1c19800e8SDoug Rabson/* 2*ae771770SStanislav Sedov * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden). 4c19800e8SDoug Rabson * All rights reserved. 5c19800e8SDoug Rabson * 6c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 7c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 8c19800e8SDoug Rabson * are met: 9c19800e8SDoug Rabson * 10c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 11c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 12c19800e8SDoug Rabson * 13c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 15c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 16c19800e8SDoug Rabson * 17c19800e8SDoug Rabson * 3. Neither the name of the Institute nor the names of its contributors 18c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software 19c19800e8SDoug Rabson * without specific prior written permission. 20c19800e8SDoug Rabson * 21c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31c19800e8SDoug Rabson * SUCH DAMAGE. 32c19800e8SDoug Rabson */ 33*ae771770SStanislav Sedov/* $Id$ */ 34c19800e8SDoug Rabson 35c19800e8SDoug Rabsoncommand = { 36c19800e8SDoug Rabson name = "stash" 37c19800e8SDoug Rabson name = "kstash" 38c19800e8SDoug Rabson option = { 39c19800e8SDoug Rabson long = "enctype" 40c19800e8SDoug Rabson short = "e" 41c19800e8SDoug Rabson type = "string" 42c19800e8SDoug Rabson help = "encryption type" 43c19800e8SDoug Rabson default = "des3-cbc-sha1" 44c19800e8SDoug Rabson } 45c19800e8SDoug Rabson option = { 46c19800e8SDoug Rabson long = "key-file" 47c19800e8SDoug Rabson short = "k" 48c19800e8SDoug Rabson type = "string" 49c19800e8SDoug Rabson argument = "file" 50c19800e8SDoug Rabson help = "master key file" 51c19800e8SDoug Rabson } 52c19800e8SDoug Rabson option = { 53c19800e8SDoug Rabson long = "convert-file" 54c19800e8SDoug Rabson type = "flag" 55c19800e8SDoug Rabson help = "just convert keyfile to new format" 56c19800e8SDoug Rabson } 57c19800e8SDoug Rabson option = { 58*ae771770SStanislav Sedov long = "random-password" 59*ae771770SStanislav Sedov type = "flag" 60*ae771770SStanislav Sedov help = "use a random password (and print the password to stdout)" 61*ae771770SStanislav Sedov } 62*ae771770SStanislav Sedov option = { 63c19800e8SDoug Rabson long = "master-key-fd" 64c19800e8SDoug Rabson type = "integer" 65c19800e8SDoug Rabson argument = "fd" 66c19800e8SDoug Rabson help = "filedescriptor to read passphrase from" 67c19800e8SDoug Rabson default = "-1" 68c19800e8SDoug Rabson } 69c19800e8SDoug Rabson help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 70c19800e8SDoug Rabson} 71c19800e8SDoug Rabsoncommand = { 72c19800e8SDoug Rabson name = "dump" 73c19800e8SDoug Rabson option = { 74c19800e8SDoug Rabson long = "decrypt" 75c19800e8SDoug Rabson short = "d" 76c19800e8SDoug Rabson type = "flag" 77c19800e8SDoug Rabson help = "decrypt keys" 78c19800e8SDoug Rabson } 79c19800e8SDoug Rabson argument = "[dump-file]" 80c19800e8SDoug Rabson min_args = "0" 81c19800e8SDoug Rabson max_args = "1" 82c19800e8SDoug Rabson help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 83c19800e8SDoug Rabson} 84c19800e8SDoug Rabson 85c19800e8SDoug Rabsoncommand = { 86c19800e8SDoug Rabson name = "init" 87c19800e8SDoug Rabson option = { 88c19800e8SDoug Rabson long = "realm-max-ticket-life" 89c19800e8SDoug Rabson type = "string" 90c19800e8SDoug Rabson help = "realm max ticket lifetime" 91c19800e8SDoug Rabson } 92c19800e8SDoug Rabson option = { 93c19800e8SDoug Rabson long = "realm-max-renewable-life" 94c19800e8SDoug Rabson type = "string" 95c19800e8SDoug Rabson help = "realm max renewable lifetime" 96c19800e8SDoug Rabson } 97*ae771770SStanislav Sedov option = { 98*ae771770SStanislav Sedov long = "bare" 99*ae771770SStanislav Sedov type = "flag" 100*ae771770SStanislav Sedov help = "only create krbtgt for realm" 101*ae771770SStanislav Sedov } 102c19800e8SDoug Rabson argument = "realm..." 