.\" .\" This source code is no longer held under any constraint of USA .\" `cryptographic laws' since it was exported legally. The cryptographic .\" functions were removed from the code and a "Bones" distribution was .\" made. A Commodity Jurisdiction Request #012-94 was filed with the .\" USA State Department, who handed it to the Commerce department. The .\" code was determined to fall under General License GTDA under ECCN 5D96G, .\" and hence exportable. The cryptographic interfaces were re-added by Eric .\" Young, and then KTH proceeded to maintain the code in the free world. .\" .\"Copyright (C) 1989 by the Massachusetts Institute of Technology .\" .\"Export of this software from the United States of America is assumed .\"to require a specific license from the United States Government. .\"It is the responsibility of any person or organization contemplating .\"export to obtain such a license before exporting. .\" .\"WITHIN THAT CONSTRAINT, permission to use, copy, modify, and .\"distribute this software and its documentation for any purpose and .\"without fee is hereby granted, provided that the above copyright .\"notice appear in all copies and that both that copyright notice and .\"this permission notice appear in supporting documentation, and that .\"the name of M.I.T. not be used in advertising or publicity pertaining .\"to distribution of the software without specific, written prior .\"permission. M.I.T. makes no representations about the suitability of .\"this software for any purpose. It is provided "as is" without express .\"or implied warranty. .\" .\" $OpenBSD: kadmin.8,v 1.4 1998/02/25 15:50:43 art Exp $ .TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kadmin \- network utility for Kerberos database administration .SH SYNOPSIS .B kadmin [-u user] [-r default_realm] [-m] .SH DESCRIPTION This utility provides a unified administration interface to the Kerberos master database. Kerberos administrators use .I kadmin to register new users and services to the master database, and to change information about existing database entries. For instance, an administrator can use .I kadmin to change a user's Kerberos password. A Kerberos administrator is a user with an ``admin'' instance whose name appears on one of the Kerberos administration access control lists. If the \-u option is used, .I user will be used as the administrator instead of the local user. If the \-r option is used, .I default_realm will be used as the default realm for transactions. Otherwise, the local realm will be used by default. If the \-m option is used, multiple requests will be permitted on only one entry of the admin password. Some sites won't support this option. The .I kadmin program communicates over the network with the .I kadmind program, which runs on the machine housing the Kerberos master database. The .I kadmind creates new entries and makes modifications to the database. When you enter the .I kadmin command, the program displays a message that welcomes you and explains how to ask for help. Then .I kadmin waits for you to enter commands (which are described below). It then asks you for your .I admin password before accessing the database. Use the .I add_new_key (or .I ank for short) command to register a new principal with the master database. The command requires one argument, the principal's name. The name given can be fully qualified using the standard .I name.instance@realm convention. You are asked to enter your .I admin password, then prompted twice to enter the principal's new password. If no realm is specified, the local realm is used unless another was given on the commandline with the \-r flag. If no instance is specified, a null instance is used. If a realm other than the default realm is specified, you will need to supply your admin password for the other realm. Use the .I change_password (cpw) to change a principal's Kerberos password. The command requires one argument, the principal's name. You are asked to enter your .I admin password, then prompted twice to enter the principal's new password. The name given can be fully qualified using the standard .I name.instance@realm convention. Use the .I change_admin_password (cap) to change your .I admin instance password. This command requires no arguments. It prompts you for your old .I admin password, then prompts you twice to enter the new .I admin password. If this is your first command, the default realm is used. Otherwise, the realm used in the last command is used. Use the .I destroy_tickets (dest) command to destroy your admin tickets explicitly. Use the .I list_requests (lr) command to get a list of possible commands. Use the .I help command to display .IR kadmin's various help messages. If entered without an argument, .I help displays a general help message. You can get detailed information on specific .I kadmin commands by entering .I help .IR command_name . To quit the program, type .IR quit . .SH BUGS The user interface is primitive, and the command names could be better. .SH "SEE ALSO" kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) .br ``A Subsystem Utilities Package for UNIX'' by Ken Raeburn .SH AUTHORS Jeffrey I. Schiller, MIT Project Athena .br Emanuel Jay Berkenbilt, MIT Project Athena