1*0a6a1f1dSLionel Sambuc.\" $NetBSD: ktutil.8,v 1.4 2014/04/25 00:26:16 pettai Exp $ 2ebfedea0SLionel Sambuc.\" 3ebfedea0SLionel Sambuc.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan 4ebfedea0SLionel Sambuc.\" (Royal Institute of Technology, Stockholm, Sweden). 5ebfedea0SLionel Sambuc.\" All rights reserved. 6ebfedea0SLionel Sambuc.\" 7ebfedea0SLionel Sambuc.\" Redistribution and use in source and binary forms, with or without 8ebfedea0SLionel Sambuc.\" modification, are permitted provided that the following conditions 9ebfedea0SLionel Sambuc.\" are met: 10ebfedea0SLionel Sambuc.\" 11ebfedea0SLionel Sambuc.\" 1. Redistributions of source code must retain the above copyright 12ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer. 13ebfedea0SLionel Sambuc.\" 14ebfedea0SLionel Sambuc.\" 2. Redistributions in binary form must reproduce the above copyright 15ebfedea0SLionel Sambuc.\" notice, this list of conditions and the following disclaimer in the 16ebfedea0SLionel Sambuc.\" documentation and/or other materials provided with the distribution. 17ebfedea0SLionel Sambuc.\" 18ebfedea0SLionel Sambuc.\" 3. Neither the name of the Institute nor the names of its contributors 19ebfedea0SLionel Sambuc.\" may be used to endorse or promote products derived from this software 20ebfedea0SLionel Sambuc.\" without specific prior written permission. 21ebfedea0SLionel Sambuc.\" 22ebfedea0SLionel Sambuc.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23ebfedea0SLionel Sambuc.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ebfedea0SLionel Sambuc.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ebfedea0SLionel Sambuc.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26ebfedea0SLionel Sambuc.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ebfedea0SLionel Sambuc.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ebfedea0SLionel Sambuc.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ebfedea0SLionel Sambuc.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ebfedea0SLionel Sambuc.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ebfedea0SLionel Sambuc.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ebfedea0SLionel Sambuc.\" SUCH DAMAGE. 33ebfedea0SLionel Sambuc.\" 34ebfedea0SLionel Sambuc.\" Id 35ebfedea0SLionel Sambuc.\" 36ebfedea0SLionel Sambuc.Dd April 14, 2005 37ebfedea0SLionel Sambuc.Dt KTUTIL 8 38ebfedea0SLionel Sambuc.Os 39ebfedea0SLionel Sambuc.Sh NAME 40ebfedea0SLionel Sambuc.Nm ktutil 41ebfedea0SLionel Sambuc.Nd manage Kerberos keytabs 42ebfedea0SLionel Sambuc.Sh SYNOPSIS 43ebfedea0SLionel Sambuc.Nm 44ebfedea0SLionel Sambuc.Oo Fl k Ar keytab \*(Ba Xo 45*0a6a1f1dSLionel Sambuc.Fl Fl keytab= Ns Ar keytab 46ebfedea0SLionel Sambuc.Xc 47ebfedea0SLionel Sambuc.Oc 48*0a6a1f1dSLionel Sambuc.Op Fl v | Fl Fl verbose 49*0a6a1f1dSLionel Sambuc.Op Fl Fl version 50*0a6a1f1dSLionel Sambuc.Op Fl h | Fl Fl help 51ebfedea0SLionel Sambuc.Ar command 52ebfedea0SLionel Sambuc.Op Ar args 53ebfedea0SLionel Sambuc.Sh DESCRIPTION 54ebfedea0SLionel Sambuc.Nm 55ebfedea0SLionel Sambucis a program for managing keytabs. 56ebfedea0SLionel SambucSupported options: 57ebfedea0SLionel Sambuc.Bl -tag -width Ds 58*0a6a1f1dSLionel Sambuc.It Fl v , Fl Fl verbose 59ebfedea0SLionel SambucVerbose output. 60ebfedea0SLionel Sambuc.El 61ebfedea0SLionel Sambuc.Pp 62ebfedea0SLionel Sambuc.Ar command 63ebfedea0SLionel Sambuccan be one of the following: 64ebfedea0SLionel Sambuc.Bl -tag -width srvconvert 65*0a6a1f1dSLionel Sambuc.