1 .\" Copyright (c) 2000 - 2003 Kungliga Tekniska Högskolan
2 .\" (Royal Institute of Technology, Stockholm, Sweden).
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the Institute nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" $Id: kadmin.8,v 1.10 2003/03/31 10:42:32 lha Exp $
34 .Dd September 10, 2000
39 .Nd Kerberos administration utility
42 .Oo Fl p Ar string \*(Ba Xo
43 .Fl -principal= Ns Ar string
46 .Oo Fl K Ar string \*(Ba Xo
47 .Fl -keytab= Ns Ar string
50 .Oo Fl c Ar file \*(Ba Xo
51 .Fl -config-file= Ns Ar file
54 .Oo Fl k Ar file \*(Ba Xo
55 .Fl -key-file= Ns Ar file
58 .Oo Fl r Ar realm \*(Ba Xo
59 .Fl -realm= Ns Ar realm
62 .Oo Fl a Ar host \*(Ba Xo
63 .Fl -admin-server= Ns Ar host
66 .Oo Fl s Ar port number \*(Ba Xo
67 .Fl -server-port= Ns Ar port number
72 .Op Fl v | Fl -version
77 program is used to make modifications to the Kerberos database, either remotely via the
79 daemon, or locally (with the
87 .Fl -principal= Ns Ar string
89 principal to authenticate as
92 .Fl -keytab= Ns Ar string
94 keytab for authentication principal
97 .Fl -config-file= Ns Ar file
99 location of config file
102 .Fl -key-file= Ns Ar file
104 location of master key file
107 .Fl -realm= Ns Ar realm
112 .Fl -admin-server= Ns Ar host
116 .Fl s Ar port number ,
117 .Fl -server-port= Ns Ar port number
129 is given on the command line,
131 will prompt for commands to process. Commands include:
132 .\" not using a list here, since groff apparently gets confused
133 .\" with nested Xo/Xc
134 .Bd -ragged -offset indent
136 .Op Fl r | Fl -random-key
137 .Op Fl -random-password
138 .Oo Fl p Ar string \*(Ba Xo
139 .Fl -password= Ns Ar string
142 .Op Fl -key= Ns Ar string
143 .Op Fl -max-ticket-life= Ns Ar lifetime
144 .Op Fl -max-renewable-life= Ns Ar lifetime
145 .Op Fl -attributes= Ns Ar attributes
146 .Op Fl -expiration-time= Ns Ar time
147 .Op Fl -pw-expiration-time= Ns Ar time
150 .Bd -ragged -offset indent
151 creates a new principal
155 .Op Fl r | Fl -random-key
156 .Op Fl -random-password
157 .Oo Fl p Ar string \*(Ba Xo
158 .Fl -password= Ns Ar string
161 .Op Fl -key= Ns Ar string
164 .Bd -ragged -offset indent
165 changes the password of an existing principal
171 .Bd -ragged -offset indent
176 .Ar principal enctypes...
178 .Bd -ragged -offset indent
179 removes some enctypes from a principal. This can be useful the service
180 belonging to the principal is known to not handle certain enctypes
184 .Oo Fl k Ar string \*(Ba Xo
185 .Fl -keytab= Ns Ar string
190 .Bd -ragged -offset indent
191 creates a keytab with the keys of the specified principals
200 .Bd -ragged -offset indent
201 lists the principals that match the expressions (which are shell glob
202 like), long format gives more information, and terse just prints the
209 .Bd -ragged -offset indent
214 .Oo Fl a Ar attributes \*(Ba Xo
215 .Fl -attributes= Ns Ar attributes
218 .Op Fl -max-ticket-life= Ns Ar lifetime
219 .Op Fl -max-renewable-life= Ns Ar lifetime
220 .Op Fl -expiration-time= Ns Ar time
221 .Op Fl -pw-expiration-time= Ns Ar time
222 .Op Fl -kvno= Ns Ar number
225 .Bd -ragged -offset indent
226 modifies certain attributes of a principal
231 .Bd -ragged -offset indent
232 lists the operations you are allowed to perform
237 When running in local mode, the following commands can also be used:
238 .Bd -ragged -offset indent
240 .Op Fl d | Fl -decrypt
243 .Bd -ragged -offset indent
244 writes the database in
246 form to the specified file, or standard out
250 .Op Fl -realm-max-ticket-life= Ns Ar string
251 .Op Fl -realm-max-renewable-life= Ns Ar string
254 .Bd -ragged -offset indent
255 initializes the Kerberos database with entries for a new realm. It's
256 possible to have more than one realm served by one server
262 .Bd -ragged -offset indent
263 reads a previously dumped database, and re-creates that database from scratch
269 .Bd -ragged -offset indent
272 but just modifies the database with the entries in the dump file