xref: /freebsd/crypto/heimdal/admin/ktutil.8 (revision 9a14aa017b21c292740c00ee098195cd46642730)
1.\" Copyright (c) 1997-2004 Kungliga Tekniska H�gskolan
2.\" (Royal Institute of Technology, Stockholm, Sweden).
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\"
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\"
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\"
16.\" 3. Neither the name of the Institute nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" $Id: ktutil.8 14792 2005-04-14 16:43:57Z lha $
33.\"
34.Dd April 14, 2005
35.Dt KTUTIL 8
36.Os HEIMDAL
37.Sh NAME
38.Nm ktutil
39.Nd manage Kerberos keytabs
40.Sh SYNOPSIS
41.Nm
42.Oo Fl k Ar keytab \*(Ba Xo
43.Fl -keytab= Ns Ar keytab
44.Xc
45.Oc
46.Op Fl v | Fl -verbose
47.Op Fl -version
48.Op Fl h | Fl -help
49.Ar command
50.Op Ar args
51.Sh DESCRIPTION
52.Nm
53is a program for managing keytabs.
54Supported options:
55.Bl -tag -width Ds
56.It Xo
57.Fl v ,
58.Fl -verbose
59.Xc
60Verbose output.
61.El
62.Pp
63.Ar command
64can be one of the following:
65.Bl -tag -width srvconvert
66.It add Xo
67.Op Fl p Ar principal
68.Op Fl -principal= Ns Ar principal
69.Op Fl V Ar kvno
70.Op Fl -kvno= Ns Ar kvno
71.Op Fl e Ar enctype
72.Op Fl -enctype= Ns Ar enctype
73.Op Fl w Ar password
74.Op Fl -password= Ns Ar password
75.Op Fl r
76.Op Fl -random
77.Op Fl s
78.Op Fl -no-salt
79.Op Fl H
80.Op Fl -hex
81.Xc
82Adds a key to the keytab. Options that are not specified will be
83prompted for. This requires that you know the password or the hex key of the
84principal to add; if what you really want is to add a new principal to
85the keytab, you should consider the
86.Ar get
87command, which talks to the kadmin server.
88.It change Xo
89.Op Fl r Ar realm
90.Op Fl -realm= Ns Ar realm
91.Op Fl -a Ar host
92.Op Fl -admin-server= Ns Ar host
93.Op Fl -s Ar port
94.Op Fl -server-port= Ns Ar port
95.Xc
96Update one or several keys to new versions.  By default, use the admin
97server for the realm of a keytab entry.  Otherwise it will use the
98values specified by the options.
99.Pp
100If no principals are given, all the ones in the keytab are updated.
101.It copy Xo
102.Ar keytab-src
103.Ar keytab-dest
104.Xc
105Copies all the entries from
106.Ar keytab-src
107to
108.Ar keytab-dest .
109.It get Xo
110.Op Fl p Ar admin principal
111.Op Fl -principal= Ns Ar admin principal
112.Op Fl e Ar enctype
113.Op Fl -enctypes= Ns Ar enctype
114.Op Fl r Ar realm
115.Op Fl -realm= Ns Ar realm
116.Op Fl a Ar admin server
117.Op Fl -admin-server= Ns Ar admin server
118.Op Fl s Ar server port
119.Op Fl -server-port= Ns Ar server port
120.Ar principal ...
121.Xc
122For each
123.Ar principal ,
124generate a new key for it (creating it if it doesn't already exist),
125and put that key in the keytab.
126.Pp
127If no
128.Ar realm
129is specified, the realm to operate on is taken from the first
130principal.
131.It list Xo
132.Op Fl -keys
133.Op Fl -timestamp
134.Xc
135List the keys stored in the keytab.
136.It remove Xo
137.Op Fl p Ar principal
138.Op Fl -principal= Ns Ar principal
139.Op Fl V kvno
140.Op Fl -kvno= Ns Ar kvno
141.Op Fl e enctype
142.Op Fl -enctype= Ns Ar enctype
143.Xc
144Removes the specified key or keys. Not specifying a
145.Ar kvno
146removes keys with any version number. Not specifying an
147.Ar enctype
148removes keys of any type.
149.It rename Xo
150.Ar from-principal
151.Ar to-principal
152.Xc
153Renames all entries in the keytab that match the
154.Ar from-principal
155to
156.Ar to-principal .
157.It purge Xo
158.Op Fl -age= Ns Ar age
159.Xc
160Removes all old versions of a key for which there is a newer version
161that is at least
162.Ar age
163(default one week) old.
164.It srvconvert
165.It srv2keytab Xo
166.Op Fl s Ar srvtab
167.Op Fl -srvtab= Ns Ar srvtab
168.Xc
169Converts the version 4 srvtab in
170.Ar srvtab
171to a version 5 keytab and stores it in
172.Ar keytab .
173Identical to:
174.Bd -ragged -offset indent
175.Li ktutil copy
176.Li krb4: Ns Ar srvtab
177.Ar keytab
178.Ed
179.It srvcreate
180.It key2srvtab Xo
181.Op Fl s Ar srvtab
182.Op Fl -srvtab= Ns Ar srvtab
183.Xc
184Converts the version 5 keytab in
185.Ar keytab
186to a version 4 srvtab and stores it in
187.Ar srvtab .
188Identical to:
189.Bd -ragged -offset indent
190.Li ktutil copy
191.Ar keytab
192.Li krb4: Ns Ar srvtab
193.Ed
194.El
195.Sh SEE ALSO
196.Xr kadmin 8
197