1c19800e8SDoug Rabson/* 2c19800e8SDoug Rabson * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan 3c19800e8SDoug Rabson * (Royal Institute of Technology, Stockholm, Sweden). 4c19800e8SDoug Rabson * All rights reserved. 5c19800e8SDoug Rabson * 6c19800e8SDoug Rabson * Redistribution and use in source and binary forms, with or without 7c19800e8SDoug Rabson * modification, are permitted provided that the following conditions 8c19800e8SDoug Rabson * are met: 9c19800e8SDoug Rabson * 10c19800e8SDoug Rabson * 1. Redistributions of source code must retain the above copyright 11c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer. 12c19800e8SDoug Rabson * 13c19800e8SDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 14c19800e8SDoug Rabson * notice, this list of conditions and the following disclaimer in the 15c19800e8SDoug Rabson * documentation and/or other materials provided with the distribution. 16c19800e8SDoug Rabson * 17c19800e8SDoug Rabson * 3. Neither the name of the Institute nor the names of its contributors 18c19800e8SDoug Rabson * may be used to endorse or promote products derived from this software 19c19800e8SDoug Rabson * without specific prior written permission. 20c19800e8SDoug Rabson * 21c19800e8SDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22c19800e8SDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23c19800e8SDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24c19800e8SDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25c19800e8SDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26c19800e8SDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27c19800e8SDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28c19800e8SDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29c19800e8SDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30c19800e8SDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31c19800e8SDoug Rabson * SUCH DAMAGE. 32c19800e8SDoug Rabson */ 33c19800e8SDoug Rabson/* $Id: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $ */ 34c19800e8SDoug Rabson 35c19800e8SDoug Rabsoncommand = { 36c19800e8SDoug Rabson name = "stash" 37c19800e8SDoug Rabson name = "kstash" 38c19800e8SDoug Rabson option = { 39c19800e8SDoug Rabson long = "enctype" 40c19800e8SDoug Rabson short = "e" 41c19800e8SDoug Rabson type = "string" 42c19800e8SDoug Rabson help = "encryption type" 43c19800e8SDoug Rabson default = "des3-cbc-sha1" 44c19800e8SDoug Rabson } 45c19800e8SDoug Rabson option = { 46c19800e8SDoug Rabson long = "key-file" 47c19800e8SDoug Rabson short = "k" 48c19800e8SDoug Rabson type = "string" 49c19800e8SDoug Rabson argument = "file" 50c19800e8SDoug Rabson help = "master key file" 51c19800e8SDoug Rabson } 52c19800e8SDoug Rabson option = { 53c19800e8SDoug Rabson long = "convert-file" 54c19800e8SDoug Rabson type = "flag" 55c19800e8SDoug Rabson help = "just convert keyfile to new format" 56c19800e8SDoug Rabson } 57c19800e8SDoug Rabson option = { 58c19800e8SDoug Rabson long = "master-key-fd" 59c19800e8SDoug Rabson type = "integer" 60c19800e8SDoug Rabson argument = "fd" 61c19800e8SDoug Rabson help = "filedescriptor to read passphrase from" 62c19800e8SDoug Rabson default = "-1" 63c19800e8SDoug Rabson } 64c19800e8SDoug Rabson help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 65c19800e8SDoug Rabson} 66c19800e8SDoug Rabsoncommand = { 67c19800e8SDoug Rabson name = "dump" 68c19800e8SDoug Rabson option = { 69c19800e8SDoug Rabson long = "decrypt" 70c19800e8SDoug Rabson short = "d" 71c19800e8SDoug Rabson type = "flag" 72c19800e8SDoug Rabson help = "decrypt keys" 73c19800e8SDoug Rabson } 74c19800e8SDoug Rabson