System Administration Commands kadmin(1M)
NAME
kadmin, kadmin.local - Kerberos database administration pro-
gram
SYNOPSIS
/usr/sbin/kadmin [-r realm] [-p principal] [-q query]
[-s adminserver [:port] [ [-c credentialcache]
[-k [-t keytab] [-w password] [-x dbargs]...
/usr/sbin/kadmin.local [-r realm] [-p principal]
[-q query] [-d dbname] [-e "enc:salt..."] [-m] [-D]
DESCRIPTION
kadmin and kadmin.local are interactive command-line inter-
faces to the Kerberos V5 administration system. They provide
for the maintenance of Kerberos principals, policies, and
service key tables (keytabs). kadmin and kadmin.local pro-
vide identical functionality; the difference is that
kadmin.local can run only on the master KDC and does not use
Kerberos authentication.
Except as explicitly noted otherwise, this man page uses
kadmin to refer to both versions.
By default, both versions of kadmin attempt to determine
your user name and perform operations on behalf of your
"username/admin" instance. Operations performed are subject
to privileges granted or denied to this user instance by the
Kerberos ACL file (see kadm5.acl(4)). You may perform
administration as another user instance by using the -p
option.
The remote version, kadmin, uses Kerberos authentication and
an encrypted RPC to operate securely from anywhere on the
network. It normally prompts for a password and authenti-
cates the user to the Kerberos administration server, kad-
mind, whose service principal is kadmin/fqdn. Some options
specific to the remote version permit the password prompt to
be bypassed. The -c option searches the named credentials
cache for a valid ticket for the kadmin/fqdn service and
uses it to authenticate the user to the Kerberos admin
server without a password. The -k option searches a keytab
for a credential to authenticate to the kadmin/fqdn service,
and again no password is collected. If kadmin has collected
a password, it requests a kadmin/fqdn Kerberos service
ticket from the KDC, and uses that service ticket to
interact with kadmind.
SunOS 5.11 Last change: 29 Feb 2008 1
System Administration Commands kadmin(1M)
The local version, kadmin.local, must be run with an effec-
tive UID of root, and normally uses a key from the
/var/krb5/.k5.realm stash file (see kdb5util(1M)) to
decrypt information from the database rather than prompting
for a password. The -m option will bypass the .k5.realm
stash file and prompt for the master password.
OPTIONS
The following options are supported:
-c credentialscache
Search credentialscache for a service ticket for the
kadmin/fqdn service; it can be acquired with the
kinit(1) program. If this option is not specified, kad-
min requests a new service ticket from the KDC, and
stores it in its own temporary credentials cache.
-d dbname
Specify a non-standard database name. [Local only]
-D
Turn on debug mode. [Local only]
-e "enc:salt ..."
Specify a different encryption type and/or key salt.
[Local only]
-k [-t keytab]
Use the default keytab (-k) or a specific keytab (-t
keytab) to decrypt the KDC response instead of prompting
for a password. In this case, the default principal will
be host/hostname. This is primarily used for keytab
maintenance.
-m
Accept the database master password from the keyboard
rather than using the /var/krb5/.k5.realm stash file.
[Local only]
SunOS 5.11 Last change: 29 Feb 2008 2
System Administration Commands kadmin(1M)
-p principal
Authenticate principal to the kadmin/fqdn service. Oth-
erwise, kadmin will append /admin to the primary princi-
pal name of the default credentials cache, the value of
the USER environment variable, or the username as
obtained with getpwuid, in that order of preference.
-q query
Pass query directly to kadmin, which will perform query
and then exit. This can be useful for writing scripts.
-r realm
Use realm as the default database realm.
-s adminserver[:port]
Administer the specified admin server at the specified
port number (port). This can be useful in administering
a realm not known to your client.
-w password
Use password instead of prompting for one. Note that
placing the password for a Kerberos principal with
administration access into a shell script can be
dangerous if unauthorized users gain read access to the
script or can read arguments of this command through
ps(1).
-x dbargs
Pass database-specific arguments to kadmin. Supported
arguments are for LDAP and the Berkeley-db2 plug-in.
