1*ae771770SStanislav Sedov.\" Copyright (c) 1997-2004 Kungliga Tekniska Högskolan 2bbd80c28SJacques Vidrine.\" (Royal Institute of Technology, Stockholm, Sweden). 3bbd80c28SJacques Vidrine.\" All rights reserved. 4bbd80c28SJacques Vidrine.\" 5bbd80c28SJacques Vidrine.\" Redistribution and use in source and binary forms, with or without 6bbd80c28SJacques Vidrine.\" modification, are permitted provided that the following conditions 7bbd80c28SJacques Vidrine.\" are met: 8bbd80c28SJacques Vidrine.\" 9bbd80c28SJacques Vidrine.\" 1. Redistributions of source code must retain the above copyright 10bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer. 11bbd80c28SJacques Vidrine.\" 12bbd80c28SJacques Vidrine.\" 2. Redistributions in binary form must reproduce the above copyright 13bbd80c28SJacques Vidrine.\" notice, this list of conditions and the following disclaimer in the 14bbd80c28SJacques Vidrine.\" documentation and/or other materials provided with the distribution. 15bbd80c28SJacques Vidrine.\" 16bbd80c28SJacques Vidrine.\" 3. Neither the name of the Institute nor the names of its contributors 17bbd80c28SJacques Vidrine.\" may be used to endorse or promote products derived from this software 18bbd80c28SJacques Vidrine.\" without specific prior written permission. 19bbd80c28SJacques Vidrine.\" 20bbd80c28SJacques Vidrine.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 21bbd80c28SJacques Vidrine.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22bbd80c28SJacques Vidrine.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23bbd80c28SJacques Vidrine.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 24bbd80c28SJacques Vidrine.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25bbd80c28SJacques Vidrine.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26bbd80c28SJacques Vidrine.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27bbd80c28SJacques Vidrine.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28bbd80c28SJacques Vidrine.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29bbd80c28SJacques Vidrine.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30bbd80c28SJacques Vidrine.\" SUCH DAMAGE. 31bbd80c28SJacques Vidrine.\" 32*ae771770SStanislav Sedov.\" $Id$ 33b528cefcSMark Murray.\" 34c19800e8SDoug Rabson.Dd April 14, 2005 35b528cefcSMark Murray.Dt KTUTIL 8 36b528cefcSMark Murray.Os HEIMDAL 37b528cefcSMark Murray.Sh NAME 38b528cefcSMark Murray.Nm ktutil 3945524cd7SAssar Westerlund.Nd manage Kerberos keytabs 40b528cefcSMark Murray.Sh SYNOPSIS 41b528cefcSMark Murray.Nm 425e9cd1aeSAssar Westerlund.Oo Fl k Ar keytab \*(Ba Xo 43*ae771770SStanislav Sedov.Fl Fl keytab= Ns Ar keytab 445e9cd1aeSAssar Westerlund.Xc 455e9cd1aeSAssar Westerlund.Oc 46*ae771770SStanislav Sedov.Op Fl v | Fl Fl verbose 47*ae771770SStanislav Sedov.Op Fl Fl version 48*ae771770SStanislav Sedov.Op Fl h | Fl Fl help 49b528cefcSMark Murray.Ar command 505e9cd1aeSAssar Westerlund.Op Ar args 51b528cefcSMark Murray.Sh DESCRIPTION 52b528cefcSMark Murray.Nm 53b528cefcSMark Murrayis a program for managing keytabs. 54bbd80c28SJacques VidrineSupported options: 55bbd80c28SJacques Vidrine.Bl -tag -width Ds 56*ae771770SStanislav Sedov.It Fl v , Fl Fl verbose 57bbd80c28SJacques VidrineVerbose output. 