Mac OS X Manual Page For kadmin

Mac Dev Center Right arrow

Mac OS X Reference Library Right arrow

General

Mac OS X Man Pages

This manual page is for Mac OS X version 10.6

If you are running a different version of Mac OS X, view the documentation locally:

In Terminal, using the man(1) command

Reading manual pages

Manual pages are intended as a quick reference for people who already understand a technology.

For more information about the manual page format, see the manual page for manpages(5).
For more information about this technology, look for other documentation in the Apple Reference Library.
For general information about writing shell scripts, read Shell Scripting Primer.


kadmin_util(8)                           BSD System Manager's Manual                          kadmin_util(8)

NAME
     kadmin_util -- Kerberos -- Open Directory Single Sign On

SYNOPSIS
     kadmin_util -a principal_name -d principal_name [-r REALM] [-h] [-p] [-v debug_level]

DESCRIPTION
     kadmin_util is a tool for managing the access control list used by kadmind to control which users have
     the ability to modify the Kerberos database of user information.  It will look at the acl_file item in
     the realm section of the kdc config file to determine which acl files to update.

     -a principal_name
              Adds the given principal name to the acl file with administrator privs.

     -d principal_name
              Removes the given principal name from the acl. (-a & -d are mutually exclusinve)

     -h       Send a HUP signal to kadmind if the update completes without errors

     -p       Write the output error to standard out in an XML Plist format

     -r REALM
              Denotes which realm to update. If this parameter is omitted, kadmin_util will operate on the
              first realm it finds in the kdc config file. To operate on all the available realms use '*'
              for the realm name

     -v debug_level
              Sets the debug level (1 = progress >1 for more detail)

EXAMPLES
     To add [email protected] to the acl file as kerberos administrator for realm REALM.COM

     kadmin_util -a [email protected] -r REALM.COM

     To remove [email protected] from all the realms serviced by this kdc (you need the quotes around the
     * to keep the shell from substituting filenames)

     kadmin_util -d [email protected] -r '*'

FILES
     /var/db/krb5kdc/kadm5.acl  the standard acl file location
     /var/db/krb5kdc/kdc.conf   the default kdc config file

DIAGNOSTICS
     You can add -v debug_level to any kadmin_util command. Debug level 1 provides status information,
     higher levels add progressivly more levels of detail.

NOTES
     The kadmin_util tool is used by the Apple Single Sign On system to set up a KDC integrated with the
     rest of the Single Sign On components.

SEE ALSO
     DirectoryService(1), kerberos(1), kadmind(8), kerberosautoconfig(8), krbservicesetup(8), krb5kdc(8),
     sso_util(8)

Darwin                                        October 15, 2009                                        Darwin

Reporting Problems

The way to report a problem with this manual page depends on the type of problem:

Content errors: Report errors in the content of this documentation with the feedback links below.
Bug reports: Report bugs in the functionality of the described tool or API through Bug Reporter.
Formatting problems: Report formatting mistakes in the online version of these pages with the feedback links below.