diff options
Diffstat (limited to 'admin/ktutil.8')
| -rw-r--r-- | admin/ktutil.8 | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/admin/ktutil.8 b/admin/ktutil.8 new file mode 100644 index 0000000..15523b4 --- /dev/null +++ b/admin/ktutil.8 @@ -0,0 +1,196 @@ +.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $ +.\" +.Dd April 14, 2005 +.Dt KTUTIL 8 +.Os HEIMDAL +.Sh NAME +.Nm ktutil +.Nd manage Kerberos keytabs +.Sh SYNOPSIS +.Nm +.Oo Fl k Ar keytab \*(Ba Xo +.Fl -keytab= Ns Ar keytab +.Xc +.Oc +.Op Fl v | Fl -verbose +.Op Fl -version +.Op Fl h | Fl -help +.Ar command +.Op Ar args +.Sh DESCRIPTION +.Nm +is a program for managing keytabs. +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl v , +.Fl -verbose +.Xc +Verbose output. +.El +.Pp +.Ar command +can be one of the following: +.Bl -tag -width srvconvert +.It add Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V Ar kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e Ar enctype +.Op Fl -enctype= Ns Ar enctype +.Op Fl w Ar password +.Op Fl -password= Ns Ar password +.Op Fl r +.Op Fl -random +.Op Fl s +.Op Fl -no-salt +.Op Fl H +.Op Fl -hex +.Xc +Adds a key to the keytab. Options that are not specified will be +prompted for. This requires that you know the password or the hex key of the +principal to add; if what you really want is to add a new principal to +the keytab, you should consider the +.Ar get +command, which talks to the kadmin server. +.It change Xo +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl -a Ar host +.Op Fl -admin-server= Ns Ar host +.Op Fl -s Ar port +.Op Fl -server-port= Ns Ar port +.Xc +Update one or several keys to new versions. By default, use the admin +server for the realm of a keytab entry. Otherwise it will use the +values specified by the options. +.Pp +If no principals are given, all the ones in the keytab are updated. +.It copy Xo +.Ar keytab-src +.Ar keytab-dest +.Xc +Copies all the entries from +.Ar keytab-src +to +.Ar keytab-dest . +.It get Xo +.Op Fl p Ar admin principal +.Op Fl -principal= Ns Ar admin principal +.Op Fl e Ar enctype +.Op Fl -enctypes= Ns Ar enctype +.Op Fl r Ar realm +.Op Fl -realm= Ns Ar realm +.Op Fl a Ar admin server +.Op Fl -admin-server= Ns Ar admin server +.Op Fl s Ar server port +.Op Fl -server-port= Ns Ar server port +.Ar principal ... +.Xc +For each +.Ar principal , +generate a new key for it (creating it if it doesn't already exist), +and put that key in the keytab. +.Pp +If no +.Ar realm +is specified, the realm to operate on is taken from the first +principal. +.It list Xo +.Op Fl -keys +.Op Fl -timestamp +.Xc +List the keys stored in the keytab. +.It remove Xo +.Op Fl p Ar principal +.Op Fl -principal= Ns Ar principal +.Op Fl V kvno +.Op Fl -kvno= Ns Ar kvno +.Op Fl e enctype +.Op Fl -enctype= Ns Ar enctype +.Xc +Removes the specified key or keys. Not specifying a +.Ar kvno +removes keys with any version number. Not specifying an +.Ar enctype +removes keys of any type. +.It rename Xo +.Ar from-principal +.Ar to-principal +.Xc +Renames all entries in the keytab that match the +.Ar from-principal +to +.Ar to-principal . +.It purge Xo +.Op Fl -age= Ns Ar age +.Xc +Removes all old versions of a key for which there is a newer version +that is at least +.Ar age +(default one week) old. +.It srvconvert +.It srv2keytab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 4 srvtab in +.Ar srvtab +to a version 5 keytab and stores it in +.Ar keytab . +Identical to: +.Bd -ragged -offset indent +.Li ktutil copy +.Li krb4: Ns Ar srvtab +.Ar keytab +.Ed +.It srvcreate +.It key2srvtab Xo +.Op Fl s Ar srvtab +.Op Fl -srvtab= Ns Ar srvtab +.Xc +Converts the version 5 keytab in +.Ar keytab +to a version 4 srvtab and stores it in +.Ar srvtab . +Identical to: +.Bd -ragged -offset indent +.Li ktutil copy +.Ar keytab +.Li krb4: Ns Ar srvtab +.Ed +.El +.Sh SEE ALSO +.Xr kadmin 8 |