58bbd80c28SJacques Vidrine.El 59bbd80c28SJacques Vidrine.Pp 60b528cefcSMark Murray.Ar command 61b528cefcSMark Murraycan be one of the following: 624137ff4cSJacques Vidrine.Bl -tag -width srvconvert 63*ae771770SStanislav Sedov.It add Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 64*ae771770SStanislav SedovOo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ 65*ae771770SStanislav SedovOo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ 66*ae771770SStanislav SedovOo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc \ 67*ae771770SStanislav SedovOo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex 68b528cefcSMark MurrayAdds a key to the keytab. Options that are not specified will be 69c19800e8SDoug Rabsonprompted for. This requires that you know the password or the hex key of the 704137ff4cSJacques Vidrineprincipal to add; if what you really want is to add a new principal to 714137ff4cSJacques Vidrinethe keytab, you should consider the 724137ff4cSJacques Vidrine.Ar get 734137ff4cSJacques Vidrinecommand, which talks to the kadmin server. 74*ae771770SStanislav Sedov.It change Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc \ 75*ae771770SStanislav SedovOo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc \ 76*ae771770SStanislav SedovOo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port 77b528cefcSMark MurrayUpdate one or several keys to new versions. By default, use the admin 78bbd80c28SJacques Vidrineserver for the realm of a keytab entry. Otherwise it will use the 79b528cefcSMark Murrayvalues specified by the options. 80b528cefcSMark Murray.Pp 81b528cefcSMark MurrayIf no principals are given, all the ones in the keytab are updated. 82*ae771770SStanislav Sedov.It copy Ar keytab-src Ar keytab-dest 83b528cefcSMark MurrayCopies all the entries from 84b528cefcSMark Murray.Ar keytab-src 85b528cefcSMark Murrayto 86b528cefcSMark Murray.Ar keytab-dest . 87*ae771770SStanislav Sedov.It get Oo Fl p Ar admin principal Oc \ 88*ae771770SStanislav SedovOo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ 89*ae771770SStanislav SedovOo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ 90*ae771770SStanislav SedovOo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ 91*ae771770SStanislav SedovOo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ 92*ae771770SStanislav SedovOo Fl Fl server-port= Ns Ar server port Oc Ar principal ... 934137ff4cSJacques VidrineFor each 944137ff4cSJacques Vidrine.Ar principal , 954137ff4cSJacques Vidrinegenerate a new key for it (creating it if it doesn't already exist), 964137ff4cSJacques Vidrineand put that key in the keytab. 974137ff4cSJacques Vidrine.Pp 984137ff4cSJacques VidrineIf no 994137ff4cSJacques Vidrine.Ar realm 1004137ff4cSJacques Vidrineis specified, the realm to operate on is taken from the first 1014137ff4cSJacques Vidrineprincipal. 102*ae771770SStanislav Sedov.It list Oo Fl Fl keys Oc Op Fl Fl timestamp 103b528cefcSMark MurrayList the keys stored in the keytab. 104*ae771770SStanislav Sedov.It remove Oo Fl p Ar principal Oc Oo Fl Fl principal= Ns Ar principal Oc \ 105*ae771770SStanislav SedovOo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ 106*ae771770SStanislav SedovOo Fl Fl enctype= Ns Ar enctype Oc 107b528cefcSMark MurrayRemoves the specified key or keys. Not specifying a 108b528cefcSMark Murray.Ar kvno 109bbd80c28SJacques Vidrineremoves keys with any version number. Not specifying an 110b528cefcSMark Murray.Ar enctype 111b528cefcSMark Murrayremoves keys of any type. 112*ae771770SStanislav Sedov.It rename Ar from-principal Ar to-principal 1134137ff4cSJacques VidrineRenames all entries in the keytab that match the 1144137ff4cSJacques Vidrine.Ar from-principal 1154137ff4cSJacques Vidrineto 1164137ff4cSJacques Vidrine.Ar to-principal . 117*ae771770SStanislav Sedov.It purge Op Fl Fl age= Ns Ar age 118c19800e8SDoug RabsonRemoves all old versions of a key for which there is a newer version 119c19800e8SDoug Rabsonthat is at least 120b528cefcSMark Murray.Ar age 121c19800e8SDoug Rabson(default one week) old. 122b528cefcSMark Murray.El 123b528cefcSMark Murray.Sh SEE ALSO 124b528cefcSMark Murray.Xr kadmin 8 125