HP UX Kerberos Data Security Software manual 170

NOTE

Manual Administration Using kadmin

The Command-Line-Administratoris the program used to administer the principal database. It allows principals with administrative privileges to maintain the principal database using this command line tool. Each user, client or service that is authenticated by the security server must be included in the principal database.

There are two different versions of this program, namely,

•Local Command-Line-Administrator, kadmin

•Remote Command-Line-Administrator, kadminl

The Local Command-Line-Administrator, kadminl, is available only on the Primary Security Server. The Remote Command-Line-Administrator, kadmin, can be installed on Secondary Security Servers and clients to permit remote administration of the prinicpal database.

Location

Local Administrator on the primary security server:

opt/krb5/admin/kadminl

Remote Administrator on secondary security servers and clients:

/opt/krb5/bin/kadmin

You must add the first administrative principal on the Local Administrator, kadminl, located on the primary server before you can log on to the Remote Command-Line-Administrator, kadmin from a secondary server or client.

You can use the kadmin to:

•Add, modify, inquire or delete principals

•Change the password of an existing principal

•Extract a key for an existing prinicpal

•Extract service principal information to the service key table