1.\" $Id: kadmin.8,v 1.5 2001/06/08 21:27:57 joda Exp $ 2.\" 3.Dd September 10, 2000 4.Dt KADMIN 8 5.Os HEIMDAL 6.Sh NAME 7.Nm kadmin 8.Nd Kerberos administration utility 9.Sh SYNOPSIS 10.Nm 11.Oo Fl p Ar string \*(Ba Xo 12.Fl -principal= Ns Ar string 13.Xc 14.Oc 15.Oo Fl K Ar string \*(Ba Xo 16.Fl -keytab= Ns Ar string 17.Xc 18.Oc 19.Oo Fl c Ar file \*(Ba Xo 20.Fl -config-file= Ns Ar file 21.Xc 22.Oc 23.Oo Fl k Ar file \*(Ba Xo 24.Fl -key-file= Ns Ar file 25.Xc 26.Oc 27.Oo Fl r Ar realm \*(Ba Xo 28.Fl -realm= Ns Ar realm 29.Xc 30.Oc 31.Oo Fl a Ar host \*(Ba Xo 32.Fl -admin-server= Ns Ar host 33.Xc 34.Oc 35.Oo Fl s Ar port number \*(Ba Xo 36.Fl -server-port= Ns Ar port number 37.Xc 38.Oc 39.Op Fl l | Fl -local 40.Op Fl h | Fl -help 41.Op Fl v | Fl -version 42.Op Ar command 43.Sh DESCRIPTION 44The 45.Nm 46program is used to make modification to the Kerberos database, either remotely via the 47.Xr kadmind 8 48daemon, or locally (with the 49.Fl l 50option). 51.Pp 52Supported options: 53.Bl -tag -width Ds 54.It Xo 55.Fl p Ar string Ns , 56.Fl -principal= Ns Ar string 57.Xc 58principal to authenticate as 59.It Xo 60.Fl K Ar string Ns , 61.Fl -keytab= Ns Ar string 62.Xc 63keytab for authentication pricipal 64.It Xo 65.Fl c Ar file Ns , 66.Fl -config-file= Ns Ar file 67.Xc 68location of config file 69.It Xo 70.Fl k Ar file Ns , 71.Fl -key-file= Ns Ar file 72.Xc 73location of master key file 74.It Xo 75.Fl r Ar realm Ns , 76.Fl -realm= Ns Ar realm 77.Xc 78realm to use 79.It Xo 80.Fl a Ar host Ns , 81.Fl -admin-server= Ns Ar host 82.Xc 83server to contact 84.It Xo 85.Fl s Ar port number Ns , 86.Fl -server-port= Ns Ar port number 87.Xc 88port to use 89.It Xo 90.Fl l Ns , 91.Fl -local 92.Xc 93local admin mode 94.El 95.Pp 96If no 97.Ar command 98is given on the command line, 99.Nm 100will prompt for commands to process. Commands include: 101.\" not using a list here, since groff apparently gets confused 102.\" with nested Xo/Xc 103.Bd -ragged -offset indent 104.Nm add 105.Op Fl r | Fl -random-key 106.Op Fl -random-password 107.Oo Fl p Ar string \*(Ba Xo 108.Fl -password= Ns Ar string 109.Xc 110.Oc 111.Op Fl -key= Ns Ar string 112.Op Fl -max-ticket-life= Ns Ar lifetime 113.Op Fl -max-renewable-life= Ns Ar lifetime 114.Op Fl -attributes= Ns Ar attributes 115.Op Fl -expiration-time= Ns Ar time 116.Op Fl -pw-expiration-time= Ns Ar time 117.Ar principal... 118.Pp 119.Bd -ragged -offset indent 120creates a new principal 121.Ed 122.Pp 123.Nm passwd 124.Op Fl r | Fl -random-key 125.Op Fl -random-password 126.Oo Fl p Ar string \*(Ba Xo 127.Fl -password= Ns Ar string 128.Xc 129.Oc 130.Op Fl -key= Ns Ar string 131.Ar principal... 132.Pp 133.Bd -ragged -offset indent 134changes the password of an existing principal 135.Ed 136.Pp 137.Nm delete 138.Ar principal... 139.Pp 140.Bd -ragged -offset indent 141removes a principal 142.Ed 143.Pp 144.Nm del_enctype 145.Ar principal enctypes... 146.Pp 147.Bd -ragged -offset indent 148removes some enctypes from a principal, this can be useful the service 149belonging to the principal is known to not handle certain enctypes 150.Ed 151.Pp 152.Nm ext_keytab 153.Oo Fl k Ar string \*(Ba Xo 154.Fl -keytab= Ns Ar string 155.Xc 156.Oc 157.Ar principal... 158.Pp 159.Bd -ragged -offset indent 160creates a keytab with the keys of the specified principals 161.Ed 162.Pp 163.Nm get 164.Op Fl l | Fl -long 165.Op Fl s | Fl -short 166.Op Fl t | Fl -terse 167.Ar expression... 168.Pp 169.Bd -ragged -offset indent 170lists the principals that match the expressions (which are shell glob 171like), long format gives more information, and terse just prints the 172names 173.Ed 174.Pp 175.Nm rename 176.Ar from to 177.Pp 178.Bd -ragged -offset indent 179renames a principal 180.Ed 181.Pp 182.Nm modify 183.Oo Fl a Ar attributes \*(Ba Xo 184.Fl -attributes= Ns Ar attributes 185.Xc 186.Oc 187.Op Fl -max-ticket-life= Ns Ar lifetime 188.Op Fl -max-renewable-life= Ns Ar lifetime 189.Op Fl -expiration-time= Ns Ar time 190.Op Fl -pw-expiration-time= Ns Ar time 191.Op Fl -kvno= Ns Ar number 192.Ar principal 193.Pp 194.Bd -ragged -offset indent 195modifies certain attributes of a principal 196.Ed 197.Pp 198.Nm privileges 199.Pp 200.Bd -ragged -offset indent 201lists the operations you are allowd to perform 202.Ed 203.Pp 204.Ed 205.Pp 206When running in local mode, the following commands can also be used. 207.Bd -ragged -offset indent 208.Nm dump 209.Op Fl d | Fl -decrypt 210.Op Ar dump-file 211.Pp 212.Bd -ragged -offset indent 213writes the database in 214.Dq human readable 215form to the specified file, or standard out 216.Ed 217.Pp 218.Nm init 219.Op Fl -realm-max-ticket-life= Ns Ar string 220.Op Fl -realm-max-renewable-life= Ns Ar string 221.Ar realm 222.Pp 223.Bd -ragged -offset indent 224initialises the Kerberos database with entries for a new realm, it's 225possible to have more than one realm served by one server 226.Ed 227.Pp 228.Nm load 229.Ar file 230.Pp 231.Bd -ragged -offset indent 232reads a previously dumped database, and re-creates that database from scratch 233.Ed 234.Pp 235.Nm merge 236.Ar file 237.Pp 238.Bd -ragged -offset indent 239similar to 240.Nm list 241but just modifies the database with the entries in the dump file 242.Ed 243.Pp 244.Ed 245.\".Sh ENVIRONMENT 246.\".Sh FILES 247.\".Sh EXAMPLES 248.\".Sh DIAGNOSTICS 249.Sh SEE ALSO 250.Xr kadmind 8 , 251.Xr kdc 8 252.\".Sh STANDARDS 253.\".Sh HISTORY 254.\".Sh AUTHORS 255.\".Sh BUGS 256