xref: /freebsd/crypto/heimdal/kadmin/kadmin-commands.in (revision 5861f9665471e98e544f6fa3ce73c4912229ff82)
1/*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33/* $Id: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $ */
34
35command = {
36	name = "stash"
37	name = "kstash"
38	option = {
39		long = "enctype"
40		short = "e"
41		type = "string"
42		help = "encryption type"
43		default = "des3-cbc-sha1"
44	}
45	option = {
46		long = "key-file"
47		short = "k"
48		type = "string"
49		argument = "file"
50		help = "master key file"
51	}
52	option = {
53		long = "convert-file"
54		type = "flag"
55		help = "just convert keyfile to new format"
56	}
57	option = {
58		long = "master-key-fd"
59		type = "integer"
60		argument = "fd"
61		help = "filedescriptor to read passphrase from"
62		default = "-1"
63	}
64	help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
65}
66command = {
67	name = "dump"
68	option = {
69		long = "decrypt"
70		short = "d"
71		type = "flag"
72		help = "decrypt keys"
73	}
74	argument = "[dump-file]"
75	min_args = "0"
76	max_args = "1"
77	help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
78}
79
80command = {
81	name = "init"
82	option = {
83		long = "realm-max-ticket-life"
84		type = "string"
85		help = "realm max ticket lifetime"
86	}
87	option = {
88		long = "realm-max-renewable-life"
89		type = "string"
90		help = "realm max renewable lifetime"
91	}
92	argument = "realm..."
93	min_args = "1"
94	help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
95}
96command = {
97	name = "load"
98	argument = "file"
99	min_args = "1"
100	max_args = "1"
101	help = "Loads a previously dumped file. Local (-l) mode only."
102}
103command = {
104	name = "merge"
105	argument = "file"
106	min_args = "1"
107	max_args = "1"
108	help = "Merges the contents of a dump file into the database. Local (-l) mode only."
109}
110command = {
111	name = "add"
112	name = "ank"
113	name = "add_new_key"
114	function = "add_new_key"
115	option = {
116		long = "random-key"
117		short = "r"
118		type = "flag"
119		help = "set random key"
120	}
121	option = {
122		long = "random-password"
123		type = "flag"
124		help = "set random password"
125	}
126	option = {
127		long = "password"
128		short = "p"
129		type = "string"
130		help = "principal's password"
131	}
132	option = {
133		long = "key"
134		type = "string"
135		help = "DES-key in hex"
136	}
137	option = {
138		long = "max-ticket-life"
139		type = "string"
140		argument ="lifetime"
141		help = "max ticket lifetime"
142	}
143	option = {
144		long = "max-renewable-life"
145		type = "string"
146		argument = "lifetime"
147		help = "max renewable life"
148	}
149	option = {
150		long = "attributes"
151		type = "string"
152		argument = "attributes"
153		help = "principal attributes"
154	}
155	option = {
156		long = "expiration-time"
157		type = "string"
158		argument = "time"
159		help = "principal expiration time"
160	}
161	option = {
162		long = "pw-expiration-time"
163		type = "string"
164		argument = "time"
165		help = "password expiration time"
166	}
167	option = {
168		long = "use-defaults"
169		type = "flag"
170		help = "use default values"
171	}
172	argument = "principal..."
173	min_args = "1"
174	help = "Adds a principal to the database."
175}
176command = {
177	name = "passwd"
178	name = "cpw"
179	name = "change_password"
180	function = "cpw_entry"
181	option = {
182		long = "random-key"
183		short = "r"
184		type = "flag"
185		help = "set random key"
186	}
187	option = {
188		long = "random-password"
189		type = "flag"
190		help = "set random password"
191	}
192	option = {
193		long = "password"
194		short = "p"
195		type = "string"
196		help = "princial's password"
197	}
198	option = {
199		long = "key"
200		type = "string"
201		help = "DES key in hex"
202	}
203	argument = "principal..."
204	min_args = "1"
205	help = "Changes the password of one or more principals matching the expressions."
206}
207command = {
208	name = "delete"
209	name = "del"
210	name = "del_entry"
211	function = "del_entry"
212	argument = "principal..."
213	min_args = "1"
214	help = "Deletes all principals matching the expressions."
215}
216command = {
217	name = "del_enctype"
218	argument = "principal enctype..."
219	min_args = "2"
220	help = "Delete all the mentioned enctypes for principal."
