summaryrefslogtreecommitdiffstats
path: root/crypto/kerberosIV/man/ksrvutil.8
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/man/ksrvutil.8')
-rw-r--r--crypto/kerberosIV/man/ksrvutil.8104
1 files changed, 104 insertions, 0 deletions
diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8
new file mode 100644
index 0000000..fdc99e6
--- /dev/null
+++ b/crypto/kerberosIV/man/ksrvutil.8
@@ -0,0 +1,104 @@
+.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $
+.\" Copyright 1989 by the Massachusetts Institute of Technology.
+.\"
+.\" For copying and distribution information,
+.\" please see the file <mit-copyright.h>.
+.\"
+.Dd May 4, 1996
+.Dt KSRVUTIL 8
+.Os KTH-KRB
+
+.Sh NAME
+.Nm ksrvutil
+host kerberos keyfile (srvtab) manipulation utility
+.Sh SYNOPSIS
+.Nm
+.Op Fl f Pa keyfile
+.Op Fl i
+.Op Fl k
+.Op Fl p Ar principal
+.Op Fl r Ar realm
+.Ar operation
+
+.Sh DESCRIPTION
+.Nm
+allows a system manager to list or change keys currently in his
+keyfile or to add new keys to the keyfile.
+.Pp
+Operation must be one of the following:
+.Bl -tag -width indent
+.It list
+lists the keys in a keyfile showing version number and principal name.
+If the
+.Fl k
+option is given, keys will also be shown.
+.It change
+changes all the keys in the keyfile by using the regular admin
+protocol. If the
+.Fl i
+flag is given,
+.Nm ksrvutil
+will prompt for yes or no before changing each key. If the
+.Fl k
+option is used, the old and new keys will be displayed.
+.It add
+allows the user to add a key.
+add
+prompts for name, instance, realm, and key version number, asks
+for confirmation, and then asks for a password.
+.Nm
+then converts the password to a key and appends the keyfile with the
+new information. If the
+.Fl k
+option is used, the key is displayed.
+.It get
+gets a service from the Kerberos server, possibly creating the
+principal. Names, instances and realms for the service keys to get are
+prompted for. The default principal used in the kadmin transcation is
+your root instance. This can be changed with the
+.Fl p
+option.
+.El
+.Pp
+In all cases, the default file used is KEY_FILE as defined in krb.h
+unless this is overridden by the
+.Fl f
+option.
+.Pp
+A good use for
+.Nm
+would be for adding keys to a keyfile. A system manager could
+ask a kerberos administrator to create a new service key with
+.Xr kadmin 8
+and could supply an initial password. Then, he could use
+.Nm
+to add the key to the keyfile and then to change the key so that it
+will be random and unknown to either the system manager or the
+kerberos administrator.
+
+.Nm
+always makes a backup copy of the keyfile before making any changes.
+
+.Sh DIAGNOSTICS
+If
+.Nm
+should exit on an error condition at any time during a change or add,
+a copy of the original keyfile can be found in
+.Pa filename Ns .old
+where
+.Pa filename
+is the name of the keyfile, and a copy of the file with all new
+keys changed or added so far can be found in
+.Pa filename Ns .work.
+The original keyfile is left unmodified until the program exits at
+which point it is removed and replaced it with the workfile.
+Appending the workfile to the backup copy and replacing the keyfile
+with the result should always give a usable keyfile, although the
+resulting keyfile will have some out of date keys in it.
+
+.Sh SEE ALSO
+.Xr kadmin 8 ,
+.Xr ksrvtgt 1
+
+.Sh AUTHOR
+Emanuel Jay Berkenbilt, MIT Project Athena
OpenPOWER on IntegriCloud