HP UX Kerberos Data Security Software manual Manual Administration Using kadmin

NOTE

Manual Administration Using kadmin

You can use the command-line administrator to administer the principal database. It enables principals with administrative privileges to maintain the principal database. You must include all the users, clients, and services authenticated by the Kerberos server into the principal database.

The following types of command-line interfaces are available:

•Local command-line administrator, kadminl

•Remote command-line administrator, kadmin

The local command-line administrator, kadminl, is available only on the primary security server. You can install the remote command-line administrator, kadmin, on the secondary security servers and clients to remotely administer the principal database.

The local administrator, kadminl, is situated in the following directory on the primary security server:

/opt/krb5/admin

The remote administrator, kadmin, is situated in the following directory on secondary security servers and clients:

/opt/krb5/bin

You must add the first administrative principal on the local administrator, kadminl, located on the primary security server before you log on to the remote command-line administrator, kadmin, from a secondary security server or client.

You can use kadmin to perform the following tasks:

•Add, modify, inquire, or delete principals.

•Change the password of an existing principal.

•Extract a key for an existing prinicpal.

•Extract service principal information to the service key table.