argument = "[dump-file]" 75c19800e8SDoug Rabson min_args = "0" 76c19800e8SDoug Rabson max_args = "1" 77c19800e8SDoug Rabson help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 78c19800e8SDoug Rabson} 79c19800e8SDoug Rabson 80c19800e8SDoug Rabsoncommand = { 81c19800e8SDoug Rabson name = "init" 82c19800e8SDoug Rabson option = { 83c19800e8SDoug Rabson long = "realm-max-ticket-life" 84c19800e8SDoug Rabson type = "string" 85c19800e8SDoug Rabson help = "realm max ticket lifetime" 86c19800e8SDoug Rabson } 87c19800e8SDoug Rabson option = { 88c19800e8SDoug Rabson long = "realm-max-renewable-life" 89c19800e8SDoug Rabson type = "string" 90c19800e8SDoug Rabson help = "realm max renewable lifetime" 91c19800e8SDoug Rabson } 92c19800e8SDoug Rabson argument = "realm..." 93c19800e8SDoug Rabson min_args = "1" 94c19800e8SDoug Rabson help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 95c19800e8SDoug Rabson} 96c19800e8SDoug Rabsoncommand = { 97c19800e8SDoug Rabson name = "load" 98c19800e8SDoug Rabson argument = "file" 99c19800e8SDoug Rabson min_args = "1" 100c19800e8SDoug Rabson max_args = "1" 101c19800e8SDoug Rabson help = "Loads a previously dumped file. Local (-l) mode only." 102c19800e8SDoug Rabson} 103c19800e8SDoug Rabsoncommand = { 104c19800e8SDoug Rabson name = "merge" 105c19800e8SDoug Rabson argument = "file" 106c19800e8SDoug Rabson min_args = "1" 107c19800e8SDoug Rabson max_args = "1" 108c19800e8SDoug Rabson help = "Merges the contents of a dump file into the database. Local (-l) mode only." 109c19800e8SDoug Rabson} 110c19800e8SDoug Rabsoncommand = { 111c19800e8SDoug Rabson name = "add" 112c19800e8SDoug Rabson name = "ank" 113c19800e8SDoug Rabson name = "add_new_key" 114c19800e8SDoug Rabson function = "add_new_key" 115c19800e8SDoug Rabson option = { 116c19800e8SDoug Rabson long = "random-key" 117c19800e8SDoug Rabson short = "r" 118c19800e8SDoug Rabson type = "flag" 119c19800e8SDoug Rabson help = "set random key" 120c19800e8SDoug Rabson } 121c19800e8SDoug Rabson option = { 122c19800e8SDoug Rabson long = "random-password" 123c19800e8SDoug Rabson type = "flag" 124c19800e8SDoug Rabson help = "set random password" 125c19800e8SDoug Rabson } 126c19800e8SDoug Rabson option = { 127c19800e8SDoug Rabson long = "password" 128c19800e8SDoug Rabson short = "p" 129c19800e8SDoug Rabson type = "string" 130c19800e8SDoug Rabson help = "principal's password" 131c19800e8SDoug Rabson } 132c19800e8SDoug Rabson option = { 133c19800e8SDoug Rabson long = "key" 134c19800e8SDoug Rabson type = "string" 135c19800e8SDoug Rabson help = "DES-key in hex" 136c19800e8SDoug Rabson } 137c19800e8SDoug Rabson option = { 138c19800e8SDoug Rabson long = "max-ticket-life" 139c19800e8SDoug Rabson type = "string" 140c19800e8SDoug Rabson argument ="lifetime" 141c19800e8SDoug Rabson help = "max ticket lifetime" 142c19800e8SDoug Rabson } 143c19800e8SDoug Rabson option = { 144c19800e8SDoug Rabson long = "max-renewable-life" 145c19800e8SDoug Rabson type = "string" 146c19800e8SDoug Rabson argument = "lifetime" 147c19800e8SDoug Rabson help = "max renewable life" 148c19800e8SDoug Rabson } 149c19800e8SDoug Rabson option = { 150c19800e8SDoug Rabson long = "attributes" 151c19800e8SDoug Rabson type = "string" 152c19800e8SDoug Rabson argument = "attributes" 153c19800e8SDoug Rabson help = "principal attributes" 154c19800e8SDoug Rabson } 155c19800e8SDoug Rabson option = { 156c19800e8SDoug Rabson long = "expiration-time" 157c19800e8SDoug Rabson type = "string" 158c19800e8SDoug Rabson argument = "time" 159c19800e8SDoug Rabson help = "principal expiration time" 160c19800e8SDoug Rabson } 161c19800e8SDoug Rabson option = { 162c19800e8SDoug Rabson long = "pw-expiration-time" 163c19800e8SDoug Rabson type = "string" 164c19800e8SDoug Rabson argument = "time" 165c19800e8SDoug Rabson help = "password expiration time" 166c19800e8SDoug Rabson } 167c19800e8SDoug Rabson option = { 168c19800e8SDoug Rabson long = "use-defaults" 169c19800e8SDoug Rabson type = "flag" 170c19800e8SDoug Rabson help = "use default values" 171c19800e8SDoug Rabson } 172c19800e8SDoug Rabson argument = "principal..." 