221}
222command = {
223	name = "add_enctype"
224	option = {
225		long = "random-key"
226		short = "r"
227		type = "flag"
228		help = "set random key"
229	}
230	argument = "principal enctype..."
231	min_args = "2"
232	help = "Add new enctypes for principal."
233}
234command = {
235	name = "ext_keytab"
236	option = {
237		long = "keytab"
238		short = "k"
239		type = "string"
240		help = "keytab to use"
241	}
242	argument = "principal..."
243	min_args = "1"
244	help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
245}
246command = {
247	name = "get"
248	name = "get_entry"
249	function = "get_entry"
250	/* XXX sync options with "list" */
251	option = {
252		long = "long"
253		short = "l"
254		type = "flag"
255		help = "long format"
256		default = "-1"
257	}
258	option = {
259		long = "short"
260		short = "s"
261		type = "flag"
262		help = "short format"
263	}
264	option = {
265		long = "terse"
266		short = "t"
267		type = "flag"
268		help = "terse format"
269	}
270	option = {
271		long = "column-info"
272		short = "o"
273		type = "string"
274		help = "columns to print for short output"
275	}
276	argument = "principal..."
277	min_args = "1"
278	help = "Shows information about principals matching the expressions."
279}
280command = {
281	name = "rename"
282	function = "rename_entry"
283	argument = "from to"
284	min_args = "2"
285	max_args = "2"
286	help = "Renames a principal."
287}
288command = {
289	name = "modify"
290	function = "mod_entry"
291	option = {
292		long = "max-ticket-life"
293		type = "string"
294		argument ="lifetime"
295		help = "max ticket lifetime"
296	}
297	option = {
298		long = "max-renewable-life"
299		type = "string"
300		argument = "lifetime"
301		help = "max renewable life"
302	}
303	option = {
304		long = "attributes"
305		short = "a"
306		type = "string"
307		argument = "attributes"
308		help = "principal attributes"
309	}
310	option = {
311		long = "expiration-time"
312		type = "string"
313		argument = "time"
314		help = "principal expiration time"
315	}
316	option = {
317		long = "pw-expiration-time"
318		type = "string"
319		argument = "time"
320		help = "password expiration time"
321	}
322	option = {
323		long = "kvno"
324		type = "integer"
325		help = "key version number"
326		default = "-1"
327	}
328	option = {
329		long = "constrained-delegation"
330		type = "strings"
331		argument = "principal"
332		help = "allowed target principals"
333	}
334	option = {
335		long = "alias"
336		type = "strings"
337		argument = "principal"
338		help = "aliases"
339	}
340	option = {
341		long = "pkinit-acl"
342		type = "strings"
343		argument = "subject dn"
344		help = "aliases"
345	}
346	argument = "principal"
347	min_args = "1"
348	max_args = "1"
349	help = "Modifies some attributes of the specified principal."
350}
351command = {
352	name = "privileges"
353	name = "privs"
354	function = "get_privs"
355	help = "Shows which operations you are allowed to perform."
356}
357command = {
358	name = "list"
359	function = "list_princs"
360	/* XXX sync options with "get" */
361	option = {
362		long = "long"
363		short = "l"
364		type = "flag"
365		help = "long format"
366	}
367	option = {
368		long = "short"
369		short = "s"
370		type = "flag"
371		help = "short format"
372	}
373	option = {
374		long = "terse"
375		short = "t"
376		type = "flag"
377		help = "terse format"
378		default = "-1"
379	}
380	option = {
381		long = "column-info"
382		short = "o"
383		type = "string"
384		help = "columns to print for short output"
385	}
386	argument = "principal..."
387	min_args = "1"
388	help = "Lists principals in a terse format. Equivalent to \"get -t\"."
389}
390command = {
391	name = "verify-password-quality"
392	name = "pwq"
393	function = "password_quality"
394	argument = "principal password"
395	min_args = "2"
396	max_args = "2"
397	help = "Try run the password quality function locally (not doing RPC out to server)."
398}
399command = {
400	name = "check"
401	function = "check"
402	argument = "[realm]"
403	min_args = "0"
404	max_args = "1"
405	help = "Check the realm (if not given, the default realm) for configuration errors."
406}
407command = {
408	name = "help"
409	name = "?"
410	argument = "[command]"
411	min_args = "0"
412	max_args = "1"
413	help = "Help! I need somebody."
414}
415command = {
416	name = "exit"
417	name = "quit"
418	function = "exit_kadmin"
419	help = "Quits."
420}
421