1/* 2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* $Id$ */ 34 35command = { 36 name = "stash" 37 name = "kstash" 38 option = { 39 long = "enctype" 40 short = "e" 41 type = "string" 42 help = "encryption type" 43 default = "des3-cbc-sha1" 44 } 45 option = { 46 long = "key-file" 47 short = "k" 48 type = "string" 49 argument = "file" 50 help = "master key file" 51 } 52 option = { 53 long = "convert-file" 54 type = "flag" 55 help = "just convert keyfile to new format" 56 } 57 option = { 58 long = "random-password" 59 type = "flag" 60 help = "use a random password (and print the password to stdout)" 61 } 62 option = { 63 long = "master-key-fd" 64 type = "integer" 65 argument = "fd" 66 help = "filedescriptor to read passphrase from" 67 default = "-1" 68 } 69 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 70} 71command = { 72 name = "dump" 73 option = { 74 long = "decrypt" 75 short = "d" 76 type = "flag" 77 help = "decrypt keys" 78 } 79 argument = "[dump-file]" 80 min_args = "0" 81 max_args = "1" 82 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 83} 84 85command = { 86 name = "init" 87 option = { 88 long = "realm-max-ticket-life" 89 type = "string" 90 help = "realm max ticket lifetime" 91 } 92 option = { 93 long = "realm-max-renewable-life" 94 type = "string" 95 help = "realm max renewable lifetime" 96 } 97 option = { 98 long = "bare" 99 type = "flag" 100 help = "only create krbtgt for realm" 101 } 102 argument = "realm..." 103 min_args = "1" 104 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 105} 106command = { 107 name = "load" 108 argument = "file" 109 min_args = "1" 110 max_args = "1" 111 help = "Loads a previously dumped file. Local (-l) mode only." 112} 113command = { 114 name = "merge" 115 argument = "file" 116 min_args = "1" 117 max_args = "1" 118 help = "Merges the contents of a dump file into the database. Local (-l) mode only." 119} 120command = { 121 name = "add" 122 name = "ank" 123 name = "add_new_key" 124 function = "add_new_key" 125 option = { 126 long = "random-key" 127 short = "r" 128 type = "flag" 129 help = "set random key" 130 } 131 option = { 132 long = "random-password" 133 type = "flag" 134 help = "set random password" 135 } 136 option = { 137 long = "password" 138 short = "p" 139 type = "string" 140 help = "principal's password" 141 } 142 option = { 143 long = "key" 144 type = "string" 145 help = "DES-key in hex" 146 } 147 option = { 148 long = "max-ticket-life" 149 type = "string" 150 argument ="lifetime" 151 help = "max ticket lifetime" 152 } 153 option = { 154 long = "max-renewable-life" 155 type = "string" 156 argument = "lifetime" 157 help = "max renewable life" 158 } 159 option = { 160 long = "attributes" 161 type = "string" 162 argument = "attributes" 163 help = "principal attributes" 164 } 165 option = { 166 long = "expiration-time" 167 type = "string" 168 argument = "time" 169 help = "principal expiration time" 170 } 171 option = { 172 long = "pw-expiration-time" 173 type = "string" 174 argument = "time" 175 help = "password expiration time" 176 } 177 option = { 178 long = "use-defaults" 179 type = "flag" 180 help = "use default values" 181 } 182 argument = "principal..." 183 min_args = "1" 184 help = "Adds a principal to the database." 185} 186command = { 187 name = "passwd" 188 name = "cpw" 189 name = "change_password" 190 function = "cpw_entry" 191 option = { 192 long = "random-key" 193 short = "r" 194 type = "flag" 195 help = "set random key" 196 } 197 option = { 198 long = "random-password" 199 type = "flag" 200 help = "set random password" 201 } 202 option = { 203 long = "password" 204 short = "p" 205 type = "string" 206 help = "princial's password" 207 } 208 option = { 209 long = "key" 210 type = "string" 211 help = "DES key in hex" 212 } 213 argument = "principal..." 214 min_args = "1" 215 help = "Changes the password of one or more principals matching the expressions." 216} 217command = { 218 name = "delete" 219 name = "del" 220 name = "del_entry" 221 function = "del_entry" 222 argument = "principal..." 223 min_args = "1" 224 help = "Deletes all principals matching the expressions." 225} 226command = { 227 name = "del_enctype" 228 argument = "principal enctype..." 229 min_args = "2" 230 help = "Delete all the mentioned enctypes for principal." 