These arguments are:
binddn=binddn
LDAP simple bind DN for authorization on the direc-
tory server. Overrides the ldapkadminddn parameter
setting in krb5.conf(4).
bindpwd=bindpwd
SunOS 5.11 Last change: 29 Feb 2008 3
System Administration Commands kadmin(1M)
Bind password.
dbname=name
For the Berkeley-db2 plug-in, specifies a name for
the Kerberos database.
nconns=num
Maximum number of server connections.
port=num
Directory server connection port.
COMANDS
listrequests
Lists all the commands available for kadmin. Aliased by
lr and ?.
getprivs
Lists the current Kerberos administration privileges
(ACLs) for the principal that is currently running kad-
min. The privileges are based on the /etc/krb5/kadm5.acl
file on the master KDC. Aliased by getprivs.
addprincipal [options] newprinc
Creates a new principal, newprinc, prompting twice for a
password. If the -policy option is not specified and a
policy named default exists, then the default policy is
assigned to the principal; note that the assignment of
the default policy occurs automatically only when a
principal is first created, so the default policy must
already exist for the assignment to occur. The automatic
assignment of the default policy can be suppressed with
the -clearpolicy option. This command requires the add
privilege. Aliased by addprinc and ank. The options are:
-expire expdate
Expiration date of the principal. See the Time For-
mats section for the valid absolute time formats
SunOS 5.11 Last change: 29 Feb 2008 4
System Administration Commands kadmin(1M)
that you can specify for expdate.
-pwexpire pwexpdate
Password expiration date. See the Time Formats sec-
tion for the valid absolute time formats that you
can specify for pwexpdate.
-maxlife maxlife
Maximum ticket life for the principal. See the Time
Formats section for the valid time duration formats
that you can specify for maxlife.
-maxrenewlife maxrenewlife
Maximum renewable life of tickets for the principal.
See the Time Formats section for the valid time
duration formats that you can specify for maxrenewl-
ife.
-kvno kvno
Explicitly set the key version number.
-policy policy
Policy used by the principal. If both the -policy
and -clearpolicy options are not specified, the
default policy is used if it exists; otherwise, the
principal will have no policy. Also note that the
password and principal name must be different when
you add a new principal with a specific policy or
the default policy.
-clearpolicy
-clearpolicy prevents the default policy from being
assigned when -policy is not specified. This option
has no effect if the default policy does not exist.
{-]}allowpostdated
-allowpostdated prohibits the principal from
obtaining postdated tickets. (Sets the
SunOS 5.11 Last change: 29 Feb 2008 5
System Administration Commands kadmin(1M)
KRB5KDBDISALOWPOSTDATED flag.) ]allowpostdated
clears this flag.
{-]}allowforwardable
-allowforwardable prohibits the principal from
obtaining forwardable tickets. (Sets the
KRB5KDBDISALOWFORWARDABLE flag.)
]allowforwardable clears this flag.
{-]}allowrenewable
-allowrenewable prohibits the principal from
obtaining renewable tickets. (Sets the
KRB5KDBDISALOWRENEWABLE flag.) ]allowrenewable
clears this flag.
{-]}allowproxiable
-allowproxiable prohibits the principal from
obtaining proxiable tickets. (Sets the
KRB5KDBDISALOWPROXIABLE flag.) ]allowproxiable
clears this flag.
{-]}allowdupskey
-allowdupskey disables user-to-user authentication
for the principal by prohibiting this principal from
obtaining a session key for another user. (Sets the
KRB5KDBDISALOWDUPSKEY flag.) ]allowdupskey
clears this flag.
{-]}requirespreauth
]requirespreauth requires the principal to preau-
thenticate before being allowed to kinit. (Sets the
KRB5KDBREQUIRESPREAUTH flag.) -requirespreauth
clears this flag.
{-]}requireshwauth
]requireshwauth requires the principal to preau-
thenticate using a hardware device before being
allowed to kinit. (Sets the
KRB5KDBREQUIRESHWAUTH flag.) -requireshwauth
clears this flag.
SunOS 5.11 Last change: 29 Feb 2008 6
System Administration Commands kadmin(1M)
{-]}allowsvr
-allowsvr prohibits the issuance of service tickets
for the principal. (Sets the KRB5KDBDISALOWSVR
flag.) ]allowsvr clears this flag.
{-]}allowtgsreq
-allowtgsreq specifies that a Ticket-Granting Ser-
vice (TGS) request for a service ticket for the
principal is not permitted. This option is useless
for most things. ]allowtgsreq clears this flag.
