1 .\" $Id: kadmin.8,v 1.7 2002/08/20 17:07:11 joda Exp $
8 .Nd Kerberos administration utility
11 .Oo Fl p Ar string \*(Ba Xo
12 .Fl -principal= Ns Ar string
15 .Oo Fl K Ar string \*(Ba Xo
16 .Fl -keytab= Ns Ar string
19 .Oo Fl c Ar file \*(Ba Xo
20 .Fl -config-file= Ns Ar file
23 .Oo Fl k Ar file \*(Ba Xo
24 .Fl -key-file= Ns Ar file
27 .Oo Fl r Ar realm \*(Ba Xo
28 .Fl -realm= Ns Ar realm
31 .Oo Fl a Ar host \*(Ba Xo
32 .Fl -admin-server= Ns Ar host
35 .Oo Fl s Ar port number \*(Ba Xo
36 .Fl -server-port= Ns Ar port number
41 .Op Fl v | Fl -version
46 program is used to make modification to the Kerberos database, either remotely via the
48 daemon, or locally (with the
56 .Fl -principal= Ns Ar string
58 principal to authenticate as
61 .Fl -keytab= Ns Ar string
63 keytab for authentication pricipal
66 .Fl -config-file= Ns Ar file
68 location of config file
71 .Fl -key-file= Ns Ar file
73 location of master key file
76 .Fl -realm= Ns Ar realm
81 .Fl -admin-server= Ns Ar host
85 .Fl s Ar port number ,
86 .Fl -server-port= Ns Ar port number
98 is given on the command line,
100 will prompt for commands to process. Commands include:
101 .\" not using a list here, since groff apparently gets confused
102 .\" with nested Xo/Xc
103 .Bd -ragged -offset indent
105 .Op Fl r | Fl -random-key
106 .Op Fl -random-password
107 .Oo Fl p Ar string \*(Ba Xo
108 .Fl -password= Ns Ar string
111 .Op Fl -key= Ns Ar string
112 .Op Fl -max-ticket-life= Ns Ar lifetime
113 .Op Fl -max-renewable-life= Ns Ar lifetime
114 .Op Fl -attributes= Ns Ar attributes
115 .Op Fl -expiration-time= Ns Ar time
116 .Op Fl -pw-expiration-time= Ns Ar time
119 .Bd -ragged -offset indent
120 creates a new principal
124 .Op Fl r | Fl -random-key
125 .Op Fl -random-password
126 .Oo Fl p Ar string \*(Ba Xo
127 .Fl -password= Ns Ar string
130 .Op Fl -key= Ns Ar string
133 .Bd -ragged -offset indent
134 changes the password of an existing principal
140 .Bd -ragged -offset indent
145 .Ar principal enctypes...
147 .Bd -ragged -offset indent
148 removes some enctypes from a principal, this can be useful the service
149 belonging to the principal is known to not handle certain enctypes
153 .Oo Fl k Ar string \*(Ba Xo
154 .Fl -keytab= Ns Ar string
159 .Bd -ragged -offset indent
160 creates a keytab with the keys of the specified principals
169 .Bd -ragged -offset indent
170 lists the principals that match the expressions (which are shell glob
171 like), long format gives more information, and terse just prints the
178 .Bd -ragged -offset indent
183 .Oo Fl a Ar attributes \*(Ba Xo
184 .Fl -attributes= Ns Ar attributes
187 .Op Fl -max-ticket-life= Ns Ar lifetime
188 .Op Fl -max-renewable-life= Ns Ar lifetime
189 .Op Fl -expiration-time= Ns Ar time
190 .Op Fl -pw-expiration-time= Ns Ar time
191 .Op Fl -kvno= Ns Ar number
194 .Bd -ragged -offset indent
195 modifies certain attributes of a principal
200 .Bd -ragged -offset indent
201 lists the operations you are allowd to perform
206 When running in local mode, the following commands can also be used.
207 .Bd -ragged -offset indent
209 .Op Fl d | Fl -decrypt
212 .Bd -ragged -offset indent
213 writes the database in
215 form to the specified file, or standard out
219 .Op Fl -realm-max-ticket-life= Ns Ar string
220 .Op Fl -realm-max-renewable-life= Ns Ar string
223 .Bd -ragged -offset indent
224 initialises the Kerberos database with entries for a new realm, it's
225 possible to have more than one realm served by one server
231 .Bd -ragged -offset indent
232 reads a previously dumped database, and re-creates that database from scratch
238 .Bd -ragged -offset indent
241 but just modifies the database with the entries in the dump file