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 66*0a6a1f1dSLionel SambucOo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ 67*0a6a1f1dSLionel SambucOo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ 68*0a6a1f1dSLionel SambucOo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ 69*0a6a1f1dSLionel SambucOo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex 70ebfedea0SLionel SambucAdds a key to the keytab. Options that are not specified will be 71ebfedea0SLionel Sambucprompted for. This requires that you know the password or the hex key of the 72ebfedea0SLionel Sambucprincipal to add; if what you really want is to add a new principal to 73ebfedea0SLionel Sambucthe keytab, you should consider the 74ebfedea0SLionel Sambuc.Ar get 75ebfedea0SLionel Sambuccommand, which talks to the kadmin server. 76*0a6a1f1dSLionel Sambuc.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ 77*0a6a1f1dSLionel SambucOo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ 78*0a6a1f1dSLionel SambucOo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port 79ebfedea0SLionel SambucUpdate one or several keys to new versions. By default, use the admin 80ebfedea0SLionel Sambucserver for the realm of a keytab entry. Otherwise it will use the 81ebfedea0SLionel Sambucvalues specified by the options. 82ebfedea0SLionel Sambuc.Pp 83ebfedea0SLionel SambucIf no principals are given, all the ones in the keytab are updated. 84ebfedea0SLionel Sambuc.It copy Ar keytab-src Ar keytab-dest 85ebfedea0SLionel SambucCopies all the entries from 86ebfedea0SLionel Sambuc.Ar keytab-src 87ebfedea0SLionel Sambucto 88ebfedea0SLionel Sambuc.Ar keytab-dest . 89ebfedea0SLionel Sambuc.It get Oo Fl p Ar admin principal Oc \ 90*0a6a1f1dSLionel SambucOo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ 91*0a6a1f1dSLionel SambucOo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ 92*0a6a1f1dSLionel SambucOo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ 93*0a6a1f1dSLionel SambucOo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ 94*0a6a1f1dSLionel SambucOo Fl Fl server-port= Ns Ar server port Oc Ar principal ... 95ebfedea0SLionel SambucFor each 96ebfedea0SLionel Sambuc.Ar principal , 97ebfedea0SLionel Sambucgenerate a new key for it (creating it if it doesn't already exist), 98ebfedea0SLionel Sambucand put that key in the keytab. 99ebfedea0SLionel Sambuc.Pp 100ebfedea0SLionel SambucIf no 101ebfedea0SLionel Sambuc.Ar realm 102ebfedea0SLionel Sambucis specified, the realm to operate on is taken from the first 103ebfedea0SLionel Sambucprincipal. 104*0a6a1f1dSLionel Sambuc.It list Oo Fl Fl keys Oc Op Fl Fl timestamp 105ebfedea0SLionel SambucList the keys stored in the keytab. 106*0a6a1f1dSLionel Sambuc.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 107*0a6a1f1dSLionel SambucOo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ 108*0a6a1f1dSLionel SambucOo Fl Fl enctype= Ns Ar enctype Oc 109ebfedea0SLionel SambucRemoves the specified key or keys. Not specifying a 110ebfedea0SLionel Sambuc.Ar kvno 111ebfedea0SLionel Sambucremoves keys with any version number. Not specifying an 112ebfedea0SLionel Sambuc.Ar enctype 113ebfedea0SLionel Sambucremoves keys of any type. 114ebfedea0SLionel Sambuc.It rename Ar from-principal Ar to-principal 115ebfedea0SLionel SambucRenames all entries in the keytab that match the 116ebfedea0SLionel Sambuc.Ar from-principal 117ebfedea0SLionel Sambucto 118ebfedea0SLionel Sambuc.Ar to-principal . 119*0a6a1f1dSLionel Sambuc.It purge Op Fl Fl age= Ns Ar age 120ebfedea0SLionel SambucRemoves all old versions of a key for which there is a newer version 121ebfedea0SLionel Sambucthat is at least 122ebfedea0SLionel Sambuc.Ar age 123ebfedea0SLionel Sambuc(default one week) old. 124ebfedea0SLionel Sambuc.El 125ebfedea0SLionel Sambuc.Sh SEE ALSO 126ebfedea0SLionel Sambuc.Xr kadmin 8 127