Sun Microsystems, Inc.
spacer | | |  
black dot
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
System Administration Commandsgkadmin(1M)


 gkadmin - Kerberos database administration GUI, SEAM Administration Tool





gkadmin is an interactive graphical user interface (GUI) that enables you to maintain Kerberos principals and policies. gkadmin provides much the same functionality as the kadmin(1M) command.

gkadmin does not support the management of keytabs. You must use kadmin for keytabs management. gkadmin uses Kerberos authentication and an encrypted RPC to operate securely from anywhere on the network.

When gkadmin is invoked, the login window is populated with default values. For the principal name, gkadmin determines your user name from the USER environment variable. It appends /admin to the name (username/admin) to create a default user instance in the same manner as kadmin. It also selects appropriate defaults for realm and master KDC (admin_server) from the /etc/krb5/krb5.conf file.

You can change these defaults on the login window. When you enter your password, a session is started with kadmind. Operations performed are subject to permissions that are granted or denied to the chosen user instance by the Kerberos ACL file. See kadm5.acl(4).

After the session is started, a tabbed folder is displayed that contains a principal list and a policy list. The functionality is mainly the same as kadmin, with addition, deletion, and modification of principal and policy data available.

In addition, gkadmin provides the following features:

  • New principal or policy records can be added either from default values or from the settings of an existing principal.
  • A comment field is available for principals.
  • Default values are saved in $HOME/.gkadmin.
  • A logout option permits you to log back in as another user instance without exiting the tool.
  • Principal and policy lists and attributes can be printed or saved to a file.
  • Online context-sensitive help and general help is available in the Help menu.


Kerberos configuration information on a Kerberos client. Used to search for default realm and master KDC (admin_server), including a port number for the master KDC.
Default parameters used to initialize new principals created during the session.



See attributes(5) for descriptions of the following attributes:




kpasswd(1), kadmin(1M), kadmind(1M), kadmin.local(1M), kdb5_util(1M), kadm5.acl(4), kdc.conf(4), krb5.conf(4), attributes(5), SEAM(5)



The gkadmin interface is currently incompatible with the MIT kadmind daemon interface, so you cannot use this interface to administer an MIT-based Kerberos database. However, SEAM-based Kerberos clients can still use an MIT-based KDC.

SunOS 5.9Go To TopLast Changed 17 Aug 2001

Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.