1 .\" $Id: kadmin.8,v 1.6 1998/12/18 16:56:29 assar Exp $
2 .\" Copyright 1989 by the Massachusetts Institute of Technology.
4 .\" For copying and distribution information,
5 .\" please see the file <mit-copyright.h>.
12 .Nd "network utility for Kerberos database administration"
26 This utility provides a unified administration interface to the
27 Kerberos master database. Kerberos administrators use
29 to register new users and services to the master database, and to
30 change information about existing database entries, such as changing a
31 user's Kerberos password. A Kerberos administrator is a user with an
33 instance whose name appears on one of the Kerberos administration
39 This is the adminstrator principal to use when talking to the Kadmin
40 server. The default is taken from the users environment.
42 This is the default realm to use for transactions. Default is the
47 but specifies a name, that gets appended with a
51 To prevent someone from walking up to an unguarded terminal and doing
52 malicious things, administrator tickets are destroyed after a period
53 of inactivity. This flag changes the timeout from the default of one
54 minute. A timeout of zero seconds disables this functionality.
58 destroyed tickets after every command; this flag used to stop this
59 behaviour (only destroying tickets upon exit). Now it's just a synonym
63 Use existing tickets (if any are available), this also disbles
64 timeout, and doesn't destroy any tickets upon exit.
66 These tickets have to be for the changepw.kerberos service. Use
73 program communicates over the network with the
75 program, which runs on the machine housing the Kerberos master
76 database, and does the actual modifications to the database.
80 command, the program displays a message that welcomes you and explains
81 how to ask for help. Then
83 waits for you to enter commands (which are described below). It then
84 asks you for your administrator's password before accessing the
87 All commands can be abbreviated as long as they are unique. Some
88 short versions of the commands are also recognized for backwards
93 .It add_new_key Ar principal
94 Creates a new principal in the Kerberos database. You give the name of
95 the new principal as an argument. You will then be asked for a maximum
96 ticket lifetime, attributes, the expiration date of the principal, and
97 finally the password of the principal.
98 .It change_password Ar principal
99 Changes a principal's password. You will be prompted for the new
101 .It change_key Ar principal
102 This is the same as change_password, but the password is given as a
103 raw DES key (for the few occations when you need this).
104 .It change_admin_password
105 Changes your own admin password. It will prompt you for you old and
107 .It del_entry Ar principal
108 Removes principal from the database.
109 .It get_entry Ar principal
110 Show various information for the given principal. Note that the key is
112 .It mod_entry Ar principal
113 Modifies a particular entry, for instance to change the expiration
116 Destroys your admin tickets explicitly.
133 Jeffrey I. Schiller, MIT Project Athena
135 Emanuel Jay Berkenbilt, MIT Project Athena
137 The user interface is primitive, and the command names could be