Main index | Section 8 | Options |
Supported options:
| |
principal to authenticate as | |
| |
keytab for authentication principal | |
| |
location of config file | |
| |
location of master key file | |
| |
realm to use | |
| |
server to contact | |
| |
port to use | |
| |
local admin mode | |
If no command is given on the command line, kadmin will prompt for commands to process. Some of the commands that take one or more principals as argument ( delete, ext_keytab, get, modify, and passwd) will accept a glob style wildcard, and perform the operation on all matching principals.
Commands include:
add
[
add_enctype
[
Adds a new encryption type to the principal, only random key are supported.
delete principal... Removes a principal.
del_enctype principal enctypes... Removes some enctypes from a principal; this can be useful if the service belonging to the principal is known to not handle certain enctypes.
ext_keytab
[
get
[
The default terse output format is similar to
Possible column names include: principal, princ_expire_time, pw_expiration, last_pwd_change, max_life, max_rlife, mod_time, mod_name, attributes, kvno, mkvno, last_success, last_failed, fail_auth_count, policy, and keytypes.
modify
[
Possible attributes are: new-princ, support-desmd5, pwchange-service, disallow-svr, requires-pw-change, requires-hw-auth, requires-pre-auth, disallow-all-tix, disallow-dup-skey, disallow-proxiable, disallow-renewable, disallow-tgt-based, disallow-forwardable, disallow-postdated
Attributes may be negated with a "-", e.g.,
kadmin -l modify -a -disallow-proxiable user
passwd
[
password-quality principal password Run the password quality check function locally. You can run this on the host that is configured to run the kadmind process to verify that your configuration file is correct. The verification is done locally, if kadmin is run in remote mode, no rpc call is done to the server.
privileges Lists the operations you are allowed to perform. These include add, add_enctype, change-password, delete, del_enctype, get, list, and modify.
rename from to Renames a principal. This is normally transparent, but since keys are salted with the principal name, they will have a non-standard salt, and clients which are unable to cope with this will fail. Kerberos 4 suffers from this.
check [realm]
Check database for strange configurations on important principals. If no realm is given, the default realm is used.
When running in local mode, the following commands can also be used:
dump
[
init
[
load file Reads a previously dumped database, and re-creates that database from scratch.
merge file Similar to load but just modifies the database with the entries in the dump file.
stash
[
HEIMDAL | KADMIN (8) | Feb 22, 2007 |
Main index | Section 8 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | LISP = Lots of Irritating Silly Parentheses | ” |