGS 237