103c19800e8SDoug Rabson min_args = "1" 104c19800e8SDoug Rabson help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 105c19800e8SDoug Rabson} 106c19800e8SDoug Rabsoncommand = { 107c19800e8SDoug Rabson name = "load" 108c19800e8SDoug Rabson argument = "file" 109c19800e8SDoug Rabson min_args = "1" 110c19800e8SDoug Rabson max_args = "1" 111c19800e8SDoug Rabson help = "Loads a previously dumped file. Local (-l) mode only." 112c19800e8SDoug Rabson} 113c19800e8SDoug Rabsoncommand = { 114c19800e8SDoug Rabson name = "merge" 115c19800e8SDoug Rabson argument = "file" 116c19800e8SDoug Rabson min_args = "1" 117c19800e8SDoug Rabson max_args = "1" 118c19800e8SDoug Rabson help = "Merges the contents of a dump file into the database. Local (-l) mode only." 119c19800e8SDoug Rabson} 120c19800e8SDoug Rabsoncommand = { 121c19800e8SDoug Rabson name = "add" 122c19800e8SDoug Rabson name = "ank" 123c19800e8SDoug Rabson name = "add_new_key" 124c19800e8SDoug Rabson function = "add_new_key" 125c19800e8SDoug Rabson option = { 126c19800e8SDoug Rabson long = "random-key" 127c19800e8SDoug Rabson short = "r" 128c19800e8SDoug Rabson type = "flag" 129c19800e8SDoug Rabson help = "set random key" 130c19800e8SDoug Rabson } 131c19800e8SDoug Rabson option = { 132c19800e8SDoug Rabson long = "random-password" 133c19800e8SDoug Rabson type = "flag" 134c19800e8SDoug Rabson help = "set random password" 135c19800e8SDoug Rabson } 136c19800e8SDoug Rabson option = { 137c19800e8SDoug Rabson long = "password" 138c19800e8SDoug Rabson short = "p" 139c19800e8SDoug Rabson type = "string" 140c19800e8SDoug Rabson help = "principal's password" 141c19800e8SDoug Rabson } 142c19800e8SDoug Rabson option = { 143c19800e8SDoug Rabson long = "key" 144c19800e8SDoug Rabson type = "string" 145c19800e8SDoug Rabson help = "DES-key in hex" 146c19800e8SDoug Rabson } 147c19800e8SDoug Rabson option = { 148c19800e8SDoug Rabson long = "max-ticket-life" 149c19800e8SDoug Rabson type = "string" 150c19800e8SDoug Rabson argument ="lifetime" 151c19800e8SDoug Rabson help = "max ticket lifetime" 152c19800e8SDoug Rabson } 153c19800e8SDoug Rabson option = { 154c19800e8SDoug Rabson long = "max-renewable-life" 155c19800e8SDoug Rabson type = "string" 156c19800e8SDoug Rabson argument = "lifetime" 157c19800e8SDoug Rabson help = "max renewable life" 158c19800e8SDoug Rabson } 159c19800e8SDoug Rabson option = { 160c19800e8SDoug Rabson long = "attributes" 161c19800e8SDoug Rabson type = "string" 162c19800e8SDoug Rabson argument = "attributes" 163c19800e8SDoug Rabson help = "principal attributes" 164c19800e8SDoug Rabson } 165c19800e8SDoug Rabson option = { 166c19800e8SDoug Rabson long = "expiration-time" 167c19800e8SDoug Rabson type = "string" 168c19800e8SDoug Rabson argument = "time" 169c19800e8SDoug Rabson help = "principal expiration time" 170c19800e8SDoug Rabson } 171c19800e8SDoug Rabson option = { 172c19800e8SDoug Rabson long = "pw-expiration-time" 173c19800e8SDoug Rabson type = "string" 174c19800e8SDoug Rabson argument = "time" 175c19800e8SDoug Rabson help = "password expiration time" 176c19800e8SDoug Rabson } 177c19800e8SDoug Rabson option = { 178c19800e8SDoug Rabson long = "use-defaults" 179c19800e8SDoug Rabson type = "flag" 180c19800e8SDoug Rabson help = "use default values" 181c19800e8SDoug Rabson } 182c19800e8SDoug Rabson argument = "principal..." 