xref: /freebsd/crypto/heimdal/admin/ktutil.8 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1.\" Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id: ktutil.8,v 1.19 2003/04/08 20:55:10 lha Exp $
33.\"
34.Dd December 16, 2000
35.Dt KTUTIL 8
36.Os HEIMDAL
37.Sh NAME
38.Nm ktutil
39.Nd manage Kerberos keytabs
40.Sh SYNOPSIS
41.Nm
42.Oo Fl k Ar keytab \*(Ba Xo
43.Fl -keytab= Ns Ar keytab
44.Xc
45.Oc
46.Op Fl v | Fl -verbose
47.Op Fl -version
48.Op Fl h | Fl -help
49.Ar command
50.Op Ar args
51.Sh DESCRIPTION
52.Nm
53is a program for managing keytabs.
54Supported options:
55.Bl -tag -width Ds
56.It Xo
57.Fl v ,
58.Fl -verbose
59.Xc
60Verbose output.
61.El
62.Pp
63.Ar command
64can be one of the following:
65.Bl -tag -width srvconvert
66.It add Xo
67.Op Fl p Ar principal
68.Op Fl -principal= Ns Ar principal
69.Op Fl V Ar kvno
70.Op Fl -kvno= Ns Ar kvno
71.Op Fl e Ar enctype
72.Op Fl -enctype= Ns Ar enctype
73.Op Fl w Ar password
74.Op Fl -password= Ns Ar password
75.Op Fl r
76.Op Fl -random
77.Op Fl s
78.Op Fl -no-salt
79.Xc
80Adds a key to the keytab. Options that are not specified will be
81prompted for. This requires that you know the password of the
82principal to add; if what you really want is to add a new principal to
83the keytab, you should consider the
84.Ar get
85command, which talks to the kadmin server.
86.It change Xo
87.Op Fl r Ar realm
88.Op Fl -realm= Ns Ar realm
89.Op Fl -a Ar host
90.Op Fl -admin-server= Ns Ar host
91.Op Fl -s Ar port
92.Op Fl -server-port= Ns Ar port
93.Xc
94Update one or several keys to new versions.  By default, use the admin
95server for the realm of a keytab entry.  Otherwise it will use the
96values specified by the options.
97.Pp
98If no principals are given, all the ones in the keytab are updated.
99.It copy Xo
100.Ar keytab-src
101.Ar keytab-dest
102.Xc
103Copies all the entries from
104.Ar keytab-src
105to
106.Ar keytab-dest .
107.It get Xo
108.Op Fl p Ar admin principal
109.Op Fl -principal= Ns Ar admin principal
110.Op Fl e Ar enctype
111.Op Fl -enctypes= Ns Ar enctype
112.Op Fl r Ar realm
113.Op Fl -realm= Ns Ar realm
114.Op Fl a Ar admin server
115.Op Fl -admin-server= Ns Ar admin server
116.Op Fl s Ar server port
117.Op Fl -server-port= Ns Ar server port
118.Ar principal ...
119.Xc
120For each
121.Ar principal ,
122generate a new key for it (creating it if it doesn't already exist),
123and put that key in the keytab.
124.Pp
125If no
126.Ar realm
127is specified, the realm to operate on is taken from the first
128principal.
129.It list Xo
130.Op Fl -keys
131.Op Fl -timestamp
132.Xc
133List the keys stored in the keytab.
134.It remove Xo
135.Op Fl p Ar principal
136.Op Fl -principal= Ns Ar principal
137.Op Fl V kvno
138.Op Fl -kvno= Ns Ar kvno
139.Op Fl e enctype
140.Op Fl -enctype= Ns Ar enctype
141.Xc
142Removes the specified key or keys. Not specifying a
143.Ar kvno
144removes keys with any version number. Not specifying an
145.Ar enctype
146removes keys of any type.
147.It rename Xo
148.Ar from-principal
149.Ar to-principal
150.Xc
151Renames all entries in the keytab that match the
152.Ar from-principal
153to
154.Ar to-principal .
155.It purge Xo
156.Op Fl -age= Ns Ar age
157.Xc
158Removes all old entries (for which there is a newer version) that are
159older than
160.Ar age
161(default one week).
162.It srvconvert
163.It srv2keytab Xo
164.Op Fl s Ar srvtab
165.Op Fl -srvtab= Ns Ar srvtab
166.Xc
167Converts the version 4 srvtab in
168.Ar srvtab
169to a version 5 keytab and stores it in
170.Ar keytab .
171Identical to:
172.Bd -ragged -offset indent
173.Li ktutil copy
174.Li krb4: Ns Ar srvtab
175.Ar keytab
176.Ed
177.It srvcreate
178.It key2srvtab Xo
179.Op Fl s Ar srvtab
180.Op Fl -srvtab= Ns Ar srvtab
181.Xc
182Converts the version 5 keytab in
183.Ar keytab
184to a version 4 srvtab and stores it in
185.Ar srvtab .
186Identical to:
187.Bd -ragged -offset indent
188.Li ktutil copy
189.Ar keytab
190.Li krb4: Ns Ar srvtab
191.Ed
192.El
193.Sh SEE ALSO
194.Xr kadmin 8
195