e172367898
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
197 lines
5.0 KiB
Groff
197 lines
5.0 KiB
Groff
.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
|
|
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" 3. Neither the name of the Institute nor the names of its contributors
|
|
.\" may be used to endorse or promote products derived from this software
|
|
.\" without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $Id$
|
|
.\"
|
|
.Dd April 14, 2005
|
|
.Dt KTUTIL 8
|
|
.Os HEIMDAL
|
|
.Sh NAME
|
|
.Nm ktutil
|
|
.Nd manage Kerberos keytabs
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Oo Fl k Ar keytab \*(Ba Xo
|
|
.Fl -keytab= Ns Ar keytab
|
|
.Xc
|
|
.Oc
|
|
.Op Fl v | Fl -verbose
|
|
.Op Fl -version
|
|
.Op Fl h | Fl -help
|
|
.Ar command
|
|
.Op Ar args
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is a program for managing keytabs.
|
|
Supported options:
|
|
.Bl -tag -width Ds
|
|
.It Xo
|
|
.Fl v ,
|
|
.Fl -verbose
|
|
.Xc
|
|
Verbose output.
|
|
.El
|
|
.Pp
|
|
.Ar command
|
|
can be one of the following:
|
|
.Bl -tag -width srvconvert
|
|
.It add Xo
|
|
.Op Fl p Ar principal
|
|
.Op Fl -principal= Ns Ar principal
|
|
.Op Fl V Ar kvno
|
|
.Op Fl -kvno= Ns Ar kvno
|
|
.Op Fl e Ar enctype
|
|
.Op Fl -enctype= Ns Ar enctype
|
|
.Op Fl w Ar password
|
|
.Op Fl -password= Ns Ar password
|
|
.Op Fl r
|
|
.Op Fl -random
|
|
.Op Fl s
|
|
.Op Fl -no-salt
|
|
.Op Fl H
|
|
.Op Fl -hex
|
|
.Xc
|
|
Adds a key to the keytab. Options that are not specified will be
|
|
prompted for. This requires that you know the password or the hex key of the
|
|
principal to add; if what you really want is to add a new principal to
|
|
the keytab, you should consider the
|
|
.Ar get
|
|
command, which talks to the kadmin server.
|
|
.It change Xo
|
|
.Op Fl r Ar realm
|
|
.Op Fl -realm= Ns Ar realm
|
|
.Op Fl -a Ar host
|
|
.Op Fl -admin-server= Ns Ar host
|
|
.Op Fl -s Ar port
|
|
.Op Fl -server-port= Ns Ar port
|
|
.Xc
|
|
Update one or several keys to new versions. By default, use the admin
|
|
server for the realm of a keytab entry. Otherwise it will use the
|
|
values specified by the options.
|
|
.Pp
|
|
If no principals are given, all the ones in the keytab are updated.
|
|
.It copy Xo
|
|
.Ar keytab-src
|
|
.Ar keytab-dest
|
|
.Xc
|
|
Copies all the entries from
|
|
.Ar keytab-src
|
|
to
|
|
.Ar keytab-dest .
|
|
.It get Xo
|
|
.Op Fl p Ar admin principal
|
|
.Op Fl -principal= Ns Ar admin principal
|
|
.Op Fl e Ar enctype
|
|
.Op Fl -enctypes= Ns Ar enctype
|
|
.Op Fl r Ar realm
|
|
.Op Fl -realm= Ns Ar realm
|
|
.Op Fl a Ar admin server
|
|
.Op Fl -admin-server= Ns Ar admin server
|
|
.Op Fl s Ar server port
|
|
.Op Fl -server-port= Ns Ar server port
|
|
.Ar principal ...
|
|
.Xc
|
|
For each
|
|
.Ar principal ,
|
|
generate a new key for it (creating it if it doesn't already exist),
|
|
and put that key in the keytab.
|
|
.Pp
|
|
If no
|
|
.Ar realm
|
|
is specified, the realm to operate on is taken from the first
|
|
principal.
|
|
.It list Xo
|
|
.Op Fl -keys
|
|
.Op Fl -timestamp
|
|
.Xc
|
|
List the keys stored in the keytab.
|
|
.It remove Xo
|
|
.Op Fl p Ar principal
|
|
.Op Fl -principal= Ns Ar principal
|
|
.Op Fl V kvno
|
|
.Op Fl -kvno= Ns Ar kvno
|
|
.Op Fl e enctype
|
|
.Op Fl -enctype= Ns Ar enctype
|
|
.Xc
|
|
Removes the specified key or keys. Not specifying a
|
|
.Ar kvno
|
|
removes keys with any version number. Not specifying an
|
|
.Ar enctype
|
|
removes keys of any type.
|
|
.It rename Xo
|
|
.Ar from-principal
|
|
.Ar to-principal
|
|
.Xc
|
|
Renames all entries in the keytab that match the
|
|
.Ar from-principal
|
|
to
|
|
.Ar to-principal .
|
|
.It purge Xo
|
|
.Op Fl -age= Ns Ar age
|
|
.Xc
|
|
Removes all old versions of a key for which there is a newer version
|
|
that is at least
|
|
.Ar age
|
|
(default one week) old.
|
|
.It srvconvert
|
|
.It srv2keytab Xo
|
|
.Op Fl s Ar srvtab
|
|
.Op Fl -srvtab= Ns Ar srvtab
|
|
.Xc
|
|
Converts the version 4 srvtab in
|
|
.Ar srvtab
|
|
to a version 5 keytab and stores it in
|
|
.Ar keytab .
|
|
Identical to:
|
|
.Bd -ragged -offset indent
|
|
.Li ktutil copy
|
|
.Li krb4: Ns Ar srvtab
|
|
.Ar keytab
|
|
.Ed
|
|
.It srvcreate
|
|
.It key2srvtab Xo
|
|
.Op Fl s Ar srvtab
|
|
.Op Fl -srvtab= Ns Ar srvtab
|
|
.Xc
|
|
Converts the version 5 keytab in
|
|
.Ar keytab
|
|
to a version 4 srvtab and stores it in
|
|
.Ar srvtab .
|
|
Identical to:
|
|
.Bd -ragged -offset indent
|
|
.Li ktutil copy
|
|
.Ar keytab
|
|
.Li krb4: Ns Ar srvtab
|
|
.Ed
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr kadmin 8
|