Hi tech@ tokenadm(8) pretty much needs almost the same pledge annotations as login_token(8), "rpath wpath cpath fattr flock" for operations on the DB files and before that it also needs getpw due to calling getgrnam(3) to get the group (TOKEN_GROUP). In this case where both differ is that tokenadm(8) doesn't call readpassphrase(3) and therefore it doesn't need tty.
Any comments? Index: tokenadm.c =================================================================== RCS file: /cvs/src/usr.sbin/tokenadm/tokenadm.c,v retrieving revision 1.10 diff -u -p -u -r1.10 tokenadm.c --- tokenadm.c 16 Jan 2015 06:40:22 -0000 1.10 +++ tokenadm.c 23 Dec 2015 22:24:26 -0000 @@ -167,6 +167,9 @@ main(int argc, char **argv) goto usage; } + if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) + err(1, "pledge"); + if (what == LIST && (dmode || emode)) what = MODECH;