173c19800e8SDoug Rabson min_args = "1" 174c19800e8SDoug Rabson help = "Adds a principal to the database." 175c19800e8SDoug Rabson} 176c19800e8SDoug Rabsoncommand = { 177c19800e8SDoug Rabson name = "passwd" 178c19800e8SDoug Rabson name = "cpw" 179c19800e8SDoug Rabson name = "change_password" 180c19800e8SDoug Rabson function = "cpw_entry" 181c19800e8SDoug Rabson option = { 182c19800e8SDoug Rabson long = "random-key" 183c19800e8SDoug Rabson short = "r" 184c19800e8SDoug Rabson type = "flag" 185c19800e8SDoug Rabson help = "set random key" 186c19800e8SDoug Rabson } 187c19800e8SDoug Rabson option = { 188c19800e8SDoug Rabson long = "random-password" 189c19800e8SDoug Rabson type = "flag" 190c19800e8SDoug Rabson help = "set random password" 191c19800e8SDoug Rabson } 192c19800e8SDoug Rabson option = { 193c19800e8SDoug Rabson long = "password" 194c19800e8SDoug Rabson short = "p" 195c19800e8SDoug Rabson type = "string" 196c19800e8SDoug Rabson help = "princial's password" 197c19800e8SDoug Rabson } 198c19800e8SDoug Rabson option = { 199c19800e8SDoug Rabson long = "key" 200c19800e8SDoug Rabson type = "string" 201c19800e8SDoug Rabson help = "DES key in hex" 202c19800e8SDoug Rabson } 203c19800e8SDoug Rabson argument = "principal..." 204c19800e8SDoug Rabson min_args = "1" 205c19800e8SDoug Rabson help = "Changes the password of one or more principals matching the expressions." 206c19800e8SDoug Rabson} 207c19800e8SDoug Rabsoncommand = { 208c19800e8SDoug Rabson name = "delete" 209c19800e8SDoug Rabson name = "del" 210c19800e8SDoug Rabson name = "del_entry" 211c19800e8SDoug Rabson function = "del_entry" 212c19800e8SDoug Rabson argument = "principal..." 213c19800e8SDoug Rabson min_args = "1" 214c19800e8SDoug Rabson help = "Deletes all principals matching the expressions." 215c19800e8SDoug Rabson} 216c19800e8SDoug Rabsoncommand = { 217c19800e8SDoug Rabson name = "del_enctype" 218c19800e8SDoug Rabson argument = "principal enctype..." 219c19800e8SDoug Rabson min_args = "2" 220c19800e8SDoug Rabson help = "Delete all the mentioned enctypes for principal." 221c19800e8SDoug Rabson} 222c19800e8SDoug Rabsoncommand = { 223c19800e8SDoug Rabson name = "add_enctype" 224c19800e8SDoug Rabson option = { 225c19800e8SDoug Rabson long = "random-key" 226c19800e8SDoug Rabson short = "r" 227c19800e8SDoug Rabson type = "flag" 228c19800e8SDoug Rabson help = "set random key" 229c19800e8SDoug Rabson } 230c19800e8SDoug Rabson argument = "principal enctype..." 231c19800e8SDoug Rabson min_args = "2" 232c19800e8SDoug Rabson help = "Add new enctypes for principal." 233c19800e8SDoug Rabson} 234c19800e8SDoug Rabsoncommand = { 235c19800e8SDoug Rabson name = "ext_keytab" 236c19800e8SDoug Rabson option = { 237c19800e8SDoug Rabson long = "keytab" 238c19800e8SDoug Rabson short = "k" 239c19800e8SDoug Rabson type = "string" 240c19800e8SDoug Rabson help = "keytab to use" 241c19800e8SDoug Rabson } 242c19800e8SDoug Rabson argument = "principal..." 