1.\" Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan 2.\" (Royal Institute of Technology, Stockholm, Sweden). 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" 3. Neither the name of the Institute nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $ 33.\" 34.Dd April 14, 2005 35.Dt KTUTIL 8 36.Os HEIMDAL 37.Sh NAME 38.Nm ktutil 39.Nd manage Kerberos keytabs 40.Sh SYNOPSIS 41.Nm 42.Oo Fl k Ar keytab \*(Ba Xo 43.Fl -keytab= Ns Ar keytab 44.Xc 45.Oc 46.Op Fl v | Fl -verbose 47.Op Fl -version 48.Op Fl h | Fl -help 49.Ar command 50.Op Ar args 51.Sh DESCRIPTION 52.Nm 53is a program for managing keytabs. 54Supported options: 55.Bl -tag -width Ds 56.It Xo 57.Fl v , 58.Fl -verbose 59.Xc 60Verbose output. 61.El 62.Pp 63.Ar command 64can be one of the following: 65.Bl -tag -width srvconvert 66.It add Xo 67.Op Fl p Ar principal 68.Op Fl -principal= Ns Ar principal 69.Op Fl V Ar kvno 70.Op Fl -kvno= Ns Ar kvno 71.Op Fl e Ar enctype 72.Op Fl -enctype= Ns Ar enctype 73.Op Fl w Ar password 74.Op Fl -password= Ns Ar password 75.Op Fl r 76.Op Fl -random 77.Op Fl s 78.Op Fl -no-salt 79.Op Fl H 80.Op Fl -hex 81.Xc 82Adds a key to the keytab. Options that are not specified will be 83prompted for. This requires that you know the password or the hex key of the 84principal to add; if what you really want is to add a new principal to 85the keytab, you should consider the 86.Ar get 87command, which talks to the kadmin server. 88.It change Xo 89.Op Fl r Ar realm 90.Op Fl -realm= Ns Ar realm 91.Op Fl -a Ar host 92.Op Fl -admin-server= Ns Ar host 93.Op Fl -s Ar port 94.Op Fl -server-port= Ns Ar port 95.Xc 96Update one or several keys to new versions. By default, use the admin 97server for the realm of a keytab entry. Otherwise it will use the 98values specified by the options. 99.Pp 100If no principals are given, all the ones in the keytab are updated. 101.It copy Xo 102.Ar keytab-src 103.Ar keytab-dest 104.Xc 105Copies all the entries from 106.Ar keytab-src 107to 108.Ar keytab-dest . 109.It get Xo 110.Op Fl p Ar admin principal 111.Op Fl -principal= Ns Ar admin principal 112.Op Fl e Ar enctype 113.Op Fl -enctypes= Ns Ar enctype 114.Op Fl r Ar realm 115.Op Fl -realm= Ns Ar realm 116.Op Fl a Ar admin server 117.Op Fl -admin-server= Ns Ar admin server 118.Op Fl s Ar server port 119.Op Fl -server-port= Ns Ar server port 120.Ar principal ... 121.Xc 122For each 123.Ar principal , 124generate a new key for it (creating it if it doesn't already exist), 125and put that key in the keytab. 126.Pp 127If no 128.Ar realm 129is specified, the realm to operate on is taken from the first 130principal. 131.It list Xo 132.Op Fl -keys 133.Op Fl -timestamp 134.Xc 135List the keys stored in the keytab. 136.It remove Xo 137.Op Fl p Ar principal 138.Op Fl -principal= Ns Ar principal 139.Op Fl V kvno 140.Op Fl -kvno= Ns Ar kvno 141.Op Fl e enctype 142.Op Fl -enctype= Ns Ar enctype 143.Xc 144Removes the specified key or keys. Not specifying a 145.Ar kvno 146removes keys with any version number. Not specifying an 147.Ar enctype 148removes keys of any type. 149.It rename Xo 150.Ar from-principal 151.Ar to-principal 152.Xc 153Renames all entries in the keytab that match the 154.Ar from-principal 155to 156.Ar to-principal . 157.It purge Xo 158.Op Fl -age= Ns Ar age 159.Xc 160Removes all old versions of a key for which there is a newer version 161that is at least 162.Ar age 163(default one week) old. 164.It srvconvert 165.It srv2keytab Xo 166.Op Fl s Ar srvtab 167.Op Fl -srvtab= Ns Ar srvtab 168.Xc 169Converts the version 4 srvtab in 170.Ar srvtab 171to a version 5 keytab and stores it in 172.Ar keytab . 173Identical to: 174.Bd -ragged -offset indent 175.Li ktutil copy 176.Li krb4: Ns Ar srvtab 177.Ar keytab 178.Ed 179.It srvcreate 180.It key2srvtab Xo 181.Op Fl s Ar srvtab 182.Op Fl -srvtab= Ns Ar srvtab 183.Xc 184Converts the version 5 keytab in 185.Ar keytab 186to a version 4 srvtab and stores it in 187.Ar srvtab . 188Identical to: 189.Bd -ragged -offset indent 190.Li ktutil copy 191.Ar keytab 192.Li krb4: Ns Ar srvtab 193.Ed 194.El 195.Sh SEE ALSO 196.Xr kadmin 8 197