
Administering the Kerberos Server
The kadmin and kadminl Utilities
Chapter 8130
The kadmin and kadminl Utilities
The kadmin and kadminl Kerberos command-line administrative
utilities provide a unified administration interface for the Kerberos
database. Kerberos administrators use these utilities to create new users
and services for the primary database, and to modify information for the
existing entries in the database. You can use these utilities to maintain
the Kerberos principals and service key tables (v5srvtab).
The kadmin utility is the remote Kerberos client. It resides on the
secondary security servers and client systems. The kadminl utility is the
local client; it resides on the primary security server and is intended for
use by individuals with root access privileges. You can use kadmin to
remotely maintain the database on the primary security server from the
local workstation.
Alternatively, you can also use the GUI administrative utility kadmin_ui
for remote administration and kadminl_ui for local administration.
Before you log on to the remote administrator from a secondary security
server or use a client, add the administrative principal to the database
on the primary security server.
To log on to the remote administrator, kadmin, use a principal account
that has an entry in admin_acl_file. For complete access to all
functions, use an unrestricted administrative principal account with the
* permission in admin_acl_file. The account must have at least the
inquire privileges. For more information on administrative permissions,
see “The admin_acl_file File” on page 113.
For more information on the kadmin option, type man 1 kadmin at the
HP-UX prompt.