1.\" $Id: ktutil.8,v 1.14 2001/07/23 14:47:31 joda Exp $ 2.\" 3.Dd December 16, 2000 4.Dt KTUTIL 8 5.Os HEIMDAL 6.Sh NAME 7.Nm ktutil 8.Nd manage Kerberos keytabs 9.Sh SYNOPSIS 10.Nm 11.Oo Fl k Ar keytab \*(Ba Xo 12.Fl -keytab= Ns Ar keytab 13.Xc 14.Oc 15.Op Fl v | Fl -verbose 16.Op Fl -version 17.Op Fl h | Fl -help 18.Ar command 19.Op Ar args 20.Sh DESCRIPTION 21.Nm 22is a program for managing keytabs. 23.Ar command 24can be one of the following: 25.Bl -tag -width srvconvert 26.It add Xo 27.Op Fl p Ar principal 28.Op Fl -principal= Ns Ar principal 29.Op Fl V Ar kvno 30.Op Fl -kvno= Ns Ar kvno 31.Op Fl e Ar encype 32.Op Fl -enctype= Ns Ar enctype 33.Op Fl w Ar password 34.Op Fl -password= Ns Ar password 35.Op Fl r 36.Op Fl -random 37.Op Fl s 38.Op Fl -no-salt 39.Xc 40Adds a key to the keytab. Options that are not specified will be 41prompted for. This requires that you know the password of the 42principal to add; if what you really want is to add a new principal to 43the keytab, you should consider the 44.Ar get 45command, which talks to the kadmin server. 46.It change Xo 47.Op Fl r Ar realm 48.Op Fl -realm= Ns Ar realm 49.Op Fl -a Ar host 50.Op Fl -admin-server= Ns Ar host 51.Op Fl -s Ar port 52.Op Fl -server-port= Ns Ar port 53.Xc 54Update one or several keys to new versions. By default, use the admin 55server for the realm of an keytab entry. Otherwise it will use the 56values specified by the options. 57.Pp 58If no principals are given, all the ones in the keytab are updated. 59.It copy Xo 60.Ar keytab-src 61.Ar keytab-dest 62.Xc 63Copies all the entries from 64.Ar keytab-src 65to 66.Ar keytab-dest . 67.It get Xo 68.Op Fl p Ar admin principal 69.Op Fl -principal= Ns Ar admin principal 70.Op Fl e Ar enctype 71.Op Fl -enctypes= Ns Ar enctype 72.Op Fl r Ar realm 73.Op Fl -realm= Ns Ar realm 74.Op Fl a Ar admin server 75.Op Fl -admin-server= Ns Ar admin server 76.Op Fl s Ar server port 77.Op Fl -server-port= Ns Ar server port 78.Ar principal ... 79.Xc 80For each 81.Ar principal , 82generate a new key for it (creating it if it doesn't already exist), 83and put that key in the keytab. 84.Pp 85If no 86.Ar realm 87is specified, the realm to operate on is taken from the first 88principal. 89.It list Xo 90.Op Fl -keys 91.Op Fl -timestamp 92.Xc 93List the keys stored in the keytab. 94.It remove Xo 95.Op Fl p Ar principal 96.Op Fl -principal= Ns Ar principal 97.Op Fl V kvno 98.Op Fl -kvno= Ns Ar kvno 99.Op Fl e enctype 100.Op Fl -enctype= Ns Ar enctype 101.Xc 102Removes the specified key or keys. Not specifying a 103.Ar kvno 104removes keys with any version number. Not specifying a 105.Ar enctype 106removes keys of any type. 107.It rename Xo 108.Ar from-principal 109.Ar to-principal 110.Xc 111Renames all entries in the keytab that match the 112.Ar from-principal 113to 114.Ar to-principal . 115.It purge Xo 116.Op Fl -age= Ns Ar age 117.Xc 118Removes all old entries (for which there is a newer version) that are 119older than 120.Ar age 121(default one week). 122.It srvconvert 123.It srv2keytab Xo 124.Op Fl s Ar srvtab 125.Op Fl -srvtab= Ns Ar srvtab 126.Xc 127Converts the version 4 srvtab in 128.Ar srvtab 129to a version 5 keytab and stores it in 130.Ar keytab . 131Identical to: 132.Bd -ragged -offset indent 133.Li ktutil copy 134.Li krb4: Ns Ar srvtab 135.Ar keytab 136.Ed 137.It srvcreate 138.It key2srvtab Xo 139.Op Fl s Ar srvtab 140.Op Fl -srvtab= Ns Ar srvtab 141.Xc 142Converts the version 5 keytab in 143.Ar keytab 144to a version 4 srvtab and stores it in 145.Ar srvtab . 146Identical to: 147.Bd -ragged -offset indent 148.Li ktutil copy 149.Ar keytab 150.Li krb4: Ns Ar srvtab 151.Ed 152.El 153.Sh SEE ALSO 154.Xr kadmin 8 155