The functions provided by the Admin API, and the authorization they require, are listed in the table 3. The ``kadm5_'' prefix has been removed from each function name.
The function semantics in the following sections omit details that are the same for every function.
Function Name | Authorization | Operation | |
init | none | Open a connection with the kadm5 library. OBSOLETE but still provided--use init_with_password instead. | |
init_with_password | none | Open a connection with the kadm5 library using a password to obtain initial credentials. | |
init_with_skey | none | Open a connection with the kadm5 library using the keytab entry to obtain initial credentials. | |
destroy | none | Close the connection with the kadm5 library. | |
flush | none | Flush all database changes to disk; no-op when called remotely. | |
create_principal | add | Create a new principal. | |
delete_principal | delete | Delete a principal. | |
modify_principal | modify | Modify the attributes of an existing principal (not password). | |
rename_principal | add and delete | Rename a principal. | |
get_principal | get2 | Retrieve a principal. | |
get_principals | list | Retrieve some or all principal names. | |
chpass_principal | changepw2 | Change a principal's password. | |
chpass_principal_util | changepw2 | Utility wrapper around chpass_principal. | |
randkey_principal | changepw2 | Randomize a principal's key. | |
setkey_principal | setkey | Explicitly set a principal's keys. | |
decrypt_key | none | Decrypt a principal key. | |
create_policy | add | Create a new policy. | |
delete_policy | delete | Delete a policy. | |
modify_policy | modify | Modify the attributes of a policy. | |
get_policy | get | Retrieve a policy. | |
get_policies | list | Retrieve some or all policy names. | |
free_principal_ent | none | Free the memory associated with an kadm5_principal_ent_t. | |
free_policy_ent | none | Free the memory associated with an kadm5_policy_ent_t. | |
get_privs | none | Return the caller's admin server privileges. |