Kadmin Options
You can invoke kadmin or kadmin.local with any of the
following options:
     
- -r REALM
     
- Use REALM as the default Kerberos realm for the database.
     
 
- -p principal
     
- Use the Kerberos principal principal to authenticate to Kerberos. 
If this option is not given, kadminwill appendadminto
either the primary principal name, the environment variable USER, or to
the username obtained fromgetpwuid, in order of preference.
 
- -q query
     
- Pass query directly to kadmin.  This is useful for writing
scripts that pass specific queries tokadmin.You can invoke kadminwith any of the following options:
 
 
- -k [-t keytab]
     
- Use the keytab keytab to decrypt the KDC response instead of
prompting for a password on the TTY.  In this case, the principal will
be host/hostname
 
- -c credentials cache
     
- Use credentials_cache as the credentials cache.  The credentials
cache should contain a service ticket for the kadmin/adminservice, which can be acquired with thekinitprogram.  If this
option is not specified,kadminrequests a new service ticket
from the KDC, and stores it in its own temporary ccache.
 
- -w password
     
- Use password as the password instead of prompting for one on the
TTY.  Note:  placing the password for a Kerberos principal with
administration access into a shell script can be dangerous if
unauthorized users gain read access to the script.
     
 
- -s admin_server[:port]
     
- Specifies the admin server that kadmin should contact.
     You can invoke kadmin.localwith an of the follwing options:
 
 
- -d_ dbname
     
- Specifies the name of the Kerberos database.
     
 
- -e "enctypes ..."
     
- Sets the list of cryptosystem and salt types to be used for any new
keys created.  See Supported Encryption Types and Salts for
available types.
     
 
- -m
     
- Do not authenticate using a keytab.  This option will cause kadmin to
prompt for the master database password.