man page rewrite from Cygnus. Renamed the file kadmin.M. (kadmin.1 is

just wrong, since it's in section 8.)  Added kadmin.local.M, which is
just a pointer to kadmin.M.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9009 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 0 insertions, 453 deletions

diff --git a/src/kadmin/cli/kadmin.1 b/src/kadmin/cli/kadmin.1
deleted file mode 100644
index dbd4d77ff0..0000000000
--- a/src/kadmin/cli/kadmin.1
+++ /dev/null
@@ -1,453 +0,0 @@
-KADMIN(8)		USER_COMMANDS			KADMIN(8)
-
-NAME
-	kadmin - a command line interface to the Kerberos KADM5
-	administration system
-
-SYNOPSIS
-	kadmin [-r realm] [-p principal] [-q query] [clnt|local args]
-	    clnt args: [-p principal] [[-c ccache]|[-k [-t keytab]]]
-		       [-w] [-s admin_server[:port]]
-	    local args: [-d dbname] [-e \"enc:salt ...\"] [-m]
-
-DESCRIPTION
-	kadmin is a command-line interface to the Kerberos KADM5
-	administration system.  It provides for the maintainance of
-	Kerberos principals, KADM5 policies, and service key tables
-	(keytabs).  It exists as both a remote client, using Kerberos
-	authentication and an encrypted RPC to operate securely from
-	anywhere on the network, and as a local client intended to run
-	directly on the KDC without Kerberos authentication.  The
-	local version provides all of the functionality of the now
-	obsolete kdb5_edit(8) except for database dump and load, which
-	is now provided by the kdb5_util(8) utility.
-
-COMMAND LINE ARGUMENTS
-	If -r is specified, then kadmin will use the specified realm
-	as the default database realm rather than the default realm
-	for the local machine.
-
-	The -q option allows the passing of a request directly to
-	kadmin, which will then exit.  This can be useful for writing
-	scripts.
-
-	The remote version authenticates to the KADM5 server using the
-	service kadmin/admin, and therefore needs a client Kerberos
-	principal name as which to authenticate.  The -p, -c, and -k
-	are designed to work together to specify which principal as
-	which to authenticate and where the service ticket or
-	password/key for that principal should be obtained.  If given
-	the -p option, kadmin will use the specified principal to
-	authenticate.  Otherwise, if given -c option then the primary
-	principal name of the ccache is used.  Otherwise, if given the
-	-k option, the principal name host/<hostname> is used.
-	Otherwise, kadmin will append "/admin" to the primary
-	principal name of the default ccache, the value of the USER
-	environment variable, or the username as obtained with
-	getpwuid, in order of preference.
-
-	Once kadmin knows the principal name as which to authenticate,
-	it needs to acquire a Kerberos service ticket for the KADM5
-	server.  If the -c ccache argument is specified, the ccache
-	should contain a service ticket for the kadmin/admin service;
-	it can be acquired with the kinit(1) program.  Otherwise,
-	kadmin requests a new service ticket from the KDC and stores
-	it in its own temporary ccache.  If the -k keytab argument is
-	specified, the keytab is used to decrypt the KDC response;
-	otherwise, a password is required.  By default, the user is
-	prompted for the password on the TTY.  However, if given the
-	-w option, kadmin will use the password provided on the
-	command line instead of prompting for one on the TTY.
-	WARNING!  Placing the password for a Kerberos principal with
-	administration access into a shell script is EXTREMELY
-	DANGEROUS and should only be done if you are highly sure that
-	the script will not fall into the wrong hands.
-
-	If given the -d argument, kadmin will use the specified
-	database name instead of the default defined in kdc.conf.
-	Note that specifying a different KDC database name also
-	specifies a different name for the KADM5 policy database and
-	lock file.
-
-	If given the -e argument, kadmin will use the specified list
-	of encryption and salt type tuples instead of the values
-	specified in kdc.conf.  This is useful, for example, if you
-	want to create a single principal with a particular key/salt
-	type without affecting any other principals.
-
-	If given the -m argument, kadmin will prompt for the Kerberos
-	master password on the command line instead of attempting to
-	use the stash file.
-
-DATE FORMAT 
-        Various commands in kadmin can take a variety of
-	date formats, specifying durations or absolute times.
