Cradicle Explorer
darling-Heimdal
/ admin / ktutil.8
ktutil.8
  1  .\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
  2  .\" (Royal Institute of Technology, Stockholm, Sweden).
  3  .\" All rights reserved.
  4  .\"
  5  .\" Redistribution and use in source and binary forms, with or without
  6  .\" modification, are permitted provided that the following conditions
  7  .\" are met:
  8  .\"
  9  .\" 1. Redistributions of source code must retain the above copyright
 10  .\"    notice, this list of conditions and the following disclaimer.
 11  .\"
 12  .\" 2. Redistributions in binary form must reproduce the above copyright
 13  .\"    notice, this list of conditions and the following disclaimer in the
 14  .\"    documentation and/or other materials provided with the distribution.
 15  .\"
 16  .\" 3. Neither the name of the Institute nor the names of its contributors
 17  .\"    may be used to endorse or promote products derived from this software
 18  .\"    without specific prior written permission.
 19  .\"
 20  .\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 21  .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22  .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23  .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 24  .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 25  .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 26  .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 27  .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 28  .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 29  .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 30  .\" SUCH DAMAGE.
 31  .\"
 32  .\" $Id$
 33  .\"
 34  .Dd Dec 1, 2014
 35  .Dt KTUTIL 8
 36  .Os HEIMDAL
 37  .Sh NAME
 38  .Nm ktutil
 39  .Nd manage Kerberos keytabs
 40  .Sh SYNOPSIS
 41  .Nm
 42  .Oo Fl k Ar keytab \*(Ba Xo
 43  .Fl Fl keytab= Ns Ar keytab
 44  .Xc
 45  .Oc
 46  .Op Fl v | Fl Fl verbose
 47  .Op Fl Fl version
 48  .Op Fl h | Fl Fl help
 49  .Ar command
 50  .Op Ar args
 51  .Sh DESCRIPTION
 52  .Nm
 53  is a program for managing keytabs.
 54  Supported options:
 55  .Bl -tag -width Ds
 56  .It Fl v , Fl Fl verbose
 57  Verbose output.
 58  .El
 59  .Pp
 60  .Ar command
 61  can be one of the following:
 62  .Bl -tag -width srvconvert
 63  .It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
 64  Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
 65  Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
 66  Oo Fl Fl pw-file= Ns Ar filename Oc \
 67  Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \
 68  Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex
 69  Adds a key to the keytab. Options that are not specified will be
 70  prompted for. This requires that you know the password or the hex key of the
 71  principal to add; if what you really want is to add a new principal to
 72  the keytab, you should consider the
 73  .Ar get
 74  command, which talks to the kadmin server.
 75  .Fl Fl pw-file
 76  can specify either a file with a password, or the string STDIN.  In the
 77  latter case the password is read from stdin.
 78  .It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \
 79  Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \
 80  Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port
 81  Update one or several keys to new versions.  By default, use the admin
 82  server for the realm of a keytab entry.  Otherwise it will use the
 83  values specified by the options.
 84  .Pp
 85  If no principals are given, all the ones in the keytab are updated.
 86  .It copy Oo Fl Fl filter-principal= Ns Ar string Oc
 87  Ar keytab-src Ar keytab-dest
 88  Copies all the entries from
 89  .Ar keytab-src
 90  to
 91  .Ar keytab-dest .
 92  Optionally a princial can be selected as a filter and then just
 93  entries matching that principal is copied out.
 94  The matching applies globing rules on each component (eg
 95  foo*/host.domain@REALM) is a valid filter principal.
 96  .It get Oo Fl p Ar admin principal Oc \
 97  Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
 98  Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
 99  Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
100  Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
101  Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ...
102  For each
103  .Ar principal ,
104  generate a new key for it (creating it if it doesn't already exist),
105  and put that key in the keytab.
106  .Pp
107  If no
108  .Ar realm
109  is specified, the realm to operate on is taken from the first
110  principal.
111  .It list Oo Fl Fl keys Oc Op Fl Fl timestamp
112  List the keys stored in the keytab.
113  .It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \
114  Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
115  Oo Fl Fl enctype= Ns Ar enctype Oc
116  Removes the specified key or keys. Not specifying a
117  .Ar kvno
118  removes keys with any version number. Not specifying an
119  .Ar enctype
120  removes keys of any type.
121  .It rename Ar from-principal Ar to-principal
122  Renames all entries in the keytab that match the
123  .Ar from-principal
124  to
125  .Ar to-principal .
126  .It purge Op Fl Fl age= Ns Ar age
127  Removes all old versions of a key for which there is a newer version
128  that is at least
129  .Ar age
130  (default one week) old.
131  .El
132  .Sh SEE ALSO
133  .Xr kadmin 8