KADMIN(8) | System Manager's Manual | KADMIN(8) |
kadmin
—
kadmin |
[-p
string | - -principal= string]
[-K string | - -keytab= string]
[-c file | - -config-file= file]
[-k file | - -key-file= file]
[-r realm | - -realm= realm]
[-a host | - -admin-server= host]
[-s port number | - -server-port= port number]
[-l | - -local ]
[-h | - -help ]
[-v | - -version ]
[command] |
kadmin
program is used to make modifications to the
Kerberos database, either remotely via the
kadmind(8) daemon, or locally
(with the -l
option).
Supported options:
-p
string,
-
-principal=
string-K
string,
-
-keytab=
string-c
file,
-
-config-file=
file-k
file,
-
-key-file=
file-r
realm,
-
-realm=
realm-a
host,
-
-admin-server=
host-s
port number,
-
-server-port=
port
number-l
,
-
-local
If no command is given on the command line,
kadmin
will prompt for commands to process. Some of
the commands that take one or more principals as argument
(delete
, ext_keytab
,
get
, modify
, and
passwd
) will accept a glob style wildcard, and
perform the operation on all matching principals.
Commands include:
add
[-r
|
-
-random-key
]
[-
-random-password
]
[-p
string |
-
-password=
string]
[-
-key=
string]
[-
-max-ticket-life=
lifetime]
[-
-max-renewable-life=
lifetime]
[-
-attributes=
attributes]
[-
-expiration-time=
time]
[-
-pw-expiration-time=
time]
[-
-policy=
policy-name]
principal...
default
’.add_enctype
[-r
|
-
-random-key
]
principal enctypes...
delete
principal...
del_enctype
principal
enctypes...
ext_keytab
[-k
string |
-
-keytab=
string]
principal...
get
[-l
|
-
-long
]
[-s
|
-
-short
]
[-t
|
-
-terse
]
[-o
string |
-
-column-info=
string]
principal...
-o
option.
The argument is a comma separated list of column names optionally appended
with an equal sign (‘=’) and a column header. Which columns are
printed by default differ slightly between short and long output.
The default terse output format is similar to
-s
-o
principal=, just printing the names of matched
principals.
Possible column names include: principal
,
princ_expire_time
,
pw_expiration
,
last_pwd_change
, max_life
,
max_rlife
, mod_time
,
mod_name
, attributes
,
kvno
, mkvno
,
last_success
, last_failed
,
fail_auth_count
, policy
, and
keytypes
.
modify
[-a
attributes |
-
-attributes=
attributes]
[-
-max-ticket-life=
lifetime]
[-
-max-renewable-life=
lifetime]
[-
-expiration-time=
time]
[-
-pw-expiration-time=
time]
[-
-kvno=
number]
[-
-policy=
policy-name]
principal...
Only policy supported by Heimdal is
‘default
’.
Possible attributes are: new-princ
,
support-desmd5
,
pwchange-service
,
disallow-svr
,
requires-pw-change
,
requires-hw-auth
,
requires-pre-auth
,
disallow-all-tix
,
disallow-dup-skey
,
disallow-proxiable
,
disallow-renewable
,
disallow-tgt-based
,
disallow-forwardable
,
disallow-postdated
Attributes may be negated with a "-", e.g.,
kadmin -l modify -a -disallow-proxiable user
passwd
[-
-keepold
]
[-r
|
-
-random-key
]
[-
-random-password
]
[-p
string |
-
-password=
string]
[-
-key=
string]
principal...
password-quality
principal password
privileges
add
,
add_enctype
, change-password
,
delete
, del_enctype
,
get
, get-keys
,
list
, and modify
.rename
from to
check
[realm]
When running in local mode, the following commands can also be used:
dump
[-d
|
-
-decrypt
]
[-f
format |
-
-format=
format]
[dump-file]
-
-decrypt
is used. If
-
-format=MIT
is used then the
dump will be in MIT format. Otherwise it will be in Heimdal format.init
[-
-realm-max-ticket-life=
string]
[-
-realm-max-renewable-life=
string]
realm
load
file
merge
file
load
but just
modifies the database with the entries in the dump file.stash
[-e
enctype |
-
-enctype=
enctype]
[-k
keyfile |
-
-key-file=
keyfile]
[-
-convert-file
]
[-
-master-key-fd=
fd]
Feb 22, 2007 | NetBSD 9.4 |