1/* 2 * Copyright (c) 2004 - 2007 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* $Id: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $ */ 34 35command = { 36 name = "stash" 37 name = "kstash" 38 option = { 39 long = "enctype" 40 short = "e" 41 type = "string" 42 help = "encryption type" 43 default = "des3-cbc-sha1" 44 } 45 option = { 46 long = "key-file" 47 short = "k" 48 type = "string" 49 argument = "file" 50 help = "master key file" 51 } 52 option = { 53 long = "convert-file" 54 type = "flag" 55 help = "just convert keyfile to new format" 56 } 57 option = { 58 long = "master-key-fd" 59 type = "integer" 60 argument = "fd" 61 help = "filedescriptor to read passphrase from" 62 default = "-1" 63 } 64 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 65} 66command = { 67 name = "dump" 68 option = { 69 long = "decrypt" 70 short = "d" 71 type = "flag" 72 help = "decrypt keys" 73 } 74 argument = "[dump-file]" 75 min_args = "0" 76 max_args = "1" 77 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 78} 79 80command = { 81 name = "init" 82 option = { 83 long = "realm-max-ticket-life" 84 type = "string" 85 help = "realm max ticket lifetime" 86 } 87 option = { 88 long = "realm-max-renewable-life" 89 type = "string" 90 help = "realm max renewable lifetime" 91 } 92 argument = "realm..." 93 min_args = "1" 94 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 95} 96command = { 97 name = "load" 98 argument = "file" 99 min_args = "1" 100 max_args = "1" 101 help = "Loads a previously dumped file. Local (-l) mode only." 102} 103command = { 104 name = "merge" 105 argument = "file" 106 min_args = "1" 107 max_args = "1" 108 help = "Merges the contents of a dump file into the database. Local (-l) mode only." 109} 110command = { 111 name = "add" 112 name = "ank" 113 name = "add_new_key" 114 function = "add_new_key" 115 option = { 116 long = "random-key" 117 short = "r" 118 type = "flag" 119 help = "set random key" 120 } 121 option = { 122 long = "random-password" 123 type = "flag" 124 help = "set random password" 125 } 126 option = { 127 long = "password" 128 short = "p" 129 type = "string" 130 help = "principal's password" 131 } 132 option = { 133 long = "key" 134 type = "string" 135 help = "DES-key in hex" 136 } 137 option = { 138 long = "max-ticket-life" 139 type = "string" 140 argument ="lifetime" 141 help = "max ticket lifetime" 142 } 143 option = { 144 long = "max-renewable-life" 145 type = "string" 146 argument = "lifetime" 147 help = "max renewable life" 148 } 149 option = { 150 long = "attributes" 151 type = "string" 152 argument = "attributes" 153 help = "principal attributes" 154 } 155 option = { 156 long = "expiration-time" 157 type = "string" 158 argument = "time" 159 help = "principal expiration time" 160 } 161 option = { 162 long = "pw-expiration-time" 163 type = "string" 164 argument = "time" 165 help = "password expiration time" 166 } 167 option = { 168 long = "use-defaults" 169 type = "flag" 170 help = "use default values" 171 } 172 argument = "principal..." 173 min_args = "1" 174 help = "Adds a principal to the database." 175} 176command = { 177 name = "passwd" 178 name = "cpw" 179 name = "change_password" 180 function = "cpw_entry" 181 option = { 182 long = "random-key" 183 short = "r" 184 type = "flag" 185 help = "set random key" 186 } 187 option = { 188 long = "random-password" 189 type = "flag" 190 help = "set random password" 191 } 192 option = { 193 long = "password" 194 short = "p" 195 type = "string" 196 help = "princial's password" 197 } 198 option = { 199 long = "key" 200 type = "string" 201 help = "DES key in hex" 202 } 203 argument = "principal..." 204 min_args = "1" 205 help = "Changes the password of one or more principals matching the expressions." 206} 207command = { 208 name = "delete" 209 name = "del" 210 name = "del_entry" 211 function = "del_entry" 212 argument = "principal..." 213 min_args = "1" 214 help = "Deletes all principals matching the expressions." 215} 216command = { 217 name = "del_enctype" 218 argument = "principal enctype..." 219 min_args = "2" 220 help = "Delete all the mentioned enctypes for principal." 