183c19800e8SDoug Rabson min_args = "1" 184c19800e8SDoug Rabson help = "Adds a principal to the database." 185c19800e8SDoug Rabson} 186c19800e8SDoug Rabsoncommand = { 187c19800e8SDoug Rabson name = "passwd" 188c19800e8SDoug Rabson name = "cpw" 189c19800e8SDoug Rabson name = "change_password" 190c19800e8SDoug Rabson function = "cpw_entry" 191c19800e8SDoug Rabson option = { 192c19800e8SDoug Rabson long = "random-key" 193c19800e8SDoug Rabson short = "r" 194c19800e8SDoug Rabson type = "flag" 195c19800e8SDoug Rabson help = "set random key" 196c19800e8SDoug Rabson } 197c19800e8SDoug Rabson option = { 198c19800e8SDoug Rabson long = "random-password" 199c19800e8SDoug Rabson type = "flag" 200c19800e8SDoug Rabson help = "set random password" 201c19800e8SDoug Rabson } 202c19800e8SDoug Rabson option = { 203c19800e8SDoug Rabson long = "password" 204c19800e8SDoug Rabson short = "p" 205c19800e8SDoug Rabson type = "string" 206c19800e8SDoug Rabson help = "princial's password" 207c19800e8SDoug Rabson } 208c19800e8SDoug Rabson option = { 209c19800e8SDoug Rabson long = "key" 210c19800e8SDoug Rabson type = "string" 211c19800e8SDoug Rabson help = "DES key in hex" 212c19800e8SDoug Rabson } 213c19800e8SDoug Rabson argument = "principal..." 214c19800e8SDoug Rabson min_args = "1" 215c19800e8SDoug Rabson help = "Changes the password of one or more principals matching the expressions." 216c19800e8SDoug Rabson} 217c19800e8SDoug Rabsoncommand = { 218c19800e8SDoug Rabson name = "delete" 219c19800e8SDoug Rabson name = "del" 220c19800e8SDoug Rabson name = "del_entry" 221c19800e8SDoug Rabson function = "del_entry" 222c19800e8SDoug Rabson argument = "principal..." 223c19800e8SDoug Rabson min_args = "1" 224c19800e8SDoug Rabson help = "Deletes all principals matching the expressions." 225c19800e8SDoug Rabson} 226c19800e8SDoug Rabsoncommand = { 227c19800e8SDoug Rabson name = "del_enctype" 228c19800e8SDoug Rabson argument = "principal enctype..." 229c19800e8SDoug Rabson min_args = "2" 230c19800e8SDoug Rabson help = "Delete all the mentioned enctypes for principal." 231c19800e8SDoug Rabson} 232c19800e8SDoug Rabsoncommand = { 233c19800e8SDoug Rabson name = "add_enctype" 234c19800e8SDoug Rabson option = { 235c19800e8SDoug Rabson long = "random-key" 236c19800e8SDoug Rabson short = "r" 237c19800e8SDoug Rabson type = "flag" 238c19800e8SDoug Rabson help = "set random key" 239c19800e8SDoug Rabson } 240c19800e8SDoug Rabson argument = "principal enctype..." 241c19800e8SDoug Rabson min_args = "2" 242c19800e8SDoug Rabson help = "Add new enctypes for principal." 243c19800e8SDoug Rabson} 244c19800e8SDoug Rabsoncommand = { 245c19800e8SDoug Rabson name = "ext_keytab" 246c19800e8SDoug Rabson option = { 247c19800e8SDoug Rabson long = "keytab" 248c19800e8SDoug Rabson short = "k" 249c19800e8SDoug Rabson type = "string" 250c19800e8SDoug Rabson help = "keytab to use" 251c19800e8SDoug Rabson } 252c19800e8SDoug Rabson argument = "principal..." 