mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 17:00:49 +01:00
60643d379b
(Including all changes for FreeBSD - importing the original eBones distribution would be too complex at this stage, since I don't have access to Piero's CVS.) (If you want to include eBones in your system, don't forget to include MAKE_EBONES in /etc/make.conf.) (This stuff is now also suppable from braae.ru.ac.za.) Bones originally from MIT SIPB. Original port to FreeBSD 1.x by Piero Serini. Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet. Nice bug fixes from Doug Rabson.
159 lines
3.8 KiB
Groff
159 lines
3.8 KiB
Groff
.\" from: kadmin.8,v 4.2 89/07/25 17:20:02 jtkohl Exp $
|
|
.\" $Id: kadmin.8,v 1.2 1994/07/19 19:27:22 g89r4222 Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kadmin \- network utility for Kerberos database administration
|
|
.SH SYNOPSIS
|
|
.B kadmin [-u user] [-r default_realm] [-m]
|
|
.SH DESCRIPTION
|
|
This utility provides a unified administration interface to
|
|
the
|
|
Kerberos
|
|
master database.
|
|
Kerberos
|
|
administrators
|
|
use
|
|
.I kadmin
|
|
to register new users and services to the master database,
|
|
and to change information about existing database entries.
|
|
For instance, an administrator can use
|
|
.I kadmin
|
|
to change a user's
|
|
Kerberos
|
|
password.
|
|
A Kerberos administrator is a user with an ``admin'' instance
|
|
whose name appears on one of the Kerberos administration access control
|
|
lists. If the \-u option is used,
|
|
.I user
|
|
will be used as the administrator instead of the local user.
|
|
If the \-r option is used,
|
|
.I default_realm
|
|
will be used as the default realm for transactions. Otherwise,
|
|
the local realm will be used by default.
|
|
If the \-m option is used, multiple requests will be permitted
|
|
on only one entry of the admin password. Some sites won't
|
|
support this option.
|
|
|
|
The
|
|
.I kadmin
|
|
program communicates over the network with the
|
|
.I kadmind
|
|
program, which runs on the machine housing the Kerberos master
|
|
database.
|
|
The
|
|
.I kadmind
|
|
creates new entries and makes modifications to the database.
|
|
|
|
When you enter the
|
|
.I kadmin
|
|
command,
|
|
the program displays a message that welcomes you and explains
|
|
how to ask for help.
|
|
Then
|
|
.I kadmin
|
|
waits for you to enter commands (which are described below).
|
|
It then asks you for your
|
|
.I admin
|
|
password before accessing the database.
|
|
|
|
Use the
|
|
.I add_new_key
|
|
(or
|
|
.I ank
|
|
for short)
|
|
command to register a new principal
|
|
with the master database.
|
|
The command requires one argument,
|
|
the principal's name. The name
|
|
given can be fully qualified using
|
|
the standard
|
|
.I name.instance@realm
|
|
convention.
|
|
You are asked to enter your
|
|
.I admin
|
|
password,
|
|
then prompted twice to enter the principal's
|
|
new password. If no realm is specified,
|
|
the local realm is used unless another was
|
|
given on the commandline with the \-r flag.
|
|
If no instance is
|
|
specified, a null instance is used. If
|
|
a realm other than the default realm is specified,
|
|
you will need to supply your admin password for
|
|
the other realm.
|
|
|
|
Use the
|
|
.I change_password (cpw)
|
|
to change a principal's
|
|
Kerberos
|
|
password.
|
|
The command requires one argument,
|
|
the principal's
|
|
name.
|
|
You are asked to enter your
|
|
.I admin
|
|
password,
|
|
then prompted twice to enter the principal's new password.
|
|
The name
|
|
given can be fully qualified using
|
|
the standard
|
|
.I name.instance@realm
|
|
convention.
|
|
|
|
Use the
|
|
.I change_admin_password (cap)
|
|
to change your
|
|
.I admin
|
|
instance password.
|
|
This command requires no arguments.
|
|
It prompts you for your old
|
|
.I admin
|
|
password, then prompts you twice to enter the new
|
|
.I admin
|
|
password. If this is your first command,
|
|
the default realm is used. Otherwise, the realm
|
|
used in the last command is used.
|
|
|
|
Use the
|
|
.I destroy_tickets (dest)
|
|
command to destroy your admin tickets explicitly.
|
|
|
|
Use the
|
|
.I list_requests (lr)
|
|
command to get a list of possible commands.
|
|
|
|
Use the
|
|
.I help
|
|
command to display
|
|
.IR kadmin's
|
|
various help messages.
|
|
If entered without an argument,
|
|
.I help
|
|
displays a general help message.
|
|
You can get detailed information on specific
|
|
.I kadmin
|
|
commands
|
|
by entering
|
|
.I help
|
|
.IR command_name .
|
|
|
|
To quit the program, type
|
|
.IR quit .
|
|
|
|
.SH BUGS
|
|
The user interface is primitive, and the command names could be better.
|
|
|
|
.SH "SEE ALSO"
|
|
kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8)
|
|
.br
|
|
``A Subsystem Utilities Package for UNIX'' by Ken Raeburn
|
|
.SH AUTHORS
|
|
Jeffrey I. Schiller, MIT Project Athena
|
|
.br
|
|
Emanuel Jay Berkenbilt, MIT Project Athena
|