freebsd-nq/eBones/kadmin/kadmin.8

.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $
.\" $Id: kadmin.8,v 1.2 1994/07/19 19:27:22 g89r4222 Exp $
.\" Copyright 1989 by the Massachusetts Institute of Technology.
.\"
.\" For copying and distribution information,
.\" please see the file <Copyright.MIT>.
.\"
.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
.SH NAME
kadmin \- network utility for Kerberos database administration
.SH SYNOPSIS
.B kadmin [-u user] [-r default_realm] [-m]
.SH DESCRIPTION
This utility provides a unified administration interface to
the
Kerberos
master database.
Kerberos
administrators
use
.I kadmin
to register new users and services to the master database,
and to change information about existing database entries.
For instance, an administrator can use
.I kadmin
to change a user's
Kerberos
password.
A Kerberos administrator is a user with an ``admin'' instance
whose name appears on one of the Kerberos administration access control
lists.  If the \-u option is used, 
.I user 
will be used as the administrator instead of the local user.
If the \-r option is used, 
.I default_realm
will be used as the default realm for transactions.  Otherwise,
the local realm will be used by default.
If the \-m option is used, multiple requests will be permitted 
on only one entry of the admin password.  Some sites won't
support this option.

The
.I kadmin
program communicates over the network with the
.I kadmind
program, which runs on the machine housing the Kerberos master
database.
The
.I kadmind
creates new entries and makes modifications to the database.

When you enter the
.I kadmin
command,
the program displays a message that welcomes you and explains
how to ask for help.
Then
.I kadmin
waits for you to enter commands (which are described below).
It then asks you for your
.I admin
password before accessing the database.

Use the
.I add_new_key
(or
.I ank
for short)
command to register a new principal
with the master database.
The command requires one argument,
the principal's name.  The name
given can be fully qualified using 
the standard 
.I name.instance@realm
convention.
You are asked to enter your
.I admin
password,
then prompted twice to enter the principal's
new password.  If no realm is specified, 
the local realm is used unless another was
given on the commandline with the \-r flag.  
If no instance is
specified, a null instance is used.  If
a realm other than the default realm is specified,
you will need to supply your admin password for
the other realm.

Use the
.I change_password (cpw)
to change a principal's
Kerberos
password.
The command requires one argument,
the principal's
name.
You are asked to enter your
.I admin
password,
then prompted twice to enter the principal's new password.
The name
given can be fully qualified using 
the standard 
.I name.instance@realm
convention.

Use the
.I change_admin_password (cap)
to change your
.I admin
instance password.
This command requires no arguments.
It prompts you for your old
.I admin
password, then prompts you twice to enter the new
.I admin
password.  If this is your first command, 
the default realm is used.  Otherwise, the realm
used in the last command is used.

Use the
.I destroy_tickets (dest)
command to destroy your admin tickets explicitly.

Use the
.I list_requests (lr)
command to get a list of possible commands.

Use the
.I help
command to display
.IR kadmin's
various help messages.
If entered without an argument,
.I help
displays a general help message.
You can get detailed information on specific
.I kadmin
commands
by entering 
.I help
.IR command_name .

To quit the program, type
.IR quit .

.SH BUGS
The user interface is primitive, and the command names could be better.

.SH "SEE ALSO"
kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
.br
``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
.SH AUTHORS
Jeffrey I. Schiller, MIT Project Athena
.br
Emanuel Jay Berkenbilt, MIT Project Athena