1*1c9681d1Schristos.\" $NetBSD: ktutil.1,v 1.2 2017/01/28 21:31:44 christos Exp $ 2e0895134Schristos.\" 3e0895134Schristos.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan 4e0895134Schristos.\" (Royal Institute of Technology, Stockholm, Sweden). 5e0895134Schristos.\" All rights reserved. 6e0895134Schristos.\" 7e0895134Schristos.\" Redistribution and use in source and binary forms, with or without 8e0895134Schristos.\" modification, are permitted provided that the following conditions 9e0895134Schristos.\" are met: 10e0895134Schristos.\" 11e0895134Schristos.\" 1. Redistributions of source code must retain the above copyright 12e0895134Schristos.\" notice, this list of conditions and the following disclaimer. 13e0895134Schristos.\" 14e0895134Schristos.\" 2. Redistributions in binary form must reproduce the above copyright 15e0895134Schristos.\" notice, this list of conditions and the following disclaimer in the 16e0895134Schristos.\" documentation and/or other materials provided with the distribution. 17e0895134Schristos.\" 18e0895134Schristos.\" 3. Neither the name of the Institute nor the names of its contributors 19e0895134Schristos.\" may be used to endorse or promote products derived from this software 20e0895134Schristos.\" without specific prior written permission. 21e0895134Schristos.\" 22e0895134Schristos.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23e0895134Schristos.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24e0895134Schristos.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25e0895134Schristos.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26e0895134Schristos.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27e0895134Schristos.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28e0895134Schristos.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29e0895134Schristos.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30e0895134Schristos.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31e0895134Schristos.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32e0895134Schristos.\" SUCH DAMAGE. 33e0895134Schristos.\" 34e0895134Schristos.\" Id 35e0895134Schristos.\" 36e0895134Schristos.Dd April 14, 2005 37e0895134Schristos.Dt KTUTIL 1 38e0895134Schristos.Os 39e0895134Schristos.Sh NAME 40e0895134Schristos.Nm ktutil 41e0895134Schristos.Nd manage Kerberos keytabs 42e0895134Schristos.Sh SYNOPSIS 43e0895134Schristos.Nm 44e0895134Schristos.Oo Fl k Ar keytab \*(Ba Xo 45e0895134Schristos.Fl Fl keytab= Ns Ar keytab 46e0895134Schristos.Xc 47e0895134Schristos.Oc 48e0895134Schristos.Op Fl v | Fl Fl verbose 49e0895134Schristos.Op Fl Fl version 50e0895134Schristos.Op Fl h | Fl Fl help 51e0895134Schristos.Ar command 52e0895134Schristos.Op Ar args 53e0895134Schristos.Sh DESCRIPTION 54e0895134Schristos.Nm 55e0895134Schristosis a program for managing keytabs. 56e0895134SchristosSupported options: 57e0895134Schristos.Bl -tag -width Ds 58e0895134Schristos.It Fl v , Fl Fl verbose 59e0895134SchristosVerbose output. 60e0895134Schristos.El 61e0895134Schristos.Pp 62e0895134Schristos.Ar command 63e0895134Schristoscan be one of the following: 64e0895134Schristos.Bl -tag -width srvconvert 65e0895134Schristos.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 66e0895134SchristosOo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ 67e0895134SchristosOo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ 68e0895134SchristosOo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ 69e0895134SchristosOo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex 70e0895134SchristosAdds a key to the keytab. Options that are not specified will be 71e0895134Schristosprompted for. This requires that you know the password or the hex key of the 72e0895134Schristosprincipal to add; if what you really want is to add a new principal to 73e0895134Schristosthe keytab, you should consider the 74e0895134Schristos.Ar get 75e0895134Schristoscommand, which talks to the kadmin server. 76e0895134Schristos.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ 77e0895134SchristosOo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ 78e0895134SchristosOo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port 79e0895134SchristosUpdate one or several keys to new versions. By default, use the admin 80e0895134Schristosserver for the realm of a keytab entry. Otherwise it will use the 81e0895134Schristosvalues specified by the options. 82e0895134Schristos.Pp 83e0895134SchristosIf no principals are given, all the ones in the keytab are updated. 84e0895134Schristos.It copy Ar keytab-src Ar keytab-dest 85e0895134SchristosCopies all the entries from 86e0895134Schristos.Ar keytab-src 87e0895134Schristosto 88e0895134Schristos.Ar keytab-dest . 89e0895134Schristos.It get Oo Fl p Ar admin principal Oc \ 90e0895134SchristosOo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ 91e0895134SchristosOo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ 92e0895134SchristosOo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ 93e0895134SchristosOo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ 94e0895134SchristosOo Fl Fl server-port= Ns Ar server port Oc Ar principal ... 95e0895134SchristosFor each 96e0895134Schristos.Ar principal , 97e0895134Schristosgenerate a new key for it (creating it if it doesn't already exist), 98e0895134Schristosand put that key in the keytab. 99e0895134Schristos.Pp 100e0895134SchristosIf no 101e0895134Schristos.Ar realm 102e0895134Schristosis specified, the realm to operate on is taken from the first 103e0895134Schristosprincipal. 104e0895134Schristos.It list Oo Fl Fl keys Oc Op Fl Fl timestamp 105e0895134SchristosList the keys stored in the keytab. 106e0895134Schristos.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 107e0895134SchristosOo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ 108e0895134SchristosOo Fl Fl enctype= Ns Ar enctype Oc 109e0895134SchristosRemoves the specified key or keys. Not specifying a 110e0895134Schristos.Ar kvno 111e0895134Schristosremoves keys with any version number. Not specifying an 112e0895134Schristos.Ar enctype 113e0895134Schristosremoves keys of any type. 114e0895134Schristos.It rename Ar from-principal Ar to-principal 115e0895134SchristosRenames all entries in the keytab that match the 116e0895134Schristos.Ar from-principal 117e0895134Schristosto 118e0895134Schristos.Ar to-principal . 119e0895134Schristos.It purge Op Fl Fl age= Ns Ar age 120e0895134SchristosRemoves all old versions of a key for which there is a newer version 121e0895134Schristosthat is at least 122e0895134Schristos.Ar age 123e0895134Schristos(default one week) old. 124e0895134Schristos.El 125e0895134Schristos.Sh SEE ALSO 126e0895134Schristos.Xr kadmin 1 127