-	Examples of valid formats are:
-
-		1 month ago
-		2 hours ago
-		400000 seconds ago
-		last year
-		last Monday
-		yesterday
-		a fortnight ago
-		3/31/92 10:00:07 PST
-		January 23, 1987 10:05pm
-		22:00 GMT
-
-	Dates which do not have the "ago" specifier default to being
-	absolute dates, unless they appear in a field where a duration
-	is expected.  In that case the time specifier will be
-	interpreted as relative.  Specifying "ago" on a duration may
-	result in unexpected behaviour.
-
-COMMAND DESCRIPTIONS
-
-add_principal [options] _newprinc_
-	creates the principal _newprinc_, prompting twice for a
-	password.  This command requires the "add" privilege.  This
-	command has the aliases "addprinc", "ank".
-
-	OPTIONS
-	-salt _salttype_
-		uses the specified salt instead of the default V5 salt
-		for generating the key.  Valid values for _salttype_
-		are:
-			full_name (aliases "v5_salt", "normal")
-			name_only
-			realm_only
-			no_salt (alias "v4_salt")
-
-	-expire _expdate_
-		expiration date of the principal
-
-	-pwexpire _pwexpdate_
-		password expiration date
-
-	-maxlife _maxlife_
-		maximum ticket life of the principal
-
-	-maxrenewlife _maxrenewlife_
-		maximum renewable ticket lifetime of the principal
-
-	-kvno _kvno_
-		explicity set the key version number.  This is not
-		recommended.
-
-	-policy _policy_
-		policy used by this principal.  If no policy is
-		supplied, the principal will default to having no
-		policy, and a warning message will be printed.
-
-	{-|+}allow_tgs_req
-		"-allow_tgs_req" specifies that a TGS request for a
-		ticket for a service ticket for this principal is not
-		permitted.  This option is useless for most things.
-		"+allow_tgs_req" clears this flag.  The default is
-		"+allow_tgs_req".  In effect, "-allow_tgs_req" sets
-		the KRB5_KDB_DISALLOW_TGT_BASED flag on the principal
-		in the database.
-
-	{-|+}allow_tix
-		"-allow_tix" forbids the issuance of any tickets for
-		this principal.  "+allow_tix" clears this flag.  The
-		default is "+allow_tix".  In effect, "-allow_tix" sets
-		the KRB5_KDB_DISALLOW_ALL_TIX flag on the principal in
-		the database.
-
-	{-|+}needchange
-		"+needchange" sets a flag in attributes field to force
-		a password change; "-needchange" clears it.  The
-		default is "-needchange".  In effect, "+needchange"
-		sets the KRB5_KDB_REQUIRES_PWCHANGE flag on the
-		principal in the database.
-
-	{-|+}password_changing_service
-		"+password_changing_service" sets a flag in the
-		attributes field marking this as a password change
-		service principal (useless for most things).
-		"-password_changing_service" clears the flag.  This
-		flag intentionally has a long name.  The default is
-		"-password_changing_service".  In effect,
-		"+password_changing_service" sets the
-		KRB5_KDB_PWCHANGE_SERVICE flag on the principal in the
-		database.
-
-	-randpass
-		sets the key of the principal to a random value
-
-	-pw _password_
-		sets the key of the principal to the specified string
-		and does not prompt for a password.  This is not
-		recommended.
-
-	EXAMPLE
-	kadmin: addprinc tlyu/deity
-	WARNING: no policy specified for "tlyu/deity@ATHENA.MIT.EDU";
-	defaulting to no policy.
-	Enter password for principal tlyu/deity@ATHENA.MIT.EDU:
-	Re-enter password for principal tlyu/deity@ATHENA.MIT.EDU:
-	Principal "tlyu/deity@ATHENA.MIT.EDU" created.
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_ADD (requires "add" privilege)
-	KADM5_BAD_MASK (shouldn't happen)
-	KADM5_DUP (principal exists already)
-	KADM5_UNK_POLICY (policy does not exist)
-	KADM5_PASS_Q_* (password quality violations)
-
-delete_principal [-force] _principal_
-	deletes the specified principal from the database.    This
-	command prompts for deletion, unless the "-force" option is
-	given. This command requires the "delete" privilege.  Aliased
-	to "delprinc".
-
-	EXAMPLE
-	kadmin: delprinc mwm_user
-	Are you sure you want to delete the principal
-	"mwm_user@ATHENA.MIT.EDU"? (yes/no): yes
-	Principal "mwm_user@ATHENA.MIT.EDU" deleted.
-	Make sure that you have removed this principal from
-	all ACLs before reusing.
