.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $ .\" $Id$ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, .\" please see the file . .\" .TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME kadmin \- network utility for Kerberos database administration .SH SYNOPSIS .B kadmin [-u user] [-r default_realm] [-m] .SH DESCRIPTION This utility provides a unified administration interface to the Kerberos master database. Kerberos administrators use .I kadmin to register new users and services to the master database, and to change information about existing database entries. For instance, an administrator can use .I kadmin to change a user's Kerberos password. A Kerberos administrator is a user with an ``admin'' instance whose name appears on one of the Kerberos administration access control lists. If the \-u option is used, .I user will be used as the administrator instead of the local user. If the \-r option is used, .I default_realm will be used as the default realm for transactions. Otherwise, the local realm will be used by default. If the \-m option is used, multiple requests will be permitted on only one entry of the admin password. Some sites won't support this option. The .I kadmin program communicates over the network with the .I kadmind program, which runs on the machine housing the Kerberos master database. The .I kadmind creates new entries and makes modifications to the database. When you enter the .I kadmin command, the program displays a message that welcomes you and explains how to ask for help. Then .I kadmin waits for you to enter commands (which are described below). It then asks you for your .I admin password before accessing the database. Use the .I add_new_key (or .I ank for short) command to register a new principal with the master database. The command requires one argument, the principal's name. The name given can be fully qualified using the standard .I name.instance@realm convention. You are asked to enter your .I admin password, then prompted twice to enter the principal's new password. If no realm is specified, the local realm is used unless another was given on the commandline with the \-r flag. If no instance is specified, a null instance is used. If a realm other than the default realm is specified, you will need to supply your admin password for the other realm. Use the .I change_password (cpw) to change a principal's Kerberos password. The command requires one argument, the principal's name. You are asked to enter your .I admin password, then prompted twice to enter the principal's new password. The name given can be fully qualified using the standard .I name.instance@realm convention. Use the .I change_admin_password (cap) to change your .I admin instance password. This command requires no arguments. It prompts you for your old .I admin password, then prompts you twice to enter the new .I admin password. If this is your first command, the default realm is used. Otherwise, the realm used in the last command is used. Use the .I destroy_tickets (dest) command to destroy your admin tickets explicitly. Use the .I list_requests (lr) command to get a list of possible commands. Use the .I help command to display .IR kadmin's various help messages. If entered without an argument, .I help displays a general help message. You can get detailed information on specific .I kadmin commands by entering .I help .IR command_name . To quit the program, type .IR quit . .SH BUGS The user interface is primitive, and the command names could be better. .SH "SEE ALSO" kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) .br ``A Subsystem Utilities Package for UNIX'' by Ken Raeburn .SH AUTHORS Jeffrey I. Schiller, MIT Project Athena .br Emanuel Jay Berkenbilt, MIT Project Athena