1/* 2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* Id */ 34 35command = { 36 name = "stash" 37 name = "kstash" 38 option = { 39 long = "enctype" 40 short = "e" 41 type = "string" 42 help = "encryption type" 43 default = "des3-cbc-sha1" 44 } 45 option = { 46 long = "key-file" 47 short = "k" 48 type = "string" 49 argument = "file" 50 help = "master key file" 51 } 52 option = { 53 long = "convert-file" 54 type = "flag" 55 help = "just convert keyfile to new format" 56 } 57 option = { 58 long = "random-password" 59 type = "flag" 60 help = "use a random password (and print the password to stdout)" 61 } 62 option = { 63 long = "master-key-fd" 64 type = "integer" 65 argument = "fd" 66 help = "filedescriptor to read passphrase from" 67 default = "-1" 68 } 69 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 70} 71command = { 72 name = "dump" 73 option = { 74 long = "decrypt" 75 short = "d" 76 type = "flag" 77 help = "decrypt keys" 78 } 79 option = { 80 long = "format" 81 short = "f" 82 type = "string" 83 help = "dump format, mit or heimdal (default: heimdal)" 84 } 85 argument = "[dump-file]" 86 min_args = "0" 87 max_args = "1" 88 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 89} 90 91command = { 92 name = "init" 93 option = { 94 long = "realm-max-ticket-life" 95 type = "string" 96 help = "realm max ticket lifetime" 97 } 98 option = { 99 long = "realm-max-renewable-life" 100 type = "string" 101 help = "realm max renewable lifetime" 102 } 103 option = { 104 long = "bare" 105 type = "flag" 106 help = "only create krbtgt for realm" 107 } 108 argument = "realm..." 109 min_args = "1" 110 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 111} 112command = { 113 name = "load" 114 argument = "file" 115 min_args = "1" 116 max_args = "1" 117 help = "Loads a previously dumped file. Local (-l) mode only." 118} 119command = { 120 name = "merge" 121 argument = "file" 122 min_args = "1" 123 max_args = "1" 124 help = "Merges the contents of a dump file into the database. Local (-l) mode only." 125} 126command = { 127 name = "add" 128 name = "ank" 129 name = "add_new_key" 130 function = "add_new_key" 131 option = { 132 long = "random-key" 133 short = "r" 134 type = "flag" 135 help = "set random key" 136 } 137 option = { 138 long = "random-password" 139 type = "flag" 140 help = "set random password" 141 } 142 option = { 143 long = "password" 144 short = "p" 145 type = "string" 146 help = "principal's password" 147 } 148 option = { 149 long = "key" 150 type = "string" 151 help = "DES-key in hex" 152 } 153 option = { 154 long = "max-ticket-life" 155 type = "string" 156 argument ="lifetime" 157 help = "max ticket lifetime" 158 } 159 option = { 160 long = "max-renewable-life" 161 type = "string" 162 argument = "lifetime" 163 help = "max renewable life" 164 } 165 option = { 166 long = "attributes" 167 type = "string" 168 argument = "attributes" 169 help = "principal attributes" 170 } 171 option = { 172 long = "expiration-time" 173 type = "string" 174 argument = "time" 175 help = "principal expiration time" 176 } 177 option = { 178 long = "pw-expiration-time" 179 type = "string" 180 argument = "time" 181 help = "password expiration time" 182 } 183 option = { 184 long = "hist-kvno-diff-clnt" 185 type = "integer" 186 argument = "kvno diff" 187 help = "historic keys allowed for client" 188 default = "-1" 189 } 190 option = { 191 long = "hist-kvno-diff-svc" 192 type = "integer" 193 argument = "kvno diff" 194 help = "historic keys allowed for service" 195 default = "-1" 196 } 197 option = { 198 long = "use-defaults" 199 type = "flag" 200 help = "use default values" 201 } 202 option = { 203 long = "policy" 204 type = "string" 205 argument = "policy" 206 help = "policy name" 207 } 208 argument = "principal..." 209 min_args = "1" 210 help = "Adds a principal to the database." 211} 212command = { 213 name = "passwd" 214 name = "cpw" 215 name = "change_password" 216 function = "cpw_entry" 217 option = { 218 long = "random-key" 219 short = "r" 220 type = "flag" 221 help = "set random key" 222 } 223 option = { 224 long = "random-password" 225 type = "flag" 226 help = "set random password" 227 } 228 option = { 229 long = "password" 230 short = "p" 231 type = "string" 232 help = "princial's password" 233 } 234 option = { 235 long = "key" 236 type = "string" 237 help = "DES key in hex" 238 } 239 option = { 240 long = "keepold" 241 type = "flag" 242 help = "keep old keys/password" 243 } 244 argument = "principal..." 245 min_args = "1" 246 help = "Changes the password of one or more principals matching the expressions." 247} 248command = { 249 name = "delete" 250 name = "del" 251 name = "del_entry" 252 function = "del_entry" 253 argument = "principal..." 254 min_args = "1" 255 help = "Deletes all principals matching the expressions." 256} 257command = { 258 name = "del_enctype" 259 argument = "principal enctype..." 260 min_args = "2" 261 help = "Delete all the mentioned enctypes for principal." 262} 263command = { 264 name = "add_enctype" 265 option = { 266 long = "random-key" 267 short = "r" 268 type = "flag" 269 help = "set random key" 270 } 271 argument = "principal enctype..." 