gkadmin(1M) System Administration Commands gkadmin(1M)NAMEgkadmin - Kerberos principals and policies administration GUI
SYNOPSIS
/usr/sbin/gkadmin
DESCRIPTIONgkadmin is an interactive graphical user interface (GUI) that enables
you to maintain Kerberos principals and policies. gkadmin provides much
the same functionality as the kadmin(1M) command.
gkadmin does not support the management of keytabs. You must use kadmin
for keytabs management. gkadmin uses Kerberos authentication and an
encrypted RPC to operate securely from anywhere on the network.
When gkadmin is invoked, the login window is populated with default
values. For the principal name, gkadmin determines your user name from
the USER environment variable. It appends /admin to the name (user‐
name/admin) to create a default user instance in the same manner as
kadmin. It also selects appropriate defaults for realm and master KDC
(admin_server) from the /etc/krb5/krb5.conf file.
You can change these defaults on the login window. When you enter your
password, a session is started with kadmind. Operations performed are
subject to permissions that are granted or denied to the chosen user
instance by the Kerberos ACL file. See kadm5.acl(4).
After the session is started, a tabbed folder is displayed that con‐
tains a principal list and a policy list. The functionality is mainly
the same as kadmin, with addition, deletion, and modification of prin‐
cipal and policy data available.
gkadmin also includes an interface to specify principal key encryption
types when modifying or creating principal records. The default set of
encryption types is used if they are not selected through this inter‐
face. The default set of encryption types can be found in krb5.conf(4)
under the default_tkt_enctypes section.
In addition, gkadmin provides the following features:
· New principal or policy records can be added either from default
values or from the settings of an existing principal.
· A comment field is available for principals.
· Default values are saved in $HOME/.gkadmin.
· A logout option permits you to log back in as another user
instance without exiting the tool.
· Principal and policy lists and attributes can be printed or saved
to a file.
· Online context-sensitive help and general help is available in the
Help menu.
FILES
/etc/krb5/krb5.conf Kerberos configuration information on a Ker‐
beros client. Used to search for default realm
and master KDC (admin_server), including a port
number for the master KDC.
$HOME/.gkadmin Default parameters used to initialize new prin‐
cipals created during the session.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWkdcu │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOkpasswd(1), kadmin(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M),
kadm5.acl(4), kdc.conf(4), krb5.conf(4), attributes(5), kerberos(5)DIAGNOSTICS
The gkadmin interface is currently incompatible with the MIT kadmind
daemon interface, so you cannot use this interface to administer an
MIT-based Kerberos database. However, clients running the Solaris
implementation of Kerberos can still use an MIT-based KDC.
SunOS 5.10 26 Aug 2005 gkadmin(1M)