1/* 2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33/* $Id$ */ 34 35command = { 36 name = "stash" 37 name = "kstash" 38 option = { 39 long = "enctype" 40 short = "e" 41 type = "string" 42 help = "encryption type" 43 default = "des3-cbc-sha1" 44 } 45 option = { 46 long = "key-file" 47 short = "k" 48 type = "string" 49 argument = "file" 50 help = "master key file" 51 } 52 option = { 53 long = "convert-file" 54 type = "flag" 55 help = "just convert keyfile to new format" 56 } 57 option = { 58 long = "random-password" 59 type = "flag" 60 help = "use a random password (and print the password to stdout)" 61 } 62 option = { 63 long = "master-key-fd" 64 type = "integer" 65 argument = "fd" 66 help = "filedescriptor to read passphrase from" 67 default = "-1" 68 } 69 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." 70} 71command = { 72 name = "dump" 73 option = { 74 long = "decrypt" 75 short = "d" 76 type = "flag" 77 help = "decrypt keys" 78 } 79 option = { 80 long = "format" 81 short = "f" 82 type = "string" 83 help = "dump format, mit or heimdal (default: heimdal)" 84 } 85 argument = "[dump-file]" 86 min_args = "0" 87 max_args = "1" 88 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." 89} 90 91command = { 92 name = "init" 93 option = { 94 long = "realm-max-ticket-life" 95 type = "string" 96 help = "realm max ticket lifetime" 97 } 98 option = { 99 long = "realm-max-renewable-life" 100 type = "string" 101 help = "realm max renewable lifetime" 102 } 103 option = { 104 long = "bare" 105 type = "flag" 106 help = "only create krbtgt for realm" 107 } 108 argument = "realm..." 109 min_args = "1" 110 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." 111} 112command = { 113 name = "load" 114 argument = "file" 115 min_args = "1" 116 max_args = "1" 117 help = "Loads a previously dumped file. Local (-l) mode only." 118} 119command = { 120 name = "merge" 121 argument = "file" 122 min_args = "1" 123 max_args = "1" 124 help = "Merges the contents of a dump file into the database. Local (-l) mode only." 125} 126command = { 127 name = "add" 128 name = "ank" 129 name = "add_new_key" 130 function = "add_new_key" 131 option = { 132 long = "random-key" 133 short = "r" 134 type = "flag" 135 help = "set random key" 136 } 137 option = { 138 long = "random-password" 139 type = "flag" 140 help = "set random password" 141 } 142 option = { 143 long = "password" 144 short = "p" 145 type = "string" 146 help = "principal's password" 147 } 148 option = { 149 long = "key" 150 type = "string" 151 help = "DES-key in hex" 152 } 153 option = { 154 long = "max-ticket-life" 155 type = "string" 156 argument ="lifetime" 157 help = "max ticket lifetime" 158 } 159 option = { 160 long = "max-renewable-life" 161 type = "string" 162 argument = "lifetime" 163 help = "max renewable life" 164 } 165 option = { 166 long = "attributes" 167 type = "string" 168 argument = "attributes" 169 help = "principal attributes" 170 } 171 option = { 172 long = "expiration-time" 173 type = "string" 174 argument = "time" 175 help = "principal expiration time" 176 } 177 option = { 178 long = "pw-expiration-time" 179 type = "string" 180 argument = "time" 181 help = "password expiration time" 182 } 183 option = { 184 long = "use-defaults" 185 type = "flag" 186 help = "use default values" 187 } 188 argument = "principal..." 189 min_args = "1" 190 help = "Adds a principal to the database." 191} 192command = { 193 name = "passwd" 194 name = "cpw" 195 name = "change_password" 196 function = "cpw_entry" 197 option = { 198 long = "random-key" 199 short = "r" 200 type = "flag" 201 help = "set random key" 202 } 203 option = { 204 long = "random-password" 205 type = "flag" 206 help = "set random password" 207 } 208 option = { 209 long = "password" 210 short = "p" 211 type = "string" 212 help = "princial's password" 213 } 214 option = { 215 long = "key" 216 type = "string" 217 help = "DES key in hex" 218 } 219 argument = "principal..." 220 min_args = "1" 221 help = "Changes the password of one or more principals matching the expressions." 222} 223command = { 224 name = "delete" 225 name = "del" 226 name = "del_entry" 227 function = "del_entry" 228 argument = "principal..." 229 min_args = "1" 230 help = "Deletes all principals matching the expressions." 231} 232command = { 233 name = "del_enctype" 234 argument = "principal enctype..." 235 min_args = "2" 236 help = "Delete all the mentioned enctypes for principal." 237} 238command = { 239 name = "add_enctype" 240 option = { 241 long = "random-key" 242 short = "r" 243 type = "flag" 244 help = "set random key" 245 } 246 argument = "principal enctype..." 247 min_args = "2" 248 help = "Add new enctypes for principal." 249} 250command = { 251 name = "ext_keytab" 252 option = { 253 long = "keytab" 254 short = "k" 255 type = "string" 256 help = "keytab to use" 257 } 258 argument = "principal..." 259 min_args = "1" 260 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." 261} 262command = { 263 name = "get" 264 name = "get_entry" 265 function = "get_entry" 266 /* XXX sync options with "list" */ 267 option = { 268 long = "long" 269 short = "l" 270 type = "flag" 271 help = "long format" 272 default = "-1" 273 } 274 option = { 275 long = "short" 276 short = "s" 277 type = "flag" 278 help = "short format" 279 } 280 option = { 281 long = "terse" 282 short = "t" 283 type = "flag" 284 help = "terse format" 285 } 286 option = { 287 long = "column-info" 288 short = "o" 289 type = "string" 290 help = "columns to print for short output" 291 } 292 argument = "principal..." 293 min_args = "1" 294 help = "Shows information about principals matching the expressions." 295} 296command