221} 222command = { 223 name = "add_enctype" 224 option = { 225 long = "random-key" 226 short = "r" 227 type = "flag" 228 help = "set random key" 229 } 230 argument = "principal enctype..." 231 min_args = "2" 232 help = "Add new enctypes for principal." 233} 234command = { 235 name = "ext_keytab" 236 option = { 237 long = "keytab" 238 short = "k" 239 type = "string" 240 help = "keytab to use" 241 } 242 argument = "principal..." 243 min_args = "1" 244 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 245} 246command = { 247 name = "get" 248 name = "get_entry" 249 function = "get_entry" 250 /* XXX sync options with "list" */ 251 option = { 252 long = "long" 253 short = "l" 254 type = "flag" 255 help = "long format" 256 default = "-1" 257 } 258 option = { 259 long = "short" 260 short = "s" 261 type = "flag" 262 help = "short format" 263 } 264 option = { 265 long = "terse" 266 short = "t" 267 type = "flag" 268 help = "terse format" 269 } 270 option = { 271 long = "column-info" 272 short = "o" 273 type = "string" 274 help = "columns to print for short output" 275 } 276 argument = "principal..." 277 min_args = "1" 278 help = "Shows information about principals matching the expressions." 279} 280command = { 281 name = "rename" 282 function = "rename_entry" 283 argument = "from to" 284 min_args = "2" 285 max_args = "2" 286 help = "Renames a principal." 287} 288command = { 289 name = "modify" 290 function = "mod_entry" 291 option = { 292 long = "max-ticket-life" 293 type = "string" 294 argument ="lifetime" 295 help = "max ticket lifetime" 296 } 297 option = { 298 long = "max-renewable-life" 299 type = "string" 300 argument = "lifetime" 301 help = "max renewable life" 302 } 303 option = { 304 long = "attributes" 305 short = "a" 306 type = "string" 307 argument = "attributes" 308 help = "principal attributes" 309 } 310 option = { 311 long = "expiration-time" 312 type = "string" 313 argument = "time" 314 help = "principal expiration time" 315 } 316 option = { 317 long = "pw-expiration-time" 318 type = "string" 319 argument = "time" 320 help = "password expiration time" 321 } 322 option = { 323 long = "kvno" 324 type = "integer" 325 help = "key version number" 326 default = "-1" 327 } 328 option = { 329 long = "constrained-delegation" 330 type = "strings" 331 argument = "principal" 332 help = "allowed target principals" 333 } 334 option = { 335 long = "alias" 336 type = "strings" 337 argument = "principal" 338 help = "aliases" 339 } 340 option = { 341 long = "pkinit-acl" 342 type = "strings" 343 argument = "subject dn" 344 help = "aliases" 345 } 346 argument = "principal" 347 min_args = "1" 348 max_args = "1" 349 help = "Modifies some attributes of the specified principal." 350} 351command = { 352 name = "privileges" 353 name = "privs" 354 function = "get_privs" 355 help = "Shows which operations you are allowed to perform." 356} 357command = { 358 name = "list" 359 function = "list_princs" 360 /* XXX sync options with "get" */ 361 option = { 362 long = "long" 363 short = "l" 364 type = "flag" 365 help = "long format" 366 } 367 option = { 368 long = "short" 369 short = "s" 370 type = "flag" 371 help = "short format" 372 } 373 option = { 374 long = "terse" 375 short = "t" 376 type = "flag" 377 help = "terse format" 378 default = "-1" 379 } 380 option = { 381 long = "column-info" 382 short = "o" 383 type = "string" 384 help = "columns to print for short output" 385 } 386 argument = "principal..." 387 min_args = "1" 388 help = "Lists principals in a terse format. Equivalent to \"get -t\"." 389} 390command = { 391 name = "verify-password-quality" 392 name = "pwq" 393 function = "password_quality" 394 argument = "principal password" 395 min_args = "2" 396 max_args = "2" 397 help = "Try run the password quality function locally (not doing RPC out to server)." 398} 399command = { 400 name = "check" 401 function = "check" 402 argument = "[realm]" 403 min_args = "0" 404 max_args = "1" 405 help = "Check the realm (if not given, the default realm) for configuration errors." 406} 407command = { 408 name = "help" 409 name = "?" 410 argument = "[command]" 411 min_args = "0" 412 max_args = "1" 413 help = "Help! I need somebody." 414} 415command = { 416 name = "exit" 417 name = "quit" 418 function = "exit_kadmin" 419 help = "Quits." 420} 421