The default is ]allowtgsreq. In effect,
-allowtgsreq sets the KRB5KDBDISALOWTGTBASED
flag on the principal in the database.
{-]}allowtix
-allowtix forbids the issuance of any tickets for
the principal. ]allowtix clears this flag. The
default is ]allowtix. In effect, -allowtix sets
the KRB5KDBDISALOWALTIX flag on the principal
in the database.
{-]}needchange
]needchange sets a flag in attributes field to force
a password change; -needchange clears it. The
default is -needchange. In effect, ]needchange sets
the KRB5KDBREQUIRESPWCHANGE flag on the principal
in the database.
{-]}passwordchangingservice
]passwordchangingservice sets a flag in the attri-
butes field marking this as a password change ser-
vice principal (useless for most things).
-passwordchangingservice clears the flag. This
flag intentionally has a long name. The default is
-passwordchangingservice. In effect,
]passwordchangingservice sets the
KRB5KDBPWCHANGESERVICE flag on the principal in
the database.
-randkey
Sets the key of the principal to a random value.
SunOS 5.11 Last change: 29 Feb 2008 7
System Administration Commands kadmin(1M)
-pw password
Sets the key of the principal to the specified
string and does not prompt for a password. Note that
using this option in a shell script can be dangerous
if unauthorized users gain read access to the
script.
-e "enc:salt ..."
Override the list of enctype:salttype pairs given in
kdc.conf(4) for setting the key of the principal.
The quotes are necessary if there are multiple
enctype:salttype pairs. One key for each similar
enctype and same salttype will be created and the
first one listed will be used. For example, in a
list of two similar enctypes with the same salt,
"des-cbc-crc:normal des-cbc-md5:normal", one key
will be created and it will be of type des-cbc-
crc:normal.
Example:
kadmin: addprinc tlyu/admin
WARNING: no policy specified for "tlyu/admin@ACME.COM";
defaulting to no policy.
Enter password for principal tlyu/admin@ACME.COM:
Re-enter password for principal tlyu/admin@ACME.COM:
Principal "tlyu/admin@ACME.COM" created.
kadmin:
Errors:
KADM5AUTHAD (requires add privilege)
KADM5BADMASK (should not happen)
KADM5DUP (principal exists already)
KADM5UNKPOLICY (policy does not exist)
KADM5PASQ* (password quality violations)
SunOS 5.11 Last change: 29 Feb 2008 8
System Administration Commands kadmin(1M)
deleteprincipal [-force] principal
Deletes the specified principal from the database. This
command prompts for deletion, unless the -force option
is given. This command requires the delete privilege.
Aliased by delprinc.
Example:
kadmin: delprinc mwmuser
Are you sure you want to delete the principal
"mwmuser@ACME.COM"? (yes/no): yes
Principal "mwmuser@ACME.COM" deleted.
Make sure that you have removed this principal from
all kadmind ACLs before reusing.
kadmin:
Errors:
KADM5AUTHDELETE (requires delete privilege)
KADM5UNKPRINC (principal does not exist)
modifyprincipal [options] principal
Modifies the specified principal, changing the fields as
specified. The options are as above for addprincipal,
except that password changing is forbidden by this com-
mand. In addition, the option -clearpolicy will clear
the current policy of a principal. This command requires
the modify privilege. Aliased by modprinc.
Errors:
KADM5AUTHMODIFY (requires modify privilege)
KADM5UNKPRINC (principal does not exist)
KADM5UNKPOLICY (policy does not exist)
KADM5BADMASK (should not happen)
changepassword [options] principal
SunOS 5.11 Last change: 29 Feb 2008 9
System Administration Commands kadmin(1M)
Changes the password of principal. Prompts for a new
password if neither -randkey or -pw is specified.
Requires the changepw privilege, or that the principal
that is running the program to be the same as the one
changed. Aliased by cpw. The following options are
available:
-randkey
Sets the key of the principal to a random value.
-pw password
Sets the password to the specified string. Not
recommended.
-e "enc:salt ..."
Override the list of enctype:salttype pairs given in
kdc.conf(4) for setting the key of the principal.
The quotes are necessary if there are multiple
enctype:salttype pairs. For each key, the first
matching similar enctype and same salttype in the
list will be used to set the new key(s).