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_DELETE (reequires "delete" privilege)
-	KADM5_UNK_PRINC (principal does not exist)
-
-modify_principal [options] _principal_
-	modifies the specified principal, changing the fields as
-	specified.  The options are as above for "add_principal",
-	except that password changing is forbidden by this command.
-	In addition, the option "-clearpolicy" will remove clear the
-	current	policy of a principal.  This command requires the
-	"modify" privilege.  Aliased to "modprinc".
-
-	ERRORS
-	KADM5_AUTH_MODIFY (requires "modify" privilege)
-	KADM5_UNK_PRINC (principal does not exist)
-	KADM5_UNK_POLICY (policy does not exist)
-	KADM5_BAD_MASK (shouldn't happen)
-
-change_password [options] _principal_
-	changes the password of _principal_.  Prompts for a new
-	password if neither -randpass or -pw is specified.  Requires
-	the "modify" privilege, or that the principal that is running
-	the program to be the same as the one changed.  Aliased to
-	"cpw".
-
-	OPTIONS
-	-salt _salttype_
-		uses the specified salt instead of the default V5 salt
-		for generating the key.  Options are the same as for
-		add_principal.
-
-	-randpass
-		sets the key of the principal to a random value
-
-	-pw _password_
-		set the password to the specified string.  Not
-		recommended.
-
-	EXAMPLE
-	kadmin: cpw systest
-	Enter password for principal systest@ATHENA.MIT.EDU:
-	Re-enter password for principal systest@ATHENA.MIT.EDU:
-	Password for systest@ATHENA.MIT.EDU changed.
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_MODIFY (requires the modify privilege)
-	KADM5_UNK_PRINC (principal does not exist)
-	KADM5_PASS_Q_* (password policy violation errors)
-	KADM5_PADD_REUSE (password is in principal's password istory)
-	KADM5_PASS_TOOSOON (current password minimum life not xpired)
-
-get_principal [-terse] _principal_
-	gets the attributes of _principal_.  Requires the "get"
-	privilege, or that the principal that is running the the
-	program to be the same as the one being listed.  With the
-	"-terse" option, outputs fields as a quoted tab-separated
-	strings.  Alias "getprinc".
-
-	EXAMPLES
-	kadmin: getprinc tlyu/deity
-	Principal: tlyu/deity@ATHENA.MIT.EDU
-	Key version: 3
-	Maximum life: 1 day 00:00:00
-	Maximum renewable life: 7 days 00:00:00
-	Master key version: 1
-	Expires: Mon Jan 18 22:14:07 EDT 2038
-	Password expires: Mon Sep 19 14:40:00 EDT 1994
-	Password last changed: Mon Jan 31 02:06:40 EDT 1994
-	Last modified: by tlyu/admin@ATHENA.MIT.EDU
-		on Wed Jul 13 18:27:08 EDT 1994
-	Attributes: DISALLOW_FORWARDABLE, DISALLOW_PROXIABLE,
-		REQUIRES_HW_AUTH
-	Salt type: DEFAULT
-	kadmin: getprinc systest
-	systest@ATHENA.MIT.EDU	3	86400	604800	1
-	785926535	753241234	785900000
-	tlyu/admin@ATHENA.MIT.EDU	786100034	0
-	0
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_GET (requires the get privilege)
-	KADM5_UNK_PRINC (principal does not exist)
-
-get_principals [expression]
-	Retrieves all or some principal names.  _expression_ is a
-	shell-style glob expression that can contain the wild-card
-	characters ?, *, and []'s.  All principal names matching the
-	expression are printed.  If no expression is provided, the
-	expression "*" is assumed.  If the expression does not contain
-	an "@" character, an "@" character followed by the local realm
-	is appended to the expression.  Requires the "list" priviledge.
-	Alias "getprincs".
-
-	EXAMPLES
-	kadmin:  getprincs test*
-	test3@SECURE-TEST.OV.COM
-	test2@SECURE-TEST.OV.COM
-	test1@SECURE-TEST.OV.COM
-	testuser@SECURE-TEST.OV.COM
-	kadmin:
-
-add_policy [options] _policy_
-	adds the named policy to the policy database.  Requires the
-	"add" privilege.  Aliased to "addpol".
