1 |
.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan |
2 |
.\" (Royal Institute of Technology, Stockholm, Sweden). |
3 |
.\" All rights reserved. |
4 |
.\" |
5 |
.\" Redistribution and use in source and binary forms, with or without |
6 |
.\" modification, are permitted provided that the following conditions |
7 |
.\" are met: |
8 |
.\" |
9 |
.\" 1. Redistributions of source code must retain the above copyright |
10 |
.\" notice, this list of conditions and the following disclaimer. |
11 |
.\" |
12 |
.\" 2. Redistributions in binary form must reproduce the above copyright |
13 |
.\" notice, this list of conditions and the following disclaimer in the |
14 |
.\" documentation and/or other materials provided with the distribution. |
15 |
.\" |
16 |
.\" 3. Neither the name of the Institute nor the names of its contributors |
17 |
.\" may be used to endorse or promote products derived from this software |
18 |
.\" without specific prior written permission. |
19 |
.\" |
20 |
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND |
21 |
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 |
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 |
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE |
24 |
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 |
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 |
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 |
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 |
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 |
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 |
.\" SUCH DAMAGE. |
31 |
.\" |
32 |
.\" $Id$ |
33 |
.\" |
34 |
.Dd April 14, 2005 |
35 |
.Dt KTUTIL 8 |
36 |
.Os HEIMDAL |
37 |
.Sh NAME |
38 |
.Nm ktutil |
39 |
.Nd manage Kerberos keytabs |
40 |
.Sh SYNOPSIS |
41 |
.Nm |
42 |
.Oo Fl k Ar keytab \*(Ba Xo |
43 |
.Fl Fl keytab= Ns Ar keytab |
44 |
.Xc |
45 |
.Oc |
46 |
.Op Fl v | Fl Fl verbose |
47 |
.Op Fl Fl version |
48 |
.Op Fl h | Fl Fl help |
49 |
.Ar command |
50 |
.Op Ar args |
51 |
.Sh DESCRIPTION |
52 |
.Nm |
53 |
is a program for managing keytabs. |
54 |
Supported options: |
55 |
.Bl -tag -width Ds |
56 |
.It Fl v , Fl Fl verbose |
57 |
Verbose output. |
58 |
.El |
59 |
.Pp |
60 |
.Ar command |
61 |
can be one of the following: |
62 |
.Bl -tag -width srvconvert |
63 |
.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ |
64 |
Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ |
65 |
Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ |
66 |
Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ |
67 |
Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex |
68 |
Adds a key to the keytab. Options that are not specified will be |
69 |
prompted for. This requires that you know the password or the hex key of the |
70 |
principal to add; if what you really want is to add a new principal to |
71 |
the keytab, you should consider the |
72 |
.Ar get |
73 |
command, which talks to the kadmin server. |
74 |
.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ |
75 |
Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ |
76 |
Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port |
77 |
Update one or several keys to new versions. By default, use the admin |
78 |
server for the realm of a keytab entry. Otherwise it will use the |
79 |
values specified by the options. |
80 |
.Pp |
81 |
If no principals are given, all the ones in the keytab are updated. |
82 |
.It copy Ar keytab-src Ar keytab-dest |
83 |
Copies all the entries from |
84 |
.Ar keytab-src |
85 |
to |
86 |
.Ar keytab-dest . |
87 |
.It get Oo Fl p Ar admin principal Oc \ |
88 |
Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ |
89 |
Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ |
90 |
Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ |
91 |
Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ |
92 |
Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... |
93 |
For each |
94 |
.Ar principal , |
95 |
generate a new key for it (creating it if it doesn't already exist), |
96 |
and put that key in the keytab. |
97 |
.Pp |
98 |
If no |
99 |
.Ar realm |
100 |
is specified, the realm to operate on is taken from the first |
101 |
principal. |
102 |
.It list Oo Fl Fl keys Oc Op Fl Fl timestamp |
103 |
List the keys stored in the keytab. |
104 |
.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ |
105 |
Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ |
106 |
Oo Fl Fl enctype= Ns Ar enctype Oc |
107 |
Removes the specified key or keys. Not specifying a |
108 |
.Ar kvno |
109 |
removes keys with any version number. Not specifying an |
110 |
.Ar enctype |
111 |
removes keys of any type. |
112 |
.It rename Ar from-principal Ar to-principal |
113 |
Renames all entries in the keytab that match the |
114 |
.Ar from-principal |
115 |
to |
116 |
.Ar to-principal . |
117 |
.It purge Op Fl Fl age= Ns Ar age |
118 |
Removes all old versions of a key for which there is a newer version |
119 |
that is at least |
120 |
.Ar age |
121 |
(default one week) old. |
122 |
.El |
123 |
.Sh SEE ALSO |
124 |
.Xr kadmin 8 |