253c19800e8SDoug Rabson min_args = "1" 254c19800e8SDoug Rabson help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 255c19800e8SDoug Rabson} 256c19800e8SDoug Rabsoncommand = { 257c19800e8SDoug Rabson name = "get" 258c19800e8SDoug Rabson name = "get_entry" 259c19800e8SDoug Rabson function = "get_entry" 260c19800e8SDoug Rabson /* XXX sync options with "list" */ 261c19800e8SDoug Rabson option = { 262c19800e8SDoug Rabson long = "long" 263c19800e8SDoug Rabson short = "l" 264c19800e8SDoug Rabson type = "flag" 265c19800e8SDoug Rabson help = "long format" 266c19800e8SDoug Rabson default = "-1" 267c19800e8SDoug Rabson } 268c19800e8SDoug Rabson option = { 269c19800e8SDoug Rabson long = "short" 270c19800e8SDoug Rabson short = "s" 271c19800e8SDoug Rabson type = "flag" 272c19800e8SDoug Rabson help = "short format" 273c19800e8SDoug Rabson } 274c19800e8SDoug Rabson option = { 275c19800e8SDoug Rabson long = "terse" 276c19800e8SDoug Rabson short = "t" 277c19800e8SDoug Rabson type = "flag" 278c19800e8SDoug Rabson help = "terse format" 279c19800e8SDoug Rabson } 280c19800e8SDoug Rabson option = { 281c19800e8SDoug Rabson long = "column-info" 282c19800e8SDoug Rabson short = "o" 283c19800e8SDoug Rabson type = "string" 284c19800e8SDoug Rabson help = "columns to print for short output" 285c19800e8SDoug Rabson } 286c19800e8SDoug Rabson argument = "principal..." 287c19800e8SDoug Rabson min_args = "1" 288c19800e8SDoug Rabson help = "Shows information about principals matching the expressions." 289c19800e8SDoug Rabson} 290c19800e8SDoug Rabsoncommand = { 291c19800e8SDoug Rabson name = "rename" 292c19800e8SDoug Rabson function = "rename_entry" 293c19800e8SDoug Rabson argument = "from to" 294c19800e8SDoug Rabson min_args = "2" 295c19800e8SDoug Rabson max_args = "2" 296c19800e8SDoug Rabson help = "Renames a principal." 297c19800e8SDoug Rabson} 298c19800e8SDoug Rabsoncommand = { 299c19800e8SDoug Rabson name = "modify" 300c19800e8SDoug Rabson function = "mod_entry" 301c19800e8SDoug Rabson option = { 302c19800e8SDoug Rabson long = "max-ticket-life" 303c19800e8SDoug Rabson type = "string" 304c19800e8SDoug Rabson argument ="lifetime" 305c19800e8SDoug Rabson help = "max ticket lifetime" 306c19800e8SDoug Rabson } 307c19800e8SDoug Rabson option = { 308c19800e8SDoug Rabson long = "max-renewable-life" 309c19800e8SDoug Rabson type = "string" 310c19800e8SDoug Rabson argument = "lifetime" 311c19800e8SDoug Rabson help = "max renewable life" 312c19800e8SDoug Rabson } 313c19800e8SDoug Rabson option = { 314c19800e8SDoug Rabson long = "attributes" 315c19800e8SDoug Rabson short = "a" 316c19800e8SDoug Rabson type = "string" 317c19800e8SDoug Rabson argument = "attributes" 318c19800e8SDoug Rabson help = "principal attributes" 319c19800e8SDoug Rabson } 320c19800e8SDoug Rabson option = { 321c19800e8SDoug Rabson long = "expiration-time" 322c19800e8SDoug Rabson type = "string" 323c19800e8SDoug Rabson argument = "time" 324c19800e8SDoug Rabson help = "principal expiration time" 325c19800e8SDoug Rabson } 326c19800e8SDoug Rabson option = { 327c19800e8SDoug Rabson long = "pw-expiration-time" 328c19800e8SDoug Rabson type = "string" 329c19800e8SDoug Rabson argument = "time" 330c19800e8SDoug Rabson help = "password expiration time" 331c19800e8SDoug Rabson } 332c19800e8SDoug Rabson option = { 333c19800e8SDoug Rabson long = "kvno" 334c19800e8SDoug Rabson type = "integer" 335c19800e8SDoug Rabson help = "key version number" 336c19800e8SDoug Rabson default = "-1" 337c19800e8SDoug Rabson } 338c19800e8SDoug Rabson option = { 339c19800e8SDoug Rabson long = "constrained-delegation" 340c19800e8SDoug Rabson type = "strings" 341c19800e8SDoug Rabson argument = "principal" 342c19800e8SDoug Rabson help = "allowed target principals" 343c19800e8SDoug Rabson } 344c19800e8SDoug Rabson option = { 345c19800e8SDoug Rabson long = "alias" 346c19800e8SDoug Rabson type = "strings" 347c19800e8SDoug Rabson argument = "principal" 348c19800e8SDoug Rabson help = "aliases" 349c19800e8SDoug Rabson } 350c19800e8SDoug Rabson option = { 351c19800e8SDoug Rabson long = "pkinit-acl" 352c19800e8SDoug Rabson type = "strings" 353c19800e8SDoug Rabson argument = "subject dn" 354c19800e8SDoug Rabson help = "aliases" 355c19800e8SDoug Rabson } 356c19800e8SDoug Rabson argument = "principal" 357c19800e8SDoug Rabson min_args = "1" 358c19800e8SDoug Rabson max_args = "1" 359c19800e8SDoug Rabson help = "Modifies some attributes of the specified principal." 