-
-	OPTIONS
-	-maxlife _time_
-		sets the maximum lifetime of a password
-
-	-minlife _time_
-		sets the minimum lifetime of a password
-
-	-minlength _length_
-		sets the minimum length of a password
-
-	-minclasses _number_
-		sets the minimum number of character classes allowed
-		in a password
-
-	-history _number_
-		sets the number of past keys kept for a principal
-
-	ERRORS
-	KADM5_AUTH_ADD (requires the add privilege)
-	KADM5_DUP (policy already exists)
-
-delete_policy _policy_
-	deletes the named policy.  Prompts for confirmation before
-	deletion.  The command will fail if the policy is in use by
-	any principals.  Requires the "delete" privilege.  Alias
-	"delpol".
-
-	EXAMPLE
-	kadmin: del_policy guests
-	Are you sure you want to delete the policy "guests"?
-	(yes/no): yes
-	Policy "guests" deleted.
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_DELETE (requires the delete privilege)
-	KADM5_UNK_POLICY (policy does not exist)
-	KADM5_POLICY_REF (reference count on policy is not zero)
-
-modify_policy [options] _policy_
-	modifies the named policy.  Options are as above for
-	"add_policy".  Requires the "modify" privilege".  Alias
-	"modpol".
-
-	ERRORS
-	KADM5_AUTH_MODIFY (requires the modify privilege)
-	KADM5_UNK_POLICY (policy does not exist)
-
-get_policy [-terse] _policy_
-	displays the values of the named policy.  Requires the "get"
-	privilege.  With the "-terse" flag, outputs the fields as
-	quoted strings separated by tabs.  Alias "getpol".
-
-	EXAMPLES
-	kadmin: get_policy admin
-	Policy: admin
-	Maximum password life: 180 days 00:00:00
-	Minimum password life: 00:00:00
-	Minimum password length: 6
-	Minimum number of password character classes: 2
-	Number of old keys kept: 5
-	Reference count: 17
-	kadmin: get_policy -terse admin
-	admin	15552000	0	6	2	5	17
-	kadmin:
-
-	ERRORS
-	KADM5_AUTH_GET (requires the get privilege)
-	KADM5_UNK_POLICY (policy does not exist)
-
-get_policies [expression]
-	Retrieves all or some policy names.  _expression_ is a
-	shell-style glob expression that can contain the wild-card
-	characters ?, *, and []'s.  All policy names matching the
-	expression are printed.  If no expression is provided, the
-	expression "*" is assumed.  Requires the "list" priviledge.
-	Alias "getpols".
-
-	EXAMPLES
-	kadmin:  getpols
-	test-pol
-	dict-only
-	once-a-min
-	test-pol-nopw
-	kadmin:  getpols t*
-	test-pol
-	test-pol-nopw
-	kadmin:
-
-ktadd [-k keytab] [-q] [principal | -glob princ-exp] [...]
-	Adds principal or all principals matching princ-exp to a
-	keytab.  princ-exp follows the same rules described for the
-	get_principals command.  An entry for each of the principal's
-	unique encryption types is added, ignoring multiple keys with
-	the same encryption type but different salt types.  If the -k
-	argument is not specified, the default keytab /etc/v5srvtab is
-	used.  If the -q option is specified, less verbose status
-	information is displayed.
-
-	The -glob option requires the "list" privilege.
-
-	EXAMPLES
-	kadmin% ktadd -k /krb5/kadmind.keytab kadmin/admin kadmin/changepw
-	kadmin: Entry for principal kadmin/admin@ATHENA.MIT.EDU with
-		kvno 3, encryption type DES-CBC-CRC added to keytab
-		WRFILE:/krb5/kadmind.keytab.
-	kadmin: Entry for principal kadmin/changepw@ATHENA.MIT.EDU
-		with kvno 3, encryption type DES-CBC-CRC added to keytab
-		WRFILE:/krb5/kadmind.keytab.
-	kadmin:
-
-ktremove [-k keytab] [-q] principal [kvno|"all"|"old"]
-	Removes entries for the specified principal from a keytab.  If
-	the string "all" is specified, all entries for that principal
-	are removed; if the string "old" is specified, all entries for
-	that principal except those with the highest kvno are removed.
-	Otherwise, the value specified is parsed as an integer, and
-	all entries whose kvno match that integer are removed.  If the
-	-k argument is not specifeid, the default keytab /etc/v5srvtab
-	is used.  If the -q is specified, less verbose status
-	information is displayed.
-
-	EXAMPLES
-	kadmin: ktremove -k /krb5/kadmind.keytab kadmin/admin
-	kadmin: Entry for principal kadmin/admin with kvno 3 removed
-		from keytab WRFILE:/krb5/kadmind.keytab.
-	kadmin:
-
-SEE ALSO
-	kerberos(1), kdb5_util(8)
-
-