243c19800e8SDoug Rabson min_args = "1" 244c19800e8SDoug Rabson help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 245c19800e8SDoug Rabson} 246c19800e8SDoug Rabsoncommand = { 247c19800e8SDoug Rabson name = "get" 248c19800e8SDoug Rabson name = "get_entry" 249c19800e8SDoug Rabson function = "get_entry" 250c19800e8SDoug Rabson /* XXX sync options with "list" */ 251c19800e8SDoug Rabson option = { 252c19800e8SDoug Rabson long = "long" 253c19800e8SDoug Rabson short = "l" 254c19800e8SDoug Rabson type = "flag" 255c19800e8SDoug Rabson help = "long format" 256c19800e8SDoug Rabson default = "-1" 257c19800e8SDoug Rabson } 258c19800e8SDoug Rabson option = { 259c19800e8SDoug Rabson long = "short" 260c19800e8SDoug Rabson short = "s" 261c19800e8SDoug Rabson type = "flag" 262c19800e8SDoug Rabson help = "short format" 263c19800e8SDoug Rabson } 264c19800e8SDoug Rabson option = { 265c19800e8SDoug Rabson long = "terse" 266c19800e8SDoug Rabson short = "t" 267c19800e8SDoug Rabson type = "flag" 268c19800e8SDoug Rabson help = "terse format" 269c19800e8SDoug Rabson } 270c19800e8SDoug Rabson option = { 271c19800e8SDoug Rabson long = "column-info" 272c19800e8SDoug Rabson short = "o" 273c19800e8SDoug Rabson type = "string" 274c19800e8SDoug Rabson help = "columns to print for short output" 275c19800e8SDoug Rabson } 276c19800e8SDoug Rabson argument = "principal..." 277c19800e8SDoug Rabson min_args = "1" 278c19800e8SDoug Rabson help = "Shows information about principals matching the expressions." 279c19800e8SDoug Rabson} 280c19800e8SDoug Rabsoncommand = { 281c19800e8SDoug Rabson name = "rename" 282c19800e8SDoug Rabson function = "rename_entry" 283c19800e8SDoug Rabson argument = "from to" 284c19800e8SDoug Rabson min_args = "2" 285c19800e8SDoug Rabson max_args = "2" 286c19800e8SDoug Rabson help = "Renames a principal." 287c19800e8SDoug Rabson} 288c19800e8SDoug Rabsoncommand = { 289c19800e8SDoug Rabson name = "modify" 290c19800e8SDoug Rabson function = "mod_entry" 291c19800e8SDoug Rabson option = { 292c19800e8SDoug Rabson long = "max-ticket-life" 293c19800e8SDoug Rabson type = "string" 294c19800e8SDoug Rabson argument ="lifetime" 295c19800e8SDoug Rabson help = "max ticket lifetime" 296c19800e8SDoug Rabson } 297c19800e8SDoug Rabson option = { 298c19800e8SDoug Rabson long = "max-renewable-life" 299c19800e8SDoug Rabson type = "string" 300c19800e8SDoug Rabson argument = "lifetime" 301c19800e8SDoug Rabson help = "max renewable life" 302c19800e8SDoug Rabson } 303c19800e8SDoug Rabson option = { 304c19800e8SDoug Rabson long = "attributes" 305c19800e8SDoug Rabson short = "a" 306c19800e8SDoug Rabson type = "string" 307c19800e8SDoug Rabson argument = "attributes" 308c19800e8SDoug Rabson help = "principal attributes" 309c19800e8SDoug Rabson } 310c19800e8SDoug Rabson option = { 311c19800e8SDoug Rabson long = "expiration-time" 312c19800e8SDoug Rabson type = "string" 313c19800e8SDoug Rabson argument = "time" 314c19800e8SDoug Rabson help = "principal expiration time" 315c19800e8SDoug Rabson } 316c19800e8SDoug Rabson option = { 317c19800e8SDoug Rabson long = "pw-expiration-time" 318c19800e8SDoug Rabson type = "string" 319c19800e8SDoug Rabson argument = "time" 320c19800e8SDoug Rabson help = "password expiration time" 321c19800e8SDoug Rabson } 322c19800e8SDoug Rabson option = { 323c19800e8SDoug Rabson long = "kvno" 324c19800e8SDoug Rabson type = "integer" 325c19800e8SDoug Rabson help = "key version number" 326c19800e8SDoug Rabson default = "-1" 327c19800e8SDoug Rabson } 328c19800e8SDoug Rabson option = { 329c19800e8SDoug Rabson long = "constrained-delegation" 330c19800e8SDoug Rabson type = "strings" 331c19800e8SDoug Rabson argument = "principal" 332c19800e8SDoug Rabson help = "allowed target principals" 333c19800e8SDoug Rabson } 334c19800e8SDoug Rabson option = { 335c19800e8SDoug Rabson long = "alias" 336c19800e8SDoug Rabson type = "strings" 337c19800e8SDoug Rabson argument = "principal" 338c19800e8SDoug Rabson help = "aliases" 339c19800e8SDoug Rabson } 340c19800e8SDoug Rabson option = { 341c19800e8SDoug Rabson long = "pkinit-acl" 342c19800e8SDoug Rabson type = "strings" 343c19800e8SDoug Rabson argument = "subject dn" 344c19800e8SDoug Rabson help = "aliases" 345c19800e8SDoug Rabson } 346c19800e8SDoug Rabson argument = "principal" 347c19800e8SDoug Rabson min_args = "1" 348c19800e8SDoug Rabson max_args = "1" 349c19800e8SDoug Rabson help = "Modifies some attributes of the specified principal." 350c19800e8SDoug Rabson} 351c19800e8SDoug Rabsoncommand = { 352c19800e8SDoug Rabson name = "privileges" 353c19800e8SDoug Rabson name = "privs" 354c19800e8SDoug Rabson function = "get_privs" 355c19800e8SDoug Rabson help = "Shows which operations you are allowed to perform." 356c19800e8SDoug Rabson} 357c19800e8SDoug Rabsoncommand = { 358c19800e8SDoug Rabson name = "list" 359c19800e8SDoug Rabson function = "list_princs" 360c19800e8SDoug Rabson /* XXX sync options with "get" */ 361c19800e8SDoug Rabson option = { 362c19800e8SDoug Rabson long = "long" 363c19800e8SDoug Rabson short = "l" 364c19800e8SDoug Rabson type = "flag" 365c19800e8SDoug Rabson help = "long format" 366c19800e8SDoug Rabson } 367c19800e8SDoug Rabson option = { 368c19800e8SDoug Rabson long = "short" 369c19800e8SDoug Rabson short = "s" 370c19800e8SDoug Rabson type = "flag" 371c19800e8SDoug Rabson help = "short format" 372c19800e8SDoug Rabson } 373c19800e8SDoug Rabson option = { 374c19800e8SDoug Rabson long = "terse" 375c19800e8SDoug Rabson short = "t" 376c19800e8SDoug Rabson type = "flag" 377c19800e8SDoug Rabson help = "terse format" 378c19800e8SDoug Rabson default = "-1" 379c19800e8SDoug Rabson } 380c19800e8SDoug Rabson option = { 381c19800e8SDoug Rabson long = "column-info" 382c19800e8SDoug Rabson short = "o" 383c19800e8SDoug Rabson type = "string" 384c19800e8SDoug Rabson help = "columns to print for short output" 385c19800e8SDoug Rabson } 386c19800e8SDoug Rabson argument = "principal..." 387c19800e8SDoug Rabson min_args = "1" 388c19800e8SDoug Rabson help = "Lists principals in a terse format. Equivalent to \"get -t\"." 389c19800e8SDoug Rabson} 390c19800e8SDoug Rabsoncommand = { 391c19800e8SDoug Rabson name = "verify-password-quality" 392c19800e8SDoug Rabson name = "pwq" 393c19800e8SDoug Rabson function = "password_quality" 394c19800e8SDoug Rabson argument = "principal password" 395c19800e8SDoug Rabson min_args = "2" 396c19800e8SDoug Rabson max_args = "2" 397c19800e8SDoug Rabson help = "Try run the password quality function locally (not doing RPC out to server)." 398c19800e8SDoug Rabson} 399c19800e8SDoug Rabsoncommand = { 400c19800e8SDoug Rabson name = "check" 401c19800e8SDoug Rabson function = "check" 402c19800e8SDoug Rabson argument = "[realm]" 403c19800e8SDoug Rabson min_args = "0" 404c19800e8SDoug Rabson max_args = "1" 405c19800e8SDoug Rabson help = "Check the realm (if not given, the default realm) for configuration errors." 406c19800e8SDoug Rabson} 407c19800e8SDoug Rabsoncommand = { 408c19800e8SDoug Rabson name = "help" 409c19800e8SDoug Rabson name = "?" 410c19800e8SDoug Rabson argument = "[command]" 411c19800e8SDoug Rabson min_args = "0" 412c19800e8SDoug Rabson max_args = "1" 413c19800e8SDoug Rabson help = "Help! I need somebody." 414c19800e8SDoug Rabson} 415c19800e8SDoug Rabsoncommand = { 416c19800e8SDoug Rabson name = "exit" 417c19800e8SDoug Rabson name = "quit" 418c19800e8SDoug Rabson function = "exit_kadmin" 419c19800e8SDoug Rabson help = "Quits." 420c19800e8SDoug Rabson} 421