
KADMIN(8)                UNIX System Manager's Manual                KADMIN(8)

NNAAMMEE
     kkaaddmmiinn - Kerberos administration utility

SSYYNNOOPPSSIISS
     kkaaddmmiinn [--pp _s_t_r_i_n_g | ----pprriinncciippaall==_s_t_r_i_n_g] [--KK _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] [--cc
     _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e] [--rr _r_e_a_l_m |
     ----rreeaallmm==_r_e_a_l_m] [--aa _h_o_s_t | ----aaddmmiinn--sseerrvveerr==_h_o_s_t] [--ss _p_o_r_t _n_u_m_b_e_r |
     ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r] [--ll | ----llooccaall] [--hh | ----hheellpp] [--vv | ----vveerrssiioonn]
     [_c_o_m_m_a_n_d]

DDEESSCCRRIIPPTTIIOONN
     The kkaaddmmiinn program is used to make modifications to the Kerberos
     database, either remotely via the kadmind(8) daemon, or locally (with the
     --ll option).

     Supported options:

     --pp _s_t_r_i_n_g, ----pprriinncciippaall==_s_t_r_i_n_g
             principal to authenticate as

     --KK _s_t_r_i_n_g, ----kkeeyyttaabb==_s_t_r_i_n_g
             keytab for authentication principal

     --cc _f_i_l_e, ----ccoonnffiigg--ffiillee==_f_i_l_e
             location of config file

     --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
             location of master key file

     --rr _r_e_a_l_m, ----rreeaallmm==_r_e_a_l_m
             realm to use

     --aa _h_o_s_t, ----aaddmmiinn--sseerrvveerr==_h_o_s_t
             server to contact

     --ss _p_o_r_t _n_u_m_b_e_r, ----sseerrvveerr--ppoorrtt==_p_o_r_t _n_u_m_b_e_r
             port to use

     --ll, ----llooccaall
             local admin mode

     If no _c_o_m_m_a_n_d is given on the command line, kkaaddmmiinn will prompt for com-
     mands to process. Commands include:

           aadddd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e]
           [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e] [----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e] _p_r_i_n_c_i_p_a_l_._._.

                 creates a new principal

           ppaasssswwdd [--rr | ----rraannddoomm--kkeeyy] [----rraannddoomm--ppaasssswwoorrdd] [--pp _s_t_r_i_n_g |
           ----ppaasssswwoorrdd==_s_t_r_i_n_g] [----kkeeyy==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.

                 changes the password of an existing principal

           ddeelleettee _p_r_i_n_c_i_p_a_l_._._.

                 removes a principal

           ddeell__eennccttyyppee _p_r_i_n_c_i_p_a_l _e_n_c_t_y_p_e_s_._._.


                 removes some enctypes from a principal. This can be useful
                 the service belonging to the principal is known to not handle
                 certain enctypes

           eexxtt__kkeeyyttaabb [--kk _s_t_r_i_n_g | ----kkeeyyttaabb==_s_t_r_i_n_g] _p_r_i_n_c_i_p_a_l_._._.

                 creates a keytab with the keys of the specified principals

           ggeett [--ll | ----lloonngg] [--ss | ----sshhoorrtt] [--tt | ----tteerrssee] _e_x_p_r_e_s_s_i_o_n_._._.

                 lists the principals that match the expressions (which are
                 shell glob like), long format gives more information, and
                 terse just prints the names

           rreennaammee _f_r_o_m _t_o

                 renames a principal

           mmooddiiffyy [--aa _a_t_t_r_i_b_u_t_e_s | ----aattttrriibbuutteess==_a_t_t_r_i_b_u_t_e_s]
           [----mmaaxx--ttiicckkeett--lliiffee==_l_i_f_e_t_i_m_e] [----mmaaxx--rreenneewwaabbllee--lliiffee==_l_i_f_e_t_i_m_e]
           [----eexxppiirraattiioonn--ttiimmee==_t_i_m_e] [----ppww--eexxppiirraattiioonn--ttiimmee==_t_i_m_e]
           [----kkvvnnoo==_n_u_m_b_e_r] _p_r_i_n_c_i_p_a_l

                 modifies certain attributes of a principal

           pprriivviilleeggeess

                 lists the operations you are allowed to perform

     When running in local mode, the following commands can also be used:

           dduummpp [--dd | ----ddeeccrryypptt] [_d_u_m_p_-_f_i_l_e]

                 writes the database in ``human readable'' form to the speci-
                 fied file, or standard out

           iinniitt [----rreeaallmm--mmaaxx--ttiicckkeett--lliiffee==_s_t_r_i_n_g]
           [----rreeaallmm--mmaaxx--rreenneewwaabbllee--lliiffee==_s_t_r_i_n_g] _r_e_a_l_m

                 initializes the Kerberos database with entries for a new
                 realm. It's possible to have more than one realm served by
                 one server

           llooaadd _f_i_l_e

                 reads a previously dumped database, and re-creates that
                 database from scratch

           mmeerrggee _f_i_l_e

                 similar to lliisstt but just modifies the database with the en-
                 tries in the dump file

SSEEEE AALLSSOO
     kadmind(8),  kdc(8)

 HEIMDAL                      September 10, 2000                             2