If you want to operate on principals in FreeIPA, use 'ipa' command.
All users have Kerberos keys by default, so
ipa user-find
would give you all users (use ipa user-find --help
to see limiting criteria)
All hosts are Kerberos principals by default, so
ipa host-find
would give you all host/fqdn@REALM principals.
All services are Kerberos principals and they are owned by hosts, so
ipa service-find
would give you list of all services and if their entries have Keytab: true
it means they are Kerberos principals with defined keytab.
Use ipa service-mod
if you need to change parameters of the service. Use ipa-getkeytab
to retrieve a keytab for any of the principals.
Operations through kadmin/kadmin.local are not supported in FreeIPA.