-keepold
Keeps the previous kvno's keys around. There is no
easy way to delete the old keys, and this flag is
usually not necessary except perhaps for TGS keys as
it will allow existing valid TGTs to continue to
work.
Example:
kadmin: cpw systest
Enter password for principal systest@ACME.COM:
Re-enter password for principal systest@ACME.COM:
Password for systest@ACME.COM changed.
kadmin:
Errors:
KADM5AUTHMODIFY (requires the modify privilege)
SunOS 5.11 Last change: 29 Feb 2008 10
System Administration Commands kadmin(1M)
KADM5UNKPRINC (principal does not exist)
KADM5PASQ* (password policy violation errors)
KADM5PASREUSE (password is in principal's pass-
word history)
KADM5PASTOSON (current password minimum life
not expired)
getprincipal [-terse] principal
Gets the attributes of principal. Requires the inquire
privilege, or that the principal that is running the
program to be the same as the one being listed. With the
-terse option, outputs fields as quoted tab-separated
strings. Aliased by getprinc.
Examples:
kadmin: getprinc tlyu/admin
Principal: tlyu/admin@ACME.COM
Expiration date: [never]
Last password change: Thu Jan 03 12:17:46 CET 2008
Password expiration date: [none]
Maximum ticket life: 24855 days 03:14:07
Maximum renewable life: 24855 days 03:14:07
Last modified: Thu Jan 03 12:17:46 CET 2008 (root/admin@ACME.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 5
Key: vno 2, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 2, AES-128 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 2, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 2, ArcFour with HMAC/md5, no salt
Key: vno 2, DES cbc mode with RSA-MD5, no salt
Attributes: REQUIRESPREAUTH
Policy: [none]
kadmin: getprinc -terse tlyu/admin
"tlyu/admin@ACME.COM" 0 1199359066 0 2147483647
"root/admin@ACME.COM" 1199359066 128 2 0 "[none]" 21474836
47 0 0 0 5 1 2 18 0 1 2
17 0 1 2 16 0 1 2 23 0 12
3 0
kadmin:
SunOS 5.11 Last change: 29 Feb 2008 11
System Administration Commands kadmin(1M)
Errors:
KADM5AUTHGET (requires the get [inquire]
privilege)
KADM5UNKPRINC (principal does not exist)
listprincipals [expression]
Retrieves all or some principal names. expression is a
shell-style glob expression that can contain the wild-
card characters ?, *, and []'s. All principal names
matching the expression are printed. If no expression is
provided, all principal names are printed. If the
expression does not contain an "@" character, an "@"
character followed by the local realm is appended to the
expression. Requires the list privilege. Aliased by
listprincs, getprincipals, and getprincs.
Examples:
kadmin: listprincs test*
test3@ACME.COM
test2@ACME.COM
test1@ACME.COM
testuser@ACME.COM
kadmin:
addpolicy [options] policy
Adds the named policy to the policy database. Requires
the add privilege. Aliased by addpol. The following
options are available:
-maxlife maxlife
sets the maximum lifetime of a password. See the
Time Formats section for the valid time duration
formats that you can specify for maxlife.
-minlife minlife
sets the minimum lifetime of a password. See the
Time Formats section for the valid time duration
SunOS 5.11 Last change: 29 Feb 2008 12
System Administration Commands kadmin(1M)
formats that you can specify for minlife.
-minlength length
sets the minimum length of a password.
-minclasses number
sets the minimum number of character classes allowed
in a password. The valid values are:
1
only letters (himom)
2
both letters and numbers (hi2mom)
3
letters, numbers, and punctuation (hi2mom!)
-history number
sets the number of past keys kept for a principal.
Errors:
KADM5AUTHAD (requires the add privilege)
KADM5DUP (policy already exists)
deletepolicy [-force] policy
Deletes the named policy. Unless the -force option is
specified, prompts for confirmation before deletion. The
command will fail if the policy is in use by any princi-
pals. Requires the delete privilege. Aliased by delpol.
Example:
SunOS 5.11 Last change: 29 Feb 2008 13
System Administration Commands kadmin(1M)
kadmin: delpolicy guests
Are you sure you want to delete the
policy "guests"? (yes/no): yes
Policy "guests" deleted.
kadmin:
Errors:
KADM5AUTHDELETE (requires the delete privilege)
KADM5UNKPOLICY (policy does not exist)
KADM5POLICYREF (reference count on policy is not
zero)
modifypolicy [options] policy
Modifies the named policy. Options are as above for
addpolicy. Requires the modify privilege. Aliased by
modpol.
