Minimize downtime from code errors

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Kadmin - Kerberos Administration Tool Commands

Learn essential kadmin commands for remote Kerberos administration. Manage principals, policies, and tickets with this comprehensive guide.

Kadmin - Kerberos Administration Tool

The kadmin tool is a powerful command-line utility for the remote administration of Kerberos principals and policies. It allows administrators to manage user accounts, service accounts, and access control policies within a Kerberos realm.

Kerberos Administration with Kadmin

This section provides a comprehensive overview of essential kadmin commands for effective Kerberos management. Understanding these commands is crucial for maintaining the security and integrity of your Kerberos infrastructure.

Managing Kerberos Principals

Principals are the entities that can be authenticated by Kerberos. This includes users, services, and hosts. The following commands are used to manage these principals:

# Launch kadmin in interactive mode
kadmin

# Launch kadmin with a specific Kerberos realm
kadmin -r EXAMPLE.COM

# Retrieve a new TGT (Ticket Granting Ticket) for the admin session
kadmin -p admin/admin

# Change the password of a specific principal
kadmin -q "cpw [principal]"

# Add a new principal with default options
kadmin -q "addprinc [principal]"

# Add a new principal with a specific password
kadmin -q "addprinc -pw [password] [principal]"

# Delete a specific principal
kadmin -q "delprinc [principal]"

# Rename a principal
kadmin -q "renprinc [oldprincipal] [newprincipal]"

# List all principals
kadmin -q "listprincs"

# Get detailed information about a principal
kadmin -q "getprinc [principal]"

Managing Kerberos Policies

Policies in Kerberos define attributes and restrictions for principals, such as password expiration, maximum ticket lifetimes, and more. Use these commands to manage policies:

# List all policies
kadmin -q "listpols"

# Add a new policy
kadmin -q "addpol [policy]"

# Modify a policy with specific parameters
kadmin -q "modpol -maxlife 7d0h0m0s [policy]"

# Delete a policy
kadmin -q "delpol [policy]"

# Get detailed information about a policy
kadmin -q "getpol [policy]"

Exiting Kadmin

Once you have completed your administrative tasks, you can exit the kadmin interactive mode:

# Exit kadmin interactive mode
exit

External Resources for Kerberos Administration:

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments