Administration
kadmin Vs kadminl
kadmin Vs kadminl
These utilities provide a unified administration interface for the Kerberos database. Kerberos administrators use these utilities to create new users and services for the primary database, and to modify information for the existing entries present in the database.
Both these utilities provide for maintenance of Kerberos principals and service key tables (v5srvtab). These utilities exist as both a remote Kerberos client, ‘kadmin’and a local client, ‘kadminl’.
The local client (kadminl) resides on the primary server and is intended for use by individuals with root access privileges.
The remote client (kadmin) resides on secondary servers and client systems. This is intended for use by principals with administrative privileges. It also enables administrators to maintain the database on the primary security server from their workstations.
Alternatively, you could also use the Graphical User Interface namely, the kadmin_ui for remote administration and the kadminl_ui for local administration.
An administrative prinicpal must first be added to the database on the primary security server before you can log on to the Remote administrator either from a secondary server or using a client.
To log in to the Remote Administrator, kadmin, you must use a principal account that has an entry present in the admin_acl_file. For complete access to all the functions, use an unrestricted administrative principal account, one with the ‘*’ permissions in the admin_acl_file. At a minimum, the account must have the inquire privileges. For more information on administrative permissions, refer to “admin_acl_file” on page 95.
For more information on the kadmin option, type man kadmin (1) at the
Administration Tools
There are four administration tools, as shown in Table
112 | Chapter 6 |