272 min_args = "2" 273 help = "Add new enctypes for principal." 274} 275command = { 276 name = "ext_keytab" 277 option = { 278 long = "keytab" 279 short = "k" 280 type = "string" 281 help = "keytab to use" 282 } 283 option = { 284 long = "random-key" 285 short = "r" 286 type = "flag" 287 help = "set random key" 288 } 289 argument = "principal..." 290 min_args = "1" 291 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 292} 293command = { 294 name = "get" 295 name = "get_entry" 296 function = "get_entry" 297 /* XXX sync options with "list" */ 298 option = { 299 long = "long" 300 short = "l" 301 type = "flag" 302 help = "long format" 303 default = "-1" 304 } 305 option = { 306 long = "short" 307 short = "s" 308 type = "flag" 309 help = "short format" 310 } 311 option = { 312 long = "terse" 313 short = "t" 314 type = "flag" 315 help = "terse format" 316 } 317 option = { 318 long = "column-info" 319 short = "o" 320 type = "string" 321 help = "columns to print for short output" 322 } 323 argument = "principal..." 324 min_args = "1" 325 help = "Shows information about principals matching the expressions." 326} 327command = { 328 name = "rename" 329 function = "rename_entry" 330 argument = "from to" 331 min_args = "2" 332 max_args = "2" 333 help = "Renames a principal." 334} 335command = { 336 name = "modify" 337 function = "mod_entry" 338 option = { 339 long = "max-ticket-life" 340 type = "string" 341 argument ="lifetime" 342 help = "max ticket lifetime" 343 } 344 option = { 345 long = "max-renewable-life" 346 type = "string" 347 argument = "lifetime" 348 help = "max renewable life" 349 } 350 option = { 351 long = "attributes" 352 short = "a" 353 type = "string" 354 argument = "attributes" 355 help = "principal attributes" 356 } 357 option = { 358 long = "expiration-time" 359 type = "string" 360 argument = "time" 361 help = "principal expiration time" 362 } 363 option = { 364 long = "pw-expiration-time" 365 type = "string" 366 argument = "time" 367 help = "password expiration time" 368 } 369 option = { 370 long = "kvno" 371 type = "integer" 372 help = "key version number" 373 default = "-1" 374 } 375 option = { 376 long = "constrained-delegation" 377 type = "strings" 378 argument = "principal" 379 help = "allowed target principals" 380 } 381 option = { 382 long = "alias" 383 type = "strings" 384 argument = "principal" 385 help = "aliases" 386 } 387 option = { 388 long = "pkinit-acl" 389 type = "strings" 390 argument = "subject dn" 391 help = "aliases" 392 } 393 option = { 394 long = "policy" 395 type = "string" 396 argument = "policy" 397 help = "policy name" 398 } 399 option = { 400 long = "hist-kvno-diff-clnt" 401 type = "integer" 402 argument = "kvno diff" 403 help = "historic keys allowed for client" 404 default = "-1" 405 } 406 option = { 407 long = "hist-kvno-diff-svc" 408 type = "integer" 409 argument = "kvno diff" 410 help = "historic keys allowed for service" 411 default = "-1" 412 } 413 argument = "principal" 414 min_args = "1" 415 max_args = "1" 416 help = "Modifies some attributes of the specified principal." 417} 418command = { 419 name = "privileges" 420 name = "privs" 421 function = "get_privs" 422 help = "Shows which operations you are allowed to perform." 423} 424command = { 425 name = "list" 426 function = "list_princs" 427 /* XXX sync options with "get" */ 428 option = { 429 long = "long" 430 short = "l" 431 type = "flag" 432 help = "long format" 433 } 434 option = { 435 long = "short" 436 short = "s" 437 type = "flag" 438 help = "short format" 439 } 440 option = { 441 long = "terse" 442 short = "t" 443 type = "flag" 444 help = "terse format" 445 default = "-1" 446 } 447 option = { 448 long = "column-info" 449 short = "o" 450 type = "string" 451 help = "columns to print for short output" 452 } 453 argument = "principal..." 454 min_args = "1" 455 help = "Lists principals in a terse format. Equivalent to \"get -t\"." 456} 457command = { 458 name = "verify-password-quality" 459 name = "pwq" 460 function = "password_quality" 461 argument = "principal password" 462 min_args = "2" 463 max_args = "2" 464 help = "Try run the password quality function locally (not doing RPC out to server)." 465} 466command = { 467 name = "check" 468 function = "check" 469 argument = "[realm]" 470 min_args = "0" 471 max_args = "1" 472 help = "Check the realm (if not given, the default realm) for configuration errors." 473} 474command = { 475 name = "lock" 476 function = "lock" 477 argument = "" 478 min_args = "0" 479 max_args = "0" 480 help = "Lock the database for writing (use with care)." 481} 482command = { 483 name = "unlock" 484 function = "unlock" 485 argument = "" 486 min_args = "0" 487 max_args = "0" 488 help = "Unlock the database." 489} 490command = { 491 name = "help" 492 name = "?" 493 argument = "[command]" 494 min_args = "0" 495 max_args = "1" 496 help = "Help! I need somebody." 497} 498command = { 499 name = "exit" 500 name = "quit" 501 function = "exit_kadmin" 502 help = "Quits." 503} 504