Errors:
KADM5AUTHMODIFY (requires the modify privilege)
KADM5UNKPOLICY (policy does not exist)
getpolicy [-terse] policy
Displays the values of the named policy. Requires the
inquire privilege. With the -terse flag, outputs the
fields as quoted strings separated by tabs. Aliased by
getpol.
Examples:
kadmin: getpolicy admin
Policy: admin
Maximum password life: 180 days 00:00:00
Minimum password life: 00:00:00
Minimum password length: 6
Minimum number of password character classes: 2
Number of old keys kept: 5
Reference count: 17
SunOS 5.11 Last change: 29 Feb 2008 14
System Administration Commands kadmin(1M)
kadmin: getpolicy -terse
admin admin 15552000 0 6 2 5 17
kadmin:
Errors:
KADM5AUTHGET (requires the get privilege)
KADM5UNKPOLICY (policy does not exist)
listpolicies [expression]
Retrieves all or some policy names. expression is a
shell-style glob expression that can contain the wild-
card characters ?, *, and []'s. All policy names match-
ing the expression are printed. If no expression is pro-
vided, all existing policy names are printed. Requires
the list privilege. Aliased by listpols, getpolicies,
and getpols.
Examples:
kadmin: listpols
test-pol dict-only once-a-min test-pol-nopw
kadmin: listpols t*
test-pol test-pol-nopw kadmin:
ktadd [-k keytab] [-q] [-e enctype:salt]
Adds a principal or all principals matching princ-exp to
a keytab, randomizing each principal's key in the pro-
cess.
ktadd requires the inquire and changepw privileges. An
entry for each of the principal's unique encryption
types is added, ignoring multiple keys with the same
encryption type but different salt types. If the -k
argument is not specified, the default keytab file,
/etc/krb5/krb5.keytab, is used.
The "-e enctype:salt" option overrides the list of enc-
types given in krb5.conf(4), in the permittedenctypes
SunOS 5.11 Last change: 29 Feb 2008 15
System Administration Commands kadmin(1M)
parameter. If "-e enctype:salt" is not used and
permittedenctypes is not defined in krb5.conf(4), a key
for each enctype supported by the system on which kadmin
is run will be created and added to the keytab. Res-
tricting the enctypes of keys in the keytab is useful
when the system for which keys are being created does
not support the same set of enctypes as the KDC. Note
that ktadd modifies the enctype of the keys in the prin-
cipal database as well.
If the -q option is specified, less status information
is displayed. Aliased by xst. The -glob option requires
the list privilege. Also, note that if you use -glob to
create a keytab, you need to remove
/etc/krb5/kadm5.keytab and create it again if you want
to use -p */admin with kadmin.
princ-exp
princ-exp follows the same rules described for the
listprincipals command.
Example:
kadmin: ktadd -k /tmp/new-keytab nfs/chicago
Entry for principal nfs/chicago with kvno 2,
encryption type DES-CBC-CRC added to keytab
WRFILE:/tmp/new-keytab.
kadmin:
ktremove [-k keytab] [-q] principal [kvno all old]
Removes entries for the specified principal from a key-
tab. Requires no privileges, since this does not require
database access. If all is specified, all entries for
that principal are removed; if old is specified, all
entries for that principal except those with the highest
kvno are removed. Otherwise, the value specified is
parsed as an integer, and all entries whose kvno match
that integer are removed. If the -k argument is not
specified, the default keytab file,
/etc/krb5/krb5.keytab, is used. If the -q option is
specified, less status information is displayed. Aliased
by ktrem.
SunOS 5.11 Last change: 29 Feb 2008 16
System Administration Commands kadmin(1M)
Example:
kadmin: ktremove -k /tmp/new-keytab nfs/chicago
Entry for principal nfs/chicago with kvno 2
removed from keytab
WRFILE:/tmp/new-keytab.
kadmin:
quit
Quits kadmin. Aliased by exit and q.
Time Formats
Various commands in kadmin can take a variety of time for-
mats, specifying time durations or absolute times. The kad-
min option variables maxrenewlife, maxlife, and minlife are
time durations, whereas expdate and pwexpdate are absolute
times.
