03656ac1b0
the "core" Kerberos functionality. The rest of the userland will get their own changes later.
177 lines
4.4 KiB
Groff
177 lines
4.4 KiB
Groff
.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <mit-copyright.h>.
|
|
.\"
|
|
.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kadmin \- network utility for Kerberos database administration
|
|
.SH SYNOPSIS
|
|
.B kadmin [-u user] [-r default_realm] [-m] [-t]
|
|
.SH DESCRIPTION
|
|
This utility provides a unified administration interface to
|
|
the
|
|
Kerberos
|
|
master database.
|
|
Kerberos
|
|
administrators
|
|
use
|
|
.I kadmin
|
|
to register new users and services to the master database,
|
|
and to change information about existing database entries.
|
|
For instance, an administrator can use
|
|
.I kadmin
|
|
to change a user's
|
|
Kerberos
|
|
password.
|
|
A Kerberos administrator is a user with an ``admin'' instance
|
|
whose name appears on one of the Kerberos administration access control
|
|
lists. If the \-u option is used,
|
|
.I user
|
|
will be used as the administrator instead of the local user.
|
|
If the \-r option is used,
|
|
.I default_realm
|
|
will be used as the default realm for transactions. Otherwise,
|
|
the local realm will be used by default.
|
|
If the \-m option is used, multiple requests will be permitted
|
|
on only one entry of the admin password. Some sites won't
|
|
support this option. The \-t option is used to tell kadmin to use the
|
|
existing ticket file instead of creating a new one.
|
|
|
|
The
|
|
.I kadmin
|
|
program communicates over the network with the
|
|
.I kadmind
|
|
program, which runs on the machine housing the Kerberos master
|
|
database.
|
|
The
|
|
.I kadmind
|
|
creates new entries and makes modifications to the database.
|
|
|
|
When you enter the
|
|
.I kadmin
|
|
command,
|
|
the program displays a message that welcomes you and explains
|
|
how to ask for help.
|
|
Then
|
|
.I kadmin
|
|
waits for you to enter commands (which are described below).
|
|
It then asks you for your
|
|
.I admin
|
|
password before accessing the database.
|
|
|
|
All commands can be abbreviated as long as they are unique. Some
|
|
short versions of the commands are also recognized for backwards
|
|
compatibility.
|
|
|
|
Use the
|
|
.I add_new_key
|
|
(or
|
|
.I ank
|
|
for short)
|
|
command to register a new principal
|
|
with the master database.
|
|
The command requires one argument,
|
|
the principal's name. The name
|
|
given can be fully qualified using
|
|
the standard
|
|
.I name.instance@realm
|
|
convention.
|
|
You are asked to enter your
|
|
.I admin
|
|
password,
|
|
then prompted twice to enter the principal's
|
|
new password. If no realm is specified,
|
|
the local realm is used unless another was
|
|
given on the commandline with the \-r flag.
|
|
If no instance is
|
|
specified, a null instance is used. If
|
|
a realm other than the default realm is specified,
|
|
you will need to supply your admin password for
|
|
the other realm.
|
|
|
|
Use the
|
|
.I change_password (cpw)
|
|
to change a principal's
|
|
Kerberos
|
|
password.
|
|
The command requires one argument,
|
|
the principal's
|
|
name.
|
|
You are asked to enter your
|
|
.I admin
|
|
password,
|
|
then prompted twice to enter the principal's new password.
|
|
The name
|
|
given can be fully qualified using
|
|
the standard
|
|
.I name.instance@realm
|
|
convention.
|
|
|
|
Use the
|
|
.I change_key (ckey)
|
|
if you have a need to change the raw key of a particular principal.
|
|
In other words, if you do not want to input a DES key instead of a
|
|
password that will get converted into a DES key.
|
|
|
|
Use the
|
|
.I change_admin_password (cap)
|
|
to change your
|
|
.I admin
|
|
instance password.
|
|
This command requires no arguments.
|
|
It prompts you for your old
|
|
.I admin
|
|
password, then prompts you twice to enter the new
|
|
.I admin
|
|
password. If this is your first command,
|
|
the default realm is used. Otherwise, the realm
|
|
used in the last command is used.
|
|
|
|
Use the
|
|
.I del_entry (del)
|
|
to remove an entry from the kerberos database.
|
|
|
|
Use the
|
|
.I mod_entry (mod)
|
|
to modify a particular entry, for example to change the expire date.
|
|
|
|
Use the
|
|
.I destroy_tickets (dest)
|
|
command to destroy your admin tickets explicitly.
|
|
|
|
Use the
|
|
.I list_requests (lr)
|
|
command to get a list of possible commands.
|
|
|
|
Use the
|
|
.I help
|
|
command to display
|
|
.IR kadmin's
|
|
various help messages.
|
|
If entered without an argument,
|
|
.I help
|
|
displays a general help message.
|
|
You can get detailed information on specific
|
|
.I kadmin
|
|
commands
|
|
by entering
|
|
.I help
|
|
.IR command_name .
|
|
|
|
To quit the program, type
|
|
.IR quit .
|
|
|
|
.SH BUGS
|
|
The user interface is primitive, and the command names could be better.
|
|
|
|
.SH "SEE ALSO"
|
|
kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
|
|
.br
|
|
``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
|
|
.SH AUTHORS
|
|
Jeffrey I. Schiller, MIT Project Athena
|
|
.br
|
|
Emanuel Jay Berkenbilt, MIT Project Athena
|