1.\" $Id: kadmin.8,v 1.2 2000/09/19 12:29:48 assar Exp $ 2.\" 3.Dd September 10, 2000 4.Dt KADMIN 8 5.Os HEIMDAL 6.Sh NAME 7.Nm kadmin 8.Nd 9Kerberos administration utility 10.Sh SYNOPSIS 11.Nm 12.Oo Fl p Ar string \*(Ba Xo 13.Fl -principal= Ns Ar string Oc 14.Xc 15.Oo Fl c Ar file \*(Ba Xo 16.Fl -config-file= Ns Ar file Oc 17.Xc 18.Oo Fl k Ar file \*(Ba Xo 19.Fl -key-file= Ns Ar file Oc 20.Xc 21.Oo Fl r Ar realm \*(Ba Xo 22.Fl -realm= Ns Ar realm Oc 23.Xc 24.Oo Fl a Ar host \*(Ba Xo 25.Fl -admin-server= Ns Ar host Oc 26.Xc 27.Oo Fl s Ar port number \*(Ba Xo 28.Fl -server-port= Ns Ar port number Oc 29.Xc 30.Op Fl l | Fl -local 31.Op Fl h | Fl -help 32.Op Fl v | Fl -version 33.Op Ar command 34.Sh DESCRIPTION 35The 36.Nm 37program is used to make modification to the Kerberos database, either remotely via the 38.Xr kadmind 8 39daemon, or locally (with the 40.Fl l 41option). 42.Pp 43Supported options: 44.Bl -tag -width Ds 45.It Xo 46.Fl p Ar string Ns , 47.Fl -principal= Ns Ar string 48.Xc 49principal to authenticate as 50.It Xo 51.Fl c Ar file Ns , 52.Fl -config-file= Ns Ar file 53.Xc 54location of config file 55.It Xo 56.Fl k Ar file Ns , 57.Fl -key-file= Ns Ar file 58.Xc 59location of master key file 60.It Xo 61.Fl r Ar realm Ns , 62.Fl -realm= Ns Ar realm 63.Xc 64realm to use 65.It Xo 66.Fl a Ar host Ns , 67.Fl -admin-server= Ns Ar host 68.Xc 69server to contact 70.It Xo 71.Fl s Ar port number Ns , 72.Fl -server-port= Ns Ar port number 73.Xc 74port to use 75.It Xo 76.Fl l Ns , 77.Fl -local 78.Xc 79local admin mode 80.El 81.Pp 82If no 83.Ar command 84is given on the command line, 85.Nm 86will prompt for commands to process. Commands include: 87.\" not using a list here, since groff apparently gets confused 88.\" with nested Xo/Xc 89.Bd -ragged -offset indent 90.Nm add 91.Op Fl r | Fl -random-key 92.Op Fl -random-password 93.Oo Fl p Ar string \*(Ba Xo 94.Fl -password= Ns Ar string Oc 95.Xc 96.Op Fl -key= Ns Ar string 97.Op Fl -max-ticket-life= Ns Ar lifetime 98.Op Fl -max-renewable-life= Ns Ar lifetime 99.Op Fl -attributes= Ns Ar attributes 100.Op Fl -expiration-time= Ns Ar time 101.Op Fl -pw-expiration-time= Ns Ar time 102.Ar principal... 103.Pp 104.Bd -filled -offset indent 105creates a new principal 106.Ed 107.Pp 108.Nm passwd 109.Op Fl r | Fl -random-key 110.Op Fl -random-password 111.Oo Fl p Ar string \*(Ba Xo 112.Fl -password= Ns Ar string Oc 113.Xc 114.Op Fl -key= Ns Ar string 115.Ar principal... 116.Pp 117.Bd -filled -offset indent 118changes the password of an existing principal 119.Ed 120.Pp 121.Nm delete 122.Ar principal... 123.Pp 124.Bd -filled -offset indent 125removes a principal 126.Ed 127.Pp 128.Nm del_enctype 129.Ar principal enctypes... 130.Pp 131.Bd -filled -offset indent 132removes some enctypes from a principal, this can be useful the service 133belonging to the principal is known to not handle certain enctypes 134.Ed 135.Pp 136.Nm ext_keytab 137.Oo Fl k Ar string \*(Ba Xo 138.Fl -keytab= Ns Ar string Oc 139.Xc 140.Ar principal... 141.Pp 142.Bd -filled -offset indent 143creates a keytab with the keys of the specified principals 144.Ed 145.Pp 146.Nm get 147.Op Fl l | Fl -long 148.Op Fl s | Fl -short 149.Op Fl t | Fl -terse 150.Ar expression... 151.Pp 152.Bd -filled -offset indent 153lists the principals that match the expressions (which are shell glob 154like), long format gives more information, and terse just prints the 155names 156.Ed 157.Pp 158.Nm rename 159.Ar from to 160.Pp 161.Bd -filled -offset indent 162renames a principal 163.Ed 164.Pp 165.Nm modify 166.Oo Fl a Ar attributes \*(Ba Xo 167.Fl -attributes= Ns Ar attributes Oc 168.Xc 169.Op Fl -max-ticket-life= Ns Ar lifetime 170.Op Fl -max-renewable-life= Ns Ar lifetime 171.Op Fl -expiration-time= Ns Ar time 172.Op Fl -pw-expiration-time= Ns Ar time 173.Op Fl -kvno= Ns Ar number 174.Ar principal 175.Pp 176.Bd -filled -offset indent 177modifies certain attributes of a principal 178.Ed 179.Pp 180.Nm privileges 181.Pp 182.Bd -filled -offset indent 183lists the operations you are allowd to perform 184.Ed 185.Pp 186.Ed 187 188When running in local mode, the following commands can also be used. 189 190.Bd -ragged -offset indent 191.Nm dump 192.Op Fl d | Fl -decrypt 193.Op Ar dump-file 194.Pp 195.Bd -filled -offset indent 196writes the database in 197.Dq human readable 198form to the specified file, or standard out 199.Ed 200.Pp 201.Nm init 202.Op Fl -realm-max-ticket-life= Ns Ar string 203.Op Fl -realm-max-renewable-life= Ns Ar string 204.Ar realm 205.Pp 206.Bd -filled -offset indent 207initialises the Kerberos database with entries for a new realm, it's 208possible to have more than one realm served by one server 209.Ed 210.Pp 211.Nm load 212.Ar file 213.Pp 214.Bd -filled -offset indent 215reads a previously dumped database, and re-creates that database from scratch 216.Ed 217.Pp 218.Nm merge 219.Ar file 220.Pp 221.Bd -filled -offset indent 222similar to 223.Nm list 224but just modifies the database with the entries in the dump file 225.Ed 226.Pp 227.Ed 228 229.\".Sh ENVIRONMENT 230.\".Sh FILES 231.\".Sh EXAMPLES 232.\".Sh DIAGNOSTICS 233.Sh SEE ALSO 234.Xr kadmind 8 , 235.Xr kdc 8 236.\".Sh STANDARDS 237.\".Sh HISTORY 238.\".Sh AUTHORS 239.\".Sh BUGS 240