Examples:
kadmin: modprinc -expire "12/31 7pm" jdb
kadmin: modprinc -maxrenewlife "2 fortnight" jdb
kadmin: modprinc -pwexpire "this sunday" jdb
kadmin: modprinc -expire never jdb
kadmin: modprinc -maxlife "7:00:00pm tomorrow" jdb
Note that times which do not have the "ago" specifier
default to being absolute times, unless they appear in a
field where a duration is expected. In that case, the time
specifier will be interpreted as relative. Specifying "ago"
in a duration can result in unexpected behavior.
The following time formats and units can be combined to
specify a time. The time and date format examples are based
on the date and time of July 2, 1999, 1:35:30 p.m.
SunOS 5.11 Last change: 29 Feb 2008 17
System Administration Commands kadmin(1M)
Time Format Examples
hh[:mm][:ss][am/pm/a.m./p.m.] 1p.m., 1:35, 1:35:30pm
Variable Description
hh hour (12-hour clock, lead-
ing zero permitted but not
required)
mm minutes
ss seconds
Date Format Examples
mm/dd[/yy] 07/02, 07/02/99
yyyy-mm-dd 1999-07-02
dd-month-yyyy 02-July-1999
month [,yyyy] Jul 02, July 02,1999
dd month[ yyyy] 02 JULY, 02 july 1999
Variable Description
dd day
mm month
yy year within century (00-38 is 2000 to
2038; 70-99 is 1970 to 1999)
yyyy year including century
month locale's full or abbreviated month name
SunOS 5.11 Last change: 29 Feb 2008 18
System Administration Commands kadmin(1M)
SunOS 5.11 Last change: 29 Feb 2008 19
System Administration Commands kadmin(1M)
Time Units Examples
[]- #] year "-2 year"
[]- #] month "2 months"
[]- #] fortnight
[]- #] week
[]- #] day
[]- #] hour
[]- #] minute
[]- #] min
[]- #] second
[]- #] sec
tomorrow
yesterday
today
now
this "this year"
last "last saturday"
next "next month"
sunday
monday
tuesday
wednesday
thursday
friday
saturday
never
You can also use the following time modifiers: first,
second, third, fourth, fifth, sixth, seventh, eighth, ninth,
tenth, eleventh, twelfth, and ago.
ENVIRONMENT VARIABLES
See environ(5) for descriptions of the following environment
variables that affect the execution of kadmin:
PAGER
The command to use as a filter for paging output. This
can also be used to specify options. The default is
more(1).
FILES
/var/krb5/principal
Kerberos principal database.
SunOS 5.11 Last change: 29 Feb 2008 20
System Administration Commands kadmin(1M)
/var/krb5/principal.ulog
The update log file for incremental propagation.
/var/krb5/principal.kadm5
Kerberos administrative database. Contains policy infor-
mation.
/var/krb5/principal.kadm5.lock
Lock file for the Kerberos administrative database. This
file works backwards from most other lock files (that
is, kadmin will exit with an error if this file does not
exist).
/var/krb5/kadm5.dict
Dictionary of strings explicitly disallowed as pass-
words.
/etc/krb5/kadm5.acl
List of principals and their kadmin administrative
privileges.
/etc/krb5/kadm5.keytab
Keytab for kadmind principals: kadmin/fqdn,
changepw/fqdn, and kadmin/changepw.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 29 Feb 2008 21
System Administration Commands kadmin(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWkdcu
Interface Stability Committed
SEE ALSO
kpasswd(1), more(1), gkadmin(1M), kadmind(1M),
kdb5util(1M), kdb5ldaputil(1M), kproplog(1M),
kadm5.acl(4), kdc.conf(4), krb5.conf(4), attributes(5),
environ(5), kerberos(5), krb5envvar(5)
HISTORY
The kadmin program was originally written by Tom Yu at MIT,
as an interface to the OpenVision Kerberos administration
program.
DIAGNOSTICS
The kadmin command is currently incompatible with the MIT
kadmind daemon interface, so you cannot use this command to
administer an MIT-based Kerberos database. However, clients
running the Solaris implementation of Kerberos can still use
an MIT-based KDC.
SunOS 5.11 Last change: 29 Feb 2008 22
|