360c19800e8SDoug Rabson} 361c19800e8SDoug Rabsoncommand = { 362c19800e8SDoug Rabson name = "privileges" 363c19800e8SDoug Rabson name = "privs" 364c19800e8SDoug Rabson function = "get_privs" 365c19800e8SDoug Rabson help = "Shows which operations you are allowed to perform." 366c19800e8SDoug Rabson} 367c19800e8SDoug Rabsoncommand = { 368c19800e8SDoug Rabson name = "list" 369c19800e8SDoug Rabson function = "list_princs" 370c19800e8SDoug Rabson /* XXX sync options with "get" */ 371c19800e8SDoug Rabson option = { 372c19800e8SDoug Rabson long = "long" 373c19800e8SDoug Rabson short = "l" 374c19800e8SDoug Rabson type = "flag" 375c19800e8SDoug Rabson help = "long format" 376c19800e8SDoug Rabson } 377c19800e8SDoug Rabson option = { 378c19800e8SDoug Rabson long = "short" 379c19800e8SDoug Rabson short = "s" 380c19800e8SDoug Rabson type = "flag" 381c19800e8SDoug Rabson help = "short format" 382c19800e8SDoug Rabson } 383c19800e8SDoug Rabson option = { 384c19800e8SDoug Rabson long = "terse" 385c19800e8SDoug Rabson short = "t" 386c19800e8SDoug Rabson type = "flag" 387c19800e8SDoug Rabson help = "terse format" 388c19800e8SDoug Rabson default = "-1" 389c19800e8SDoug Rabson } 390c19800e8SDoug Rabson option = { 391c19800e8SDoug Rabson long = "column-info" 392c19800e8SDoug Rabson short = "o" 393c19800e8SDoug Rabson type = "string" 394c19800e8SDoug Rabson help = "columns to print for short output" 395c19800e8SDoug Rabson } 396c19800e8SDoug Rabson argument = "principal..." 397c19800e8SDoug Rabson min_args = "1" 398c19800e8SDoug Rabson help = "Lists principals in a terse format. Equivalent to \"get -t\"." 399c19800e8SDoug Rabson} 400c19800e8SDoug Rabsoncommand = { 401c19800e8SDoug Rabson name = "verify-password-quality" 402c19800e8SDoug Rabson name = "pwq" 403c19800e8SDoug Rabson function = "password_quality" 404c19800e8SDoug Rabson argument = "principal password" 405c19800e8SDoug Rabson min_args = "2" 406c19800e8SDoug Rabson max_args = "2" 407c19800e8SDoug Rabson help = "Try run the password quality function locally (not doing RPC out to server)." 408c19800e8SDoug Rabson} 409c19800e8SDoug Rabsoncommand = { 410c19800e8SDoug Rabson name = "check" 411c19800e8SDoug Rabson function = "check" 412c19800e8SDoug Rabson argument = "[realm]" 413c19800e8SDoug Rabson min_args = "0" 414c19800e8SDoug Rabson max_args = "1" 415c19800e8SDoug Rabson help = "Check the realm (if not given, the default realm) for configuration errors." 416c19800e8SDoug Rabson} 417c19800e8SDoug Rabsoncommand = { 418c19800e8SDoug Rabson name = "help" 419c19800e8SDoug Rabson name = "?" 420c19800e8SDoug Rabson argument = "[command]" 421c19800e8SDoug Rabson min_args = "0" 422c19800e8SDoug Rabson max_args = "1" 423c19800e8SDoug Rabson help = "Help! I need somebody." 424c19800e8SDoug Rabson} 425c19800e8SDoug Rabsoncommand = { 426c19800e8SDoug Rabson name = "exit" 427c19800e8SDoug Rabson name = "quit" 428c19800e8SDoug Rabson function = "exit_kadmin" 429c19800e8SDoug Rabson help = "Quits." 430c19800e8SDoug Rabson} 431