diff options
Diffstat (limited to 'eBones/usr.sbin/ksrvutil/ksrvutil.8')
-rw-r--r-- | eBones/usr.sbin/ksrvutil/ksrvutil.8 | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/eBones/usr.sbin/ksrvutil/ksrvutil.8 b/eBones/usr.sbin/ksrvutil/ksrvutil.8 new file mode 100644 index 0000000..a7fed82 --- /dev/null +++ b/eBones/usr.sbin/ksrvutil/ksrvutil.8 @@ -0,0 +1,93 @@ +.\" from: /mit/kerberos/src/man/RCS/ksrvutil.8,v 4.0 89/07/27 18:35:33 jtkohl Exp $ +.\" $Id: ksrvutil.8,v 1.2 1994/07/19 19:27:53 g89r4222 Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <Copyright.MIT>. +.\" +.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ksrvutil \- host kerberos keyfile (srvtab) manipulation utility +.SH SYNOPSIS +ksrvutil +.B operation +[ +.B \-k +] [ +.B \-i +] [ +.B \-f filename +] +.SH DESCRIPTION +.I ksrvutil +allows a system manager to list or change keys currently in his +keyfile or to add new keys to the keyfile. +.PP + +Operation must be one of the following: +.TP 10n +.I list +lists the keys in a keyfile showing version number and principal +name. If the \-k option is given, keys will also be shown. +.TP 10n +.I change +changes all the keys in the keyfile by using the regular admin +protocol. If the \-i flag is given, +.I ksrvutil +will prompt for yes or no before changing each key. If the \-k +option is used, the old and new keys will be displayed. +.TP 10n +.I add +allows the user to add a key. +.I add +prompts for name, instance, realm, and key version number, asks +for confirmation, and then asks for a password. +.I ksrvutil +then converts the password to a key and appends the keyfile with +the new information. If the \-k option is used, the key is +displayed. + +.PP +In all cases, the default file used is KEY_FILE as defined in +krb.h unless this is overridden by the \-f option. + +.PP +A good use for +.I ksrvutil +would be for adding keys to a keyfile. A system manager could +ask a kerberos administrator to create a new service key with +.IR kadmin (8) +and could supply an initial password. Then, he could use +.I ksrvutil +to add the key to the keyfile and then to change the key so that +it will be random and unknown to either the system manager or +the kerberos administrator. + +.I ksrvutil +always makes a backup copy of the keyfile before making any +changes. + +.SH DIAGNOSTICS +If +.I ksrvutil +should exit on an error condition at any time during a change or +add, a copy of the +original keyfile can be found in +.IR filename .old +where +.I filename +is the name of the keyfile, and a copy of the file with all new +keys changed or added so far can be found in +.IR filename .work. +The original keyfile is left unmodified until the program exits +at which point it is removed and replaced it with the workfile. +Appending the workfile to the backup copy and replacing the +keyfile with the result should always give a usable keyfile, +although the resulting keyfile will have some out of date keys +in it. + +.SH SEE ALSO +kadmin(8), ksrvtgt(1) + +.SH AUTHOR +Emanuel Jay Berkenbilt, MIT Project Athena |