NAME
kkaaddmmiinnuuttiill - Kerberos - Open Directory Single Sign On
SYNOPSIS
kkaaddmmiinnuuttiill -a principalname -d principalname [-rr REALM] [-hh] [-pp]
[-vv debuglevel]
DESCRIPTION
kkaaddmmiinnuuttiill is a tool for managing the access control list used by kadmind to control which users have the ability to modify the Kerberos database of user information. It will look at the aclfile item in the realm section of the kdc config file to determine which acl files to update.-aa principalname
Adds the given principal name to the acl file with administrator privs.-dd principalname
Removes the given principal name from the acl. (-a & -d are
mutually exclusinve)-hh Send a HUP signal to kadmind if the update completes without
errors-pp Write the output error to standard out in an XML Plist format
-rr REALM
Denotes which realm to update. If this parameter is omitted, kkaaddmmiinnuuttiill will operate on the first realm it finds in the kdc config file. To operate on all the available realms use '*' for the realm name-vv debuglevel
Sets the debug level (1 = progress >1 for more detail) EEXXAAMMPPLLEESS To add adminuser@REALM.COM to the acl file as kerberos administrator for realm REALM.COMkadminutil -a adminuser@REALM.COM -r REALM.COM
To remove adminuser@REALM.COM from all the realms serviced by this kdc (you need the quotes around the * to keep the shell from substituting filenames)kadminutil -d adminuser@REALM.COM -r '*'
FILES /var/db/krb5kdc/kadm5.acl the standard acl file location /var/db/krb5kdc/kdc.conf the default kdc config file DIAGNOSTICSYou can add -v debuglevel to any kkaaddmmiinnuuttiill command. Debug level 1 pro-
vides status information, higher levels add progressivly more levels of detail. NNOOTTEESS The kkaaddmmiinnuuttiill tool is used by the Apple Single Sign On system to set up a KDC integrated with the rest of the Single Sign On components.SEE ALSO
DirectoryService(1), kerberos(1), kadmind(8), kerberosautoconfig(8), kdcmond(8), krbservicesetup(8), krb5kdc(8), ssoutil(8) Darwin December 21, 2019 Darwin