3
<title>Kerberos V5 System Administrator's Guide</title>
4
<meta http-equiv="Content-Type" content="text/html">
5
<meta name="description" content="Kerberos V5 System Administrator's Guide">
6
<meta name="generator" content="makeinfo 4.5">
7
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home">
12
Node:<a name="Kadmin%20Options">Kadmin Options</a>,
13
Next:<a rel="next" accesskey="n" href="Date-Format.html#Date%20Format">Date Format</a>,
14
Previous:<a rel="previous" accesskey="p" href="Administrating-the-Kerberos-Database.html#Administrating%20the%20Kerberos%20Database">Administrating the Kerberos Database</a>,
15
Up:<a rel="up" accesskey="u" href="Administrating-the-Kerberos-Database.html#Administrating%20the%20Kerberos%20Database">Administrating the Kerberos Database</a>
19
<h3 class="section">Kadmin Options</h3>
21
<p>You can invoke <code>kadmin</code> or <code>kadmin.local</code> with any of the
25
<dt><b>-r </b><i>REALM</i><b></b>
26
<dd>Use <i>REALM</i> as the default Kerberos realm for the database.
28
<br><dt><b>-p </b><i>principal</i><b></b>
29
<dd>Use the Kerberos principal <i>principal</i> to authenticate to Kerberos.
30
If this option is not given, <code>kadmin</code> will append <code>admin</code> to
31
either the primary principal name, the environment variable USER, or to
32
the username obtained from <code>getpwuid</code>, in order of preference.
34
<br><dt><b>-q </b><i>query</i><b></b>
35
<dd>Pass <i>query</i> directly to <code>kadmin</code>. This is useful for writing
36
scripts that pass specific queries to <code>kadmin</code>.
38
<p>You can invoke <code>kadmin</code> with any of the following options:
40
<br><dt><b>-k [-t </b><i>keytab</i><b>]</b>
41
<dd>Use the keytab <i>keytab</i> to decrypt the KDC response instead of
42
prompting for a password on the TTY. In this case, the principal will
43
be <code>host/</code><i>hostname</i><code></code>. If <b>-t</b> is not used to specify a keytab,
44
then the default keytab will be used.
46
<br><dt><b>-c </b><i>credentials cache</i><b></b>
47
<dd>Use <i>credentials_cache</i> as the credentials cache. The credentials
48
cache should contain a service ticket for the <code>kadmin/admin</code>
49
service, which can be acquired with the <code>kinit</code> program. If this
50
option is not specified, <code>kadmin</code> requests a new service ticket
51
from the KDC, and stores it in its own temporary ccache.
53
<br><dt><b>-w </b><i>password</i><b></b>
54
<dd>Use <i>password</i> as the password instead of prompting for one on the
55
TTY. Note: placing the password for a Kerberos principal with
56
administration access into a shell script can be dangerous if
57
unauthorized users gain read access to the script.
59
<br><dt><b>-s </b><i>admin_server[:port]</i><b></b>
60
<dd>Specifies the admin server that kadmin should contact.
62
<p>You can invoke <code>kadmin.local</code> with an of the follwing options:
64
<br><dt><b>-d_ </b><i>dbname</i><b></b>
65
<dd>Specifies the name of the Kerberos database.
67
<br><dt><b>-e </b><i>"enctypes ..."</i><b></b>
68
<dd>Sets the list of cryptosystem and salt types to be used for any new
69
keys created. See <a href="Supported-Encryption-Types.html#Supported%20Encryption%20Types">Supported Encryption Types</a> and <a href="Salts.html#Salts">Salts</a> for
73
<dd>Do not authenticate using a keytab. This option will cause kadmin to
74
prompt for the master database password.