kdb5_util.man - OpenGrok cross reference for /freebsd/crypto/krb5/src/man/kdb5

Lines Matching +full:master +full:- +full:level
4 .nr rst2man-indent-level 0
7 \\$1 \\n[an-margin]
8 level \\n[rst2man-indent-level]
9 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
10 -
11 \\n[rst2man-indent0]
12 \\n[rst2man-indent1]
13 \\n[rst2man-indent2]
18 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
19 . nr rst2man-indent-level +1
24 .\" indent \\n[an-margin]
25 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
26 .nr rst2man-indent-level -1
27 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
32 kdb5_util \- Kerberos database maintenance utility
36 [\fB\-r\fP \fIrealm\fP]
37 [\fB\-d\fP \fIdbname\fP]
38 [\fB\-k\fP \fImkeytype\fP]
39 [\fB\-kv\fP \fImkeyVNO\fP]
40 [\fB\-M\fP \fImkeyname\fP]
41 [\fB\-m\fP]
42 [\fB\-sf\fP \fIstashfilename\fP]
43 [\fB\-P\fP \fIpassword\fP]
44 [\fB\-x\fP \fIdb_args\fP]
50 or loaded from ASCII files.  kdb5_util can create a Kerberos master
51 key stash file or perform live rollover of the master key.
53 When kdb5_util is run, it attempts to acquire the master key and open
60 .SH COMMAND-LINE OPTIONS
63 \fB\-r\fP \fIrealm\fP
66 \fB\-d\fP \fIdbname\fP
72 \fB\-k\fP \fImkeytype\fP
73 specifies the key type of the master key in the database.  The
77 \fB\-kv\fP \fImkeyVNO\fP
78 Specifies the version number of the master key in the database;
81 \fB\-M\fP \fImkeyname\fP
82 principal name for the master key in the database.  If not
86 \fB\-m\fP
87 specifies that the master database password should be read from
90 \fB\-sf\fP \fIstash_file\fP
91 specifies the stash filename of the master database password.  If
95 \fB\-P\fP \fIpassword\fP
96 specifies the master database password.  Using this option may
100 \fB\-x\fP \fIdb_args\fP
101 specifies database\-specific options.  See \fI\%kadmin\fP for
108 \fBcreate\fP [\fB\-s\fP]
112 Creates a new database.  If the \fB\-s\fP option is specified, the stash
119 \fBdestroy\fP [\fB\-f\fP]
125 the \fB\-f\fP argument, does not prompt the user.
129 \fBstash\fP [\fB\-f\fP \fIkeyfile\fP]
133 Stores the master principal\(aqs keys in a stash file.  The \fB\-f\fP
139 \fBdump\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP]
140 [\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP
141 \fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP
149 \(dq\-\(dq, the dump is sent to standard output.  Options:
152 \fB\-b7\fP
157 \fB\-r13\fP
162 \fB\-r18\fP
167 \fB\-verbose\fP
171 \fB\-mkey_convert\fP
172 prompts for a new master key.  This new master key will be used to
173 re\-encrypt principal key data in the dumpfile.  The principal keys
176 \fB\-new_mkey_file\fP \fImkey_file\fP
177 the filename of a stash file.  The master key in this stash file
178 will be used to re\-encrypt the key data in the dumpfile.  The key
181 \fB\-rev\fP
185 \fB\-recurse\fP
190 than the \fB\-rev\fP option will.
192 Changed in version 1.15: Release 1.15 restored the functionality of the \fB\-recurse\fP
196 Changed in version 1.5: The \fB\-recurse\fP option ceased working until release 1.15,
203 \fBload\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP] [\fB\-hash\fP]
204 [\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP
211 the \fB\-update\fP option is given, \fBload\fP creates a new database
214 database module, the \fB\-update\fP flag is required.
219 \fB\-b7\fP
224 \fB\-r13\fP
229 \fB\-r18\fP
234 \fB\-hash\fP
241 \fB\-verbose\fP
245 \fB\-update\fP
254 \fBark\fP [\fB\-e\fP \fIenc\fP:\fIsalt\fP,...] \fIprincipal\fP
260 preserved.  The \fB\-e\fP option specifies the list of encryption and
265 \fBadd_mkey\fP [\fB\-e\fP \fIetype\fP] [\fB\-s\fP]
269 Adds a new master key to the master key principal, but does not mark
270 it as active.  Existing master keys will remain.  The \fB\-e\fP option
271 specifies the encryption type of the new master key; see
273 values.  The \fB\-s\fP option stashes the new master key in the stash
276 After a new master key is added, it should be propagated to replica
288 Sets the activation time of the master key specified by \fImkeyVNO\fP\&.
289 Once a master key becomes active, it will be used to encrypt newly
291 time is used, causing the specified master key version to become
294 After a new master key becomes active, the kdb5_util
296 principal keys to be encrypted in the new master key.
304 List all master keys, from most recent to earliest, in the master key
307 \fB*\fP following an mkey denotes the currently active master key.
311 \fBpurge_mkeys\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP]
315 Delete master keys from the master key principal that are not used to
316 protect any principals.  This command can be used to remove old master
317 keys all principal keys are protected by a newer master key.
320 \fB\-f\fP
323 \fB\-n\fP
324 performs a dry run, showing master keys that would be purged, but
327 \fB\-v\fP
333 \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP]
334 [\fIprinc\-pattern\fP]
339 \fIprinc\-pattern\fP glob pattern) to re\-encrypt the key data using the
340 active database master key, if they are encrypted using a different
342 updated.  If the \fB\-f\fP option is not given, ask for confirmation
343 before starting to make changes.  The \fB\-v\fP option causes each
345 needed updating or not.  The \fB\-n\fP option performs a dry run, only
350 \fBtabdump\fP [\fB\-H\fP] [\fB\-c\fP] [\fB\-e\fP] [\fB\-n\fP] [\fB\-o\fP \fIoutfile\fP]
357 importing into relational databases.  The data format is tab\-separated
358 (default), or optionally comma\-separated (CSV), with a fixed number of
360 unless suppression is requested using the \fB\-H\fP option.
368 \fB\-H\fP
371 \fB\-c\fP
373 instead of the default tab\-separated (unquoted, unescaped) format
375 \fB\-e\fP
377 as \(dq\-1\(dq.
379 \fB\-n\fP
384 \fB\-o\fP \fIoutfile\fP
405 (which is still encrypted in the master key)
436 numbers if the \fB\-n\fP option is specified, and all flag positions
437 are printed regardless of whether or not they are set.  If \fB\-n\fP
490 key version number of the master key that encrypts this
513 per\-principal ticket policy data, including maximum ticket
539 $ kdb5_util tabdump \-o keyinfo.txt keyinfo
542 K/M@EXAMPLE.COM     0       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
543 foo@EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
544 bar@EXAMPLE.COM     0       1       aes128\-cts\-hmac\-sha1\-96 normal  \-1
548 sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq;
549 K/M@EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
551 $ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt
552 K/M@EXAMPLE.COM     1       1       aes256\-cts\-hmac\-sha384\-192      normal  \-1
566 1985-2025, MIT