Administering the Kerberos Server
Manual Administration Using kadmin
Chapter 8202
Manual Administration Using kadmin
You can use the command-line administrator to administer the principal
database. It enables principals with administrative privileges to
maintain the principal database. You must include all the users, clients,
and services authenticated by the Kerberos server into the principal
database.
The following types of command-line interfaces are available:
• Local command-line administrator, kadminl
• Remote command-line administrator, kadmin
The local command-line administrator, kadminl, is available only on the
primary security server. You can install the remote command-line
administrator, kadmin, on the secondary security servers and clients to
remotely administer the principal database.
The local administrator, kadminl, is situated in the following directory
on the primary security server:
/opt/krb5/admin
The remote administrator, kadmin, is situated in the following directory
on secondary security servers and clients:
/opt/krb5/bin
NOTE You must add the first administrative principal on the local
administrator, kadminl, located on the primary security server before
you log on to the remote command-line administrator, kadmin, from a
secondary security server or client.
You can use kadmin to perform the following tasks:
• Add, modify, inquire, or delete principals.
• Change the password of an existing principal.
• Extract a key for an existing prinicpal.
• Extract service principal information to the service key table.
