'\" te
.\" Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights
.\"  reserved.
.TH gkadmin 1M "19 Nov 2013" "SunOS 5.11" "System Administration Commands"
.SH NAME
gkadmin \- Kerberos principals and policies administration GUI
.SH SYNOPSIS
.LP
.nf
\fB/usr/sbin/gkadmin\fR 
.fi

.SH DESCRIPTION
.sp
.LP
\fBgkadmin\fR is an interactive graphical user interface (\fBGUI\fR) that enables you to maintain Kerberos principals and policies. \fBgkadmin\fR provides much the same functionality as the \fBkadmin\fR(1M) command.
.sp
.LP
\fBgkadmin\fR does not support the management of keytabs. You must use \fBkadmin\fR for keytabs management. \fBgkadmin\fR uses Kerberos authentication and an encrypted \fBRPC\fR to operate securely from anywhere on the network.
.sp
.LP
When \fBgkadmin\fR is invoked, the login window is populated with default values. For the principal name, \fBgkadmin\fR determines your user name from the \fBUSER\fR environment variable. It appends \fB/admin\fR to the name (\fIusername\fR\fB/admin\fR) to create a default user instance in the same manner as \fBkadmin\fR. It also selects appropriate defaults for realm and master \fBKDC\fR (\fIadmin_server\fR) from the \fB/etc/krb5/krb5.conf\fR file. 
.sp
.LP
You can change these defaults on the login window. When you enter your password, a session is started with \fBkadmind\fR. Operations performed are subject to permissions that are granted or denied to the chosen user instance by the Kerberos \fBACL\fR file. See \fBkadm5.acl\fR(4).
.sp
.LP
After the session is started, a tabbed folder is displayed that contains a principal list and a policy list. The functionality is mainly the same as \fBkadmin\fR, with addition, deletion, and modification of principal and policy data available.
.sp
.LP
\fBgkadmin\fR also includes an interface to specify principal key encryption types when modifying or creating principal records. The default set of encryption types is used if they are not selected through this interface. The default set of encryption types can be found in \fBkrb5.conf\fR(4) under the \fBdefault_tkt_enctypes\fR section.
.sp
.LP
In addition, \fBgkadmin\fR provides the following features: 
.RS +4
.TP
.ie t \(bu
.el o
New principal or policy records can be added either from default values or from the settings of an existing principal. 
.RE
.RS +4
.TP
.ie t \(bu
.el o
A comment field is available for principals.
.RE
.RS +4
.TP
.ie t \(bu
.el o
Default values are saved in \fB$HOME/.gkadmin\fR. 
.RE
.RS +4
.TP
.ie t \(bu
.el o
A logout option permits you to log back in as another user instance without exiting the tool. 
.RE
.RS +4
.TP
.ie t \(bu
.el o
Principal and policy lists and attributes can be printed or saved to a file. 
.RE
.RS +4
.TP
.ie t \(bu
.el o
Online context-sensitive help and general help is available in the \fBHelp\fR menu.
.RE
.SH FILES
.sp
.ne 2
.mk
.na
\fB\fB/etc/krb5/krb5.conf\fR\fR
.ad
.RS 23n
.rt  
Kerberos configuration information on a Kerberos client. Used to search for default realm and master \fBKDC\fR (\fBadmin_server\fR), including a port number for the master \fBKDC\fR.
.RE

.sp
.ne 2
.mk
.na
\fB\fB$HOME/.gkadmin\fR\fR
.ad
.RS 23n
.rt  
Default parameters used to initialize new principals created during the session.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/security/kerberos-5
_
Interface StabilityCommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBkpasswd\fR(1), \fBkadmin\fR(1M), \fBkadmind\fR(1M), \fBkdb5_util\fR(1M), \fBkadm5.acl\fR(4), \fBkdc.conf\fR(4), \fBkrb5.conf\fR(4), \fBattributes\fR(5), \fBkerberos\fR(5)
.SH DIAGNOSTICS
.sp
.LP
The \fBgkadmin\fR interface is currently incompatible with the \fBMIT\fR \fBkadmind\fR daemon interface, so you cannot use this interface to administer an \fBMIT\fR-based Kerberos database. However, clients running the Solaris implementation of Kerberos  can still use an \fBMIT\fR-based \fBKDC\fR. 
.SH NOTES
.sp
.LP
This command is obsolete and will be removed in a future release of Oracle Solaris.