231} 232command = { 233 name = "add_enctype" 234 option = { 235 long = "random-key" 236 short = "r" 237 type = "flag" 238 help = "set random key" 239 } 240 argument = "principal enctype..." 241 min_args = "2" 242 help = "Add new enctypes for principal." 243} 244command = { 245 name = "ext_keytab" 246 option = { 247 long = "keytab" 248 short = "k" 249 type = "string" 250 help = "keytab to use" 251 } 252 argument = "principal..." 253 min_args = "1" 254 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 255} 256command = { 257 name = "get" 258 name = "get_entry" 259 function = "get_entry" 260 /* XXX sync options with "list" */ 261 option = { 262 long = "long" 263 short = "l" 264 type = "flag" 265 help = "long format" 266 default = "-1" 267 } 268 option = { 269 long = "short" 270 short = "s" 271 type = "flag" 272 help = "short format" 273 } 274 option = { 275 long = "terse" 276 short = "t" 277 type = "flag" 278 help = "terse format" 279 } 280 option = { 281 long = "column-info" 282 short = "o" 283 type = "string" 284 help = "columns to print for short output" 285 } 286 argument = "principal..." 287 min_args = "1" 288 help = "Shows information about principals matching the expressions." 289} 290command = { 291 name = "rename" 292 function = "rename_entry" 293 argument = "from to" 294 min_args = "2" 295 max_args = "2" 296 help = "Renames a principal." 297} 298command = { 299 name = "modify" 300 function = "mod_entry" 301 option = { 302 long = "max-ticket-life" 303 type = "string" 304 argument ="lifetime" 305 help = "max ticket lifetime" 306 } 307 option = { 308 long = "max-renewable-life" 309 type = "string" 310 argument = "lifetime" 311 help = "max renewable life" 312 } 313 option = { 314 long = "attributes" 315 short = "a" 316 type = "string" 317 argument = "attributes" 318 help = "principal attributes" 319 } 320 option = { 321 long = "expiration-time" 322 type = "string" 323 argument = "time" 324 help = "principal expiration time" 325 } 326 option = { 327 long = "pw-expiration-time" 328 type = "string" 329 argument = "time" 330 help = "password expiration time" 331 } 332 option = { 333 long = "kvno" 334 type = "integer" 335 help = "key version number" 336 default = "-1" 337 } 338 option = { 339 long = "constrained-delegation" 340 type = "strings" 341 argument = "principal" 342 help = "allowed target principals" 343 } 344 option = { 345 long = "alias" 346 type = "strings" 347 argument = "principal" 348 help = "aliases" 349 } 350 option = { 351 long = "pkinit-acl" 352 type = "strings" 353 argument = "subject dn" 354 help = "aliases" 355 } 356 argument = "principal" 357 min_args = "1" 358 max_args = "1" 359 help = "Modifies some attributes of the specified principal." 360} 361command = { 362 name = "privileges" 363 name = "privs" 364 function = "get_privs" 365 help = "Shows which operations you are allowed to perform." 366} 367command = { 368 name = "list" 369 function = "list_princs" 370 /* XXX sync options with "get" */ 371 option = { 372 long = "long" 373 short = "l" 374 type = "flag" 375 help = "long format" 376 } 377 option = { 378 long = "short" 379 short = "s" 380 type = "flag" 381 help = "short format" 382 } 383 option = { 384 long = "terse" 385 short = "t" 386 type = "flag" 387 help = "terse format" 388 default = "-1" 389 } 390 option = { 391 long = "column-info" 392 short = "o" 393 type = "string" 394 help = "columns to print for short output" 395 } 396 argument = "principal..." 397 min_args = "1" 398 help = "Lists principals in a terse format. Equivalent to \"get -t\"." 399} 400command = { 401 name = "verify-password-quality" 402 name = "pwq" 403 function = "password_quality" 404 argument = "principal password" 405 min_args = "2" 406 max_args = "2" 407 help = "Try run the password quality function locally (not doing RPC out to server)." 408} 409command = { 410 name = "check" 411 function = "check" 412 argument = "[realm]" 413 min_args = "0" 414 max_args = "1" 415 help = "Check the realm (if not given, the default realm) for configuration errors." 416} 417command = { 418 name = "help" 419 name = "?" 420 argument = "[command]" 421 min_args = "0" 422 max_args = "1" 423 help = "Help! I need somebody." 424} 425command = { 426 name = "exit" 427 name = "quit" 428 function = "exit_kadmin" 429 help = "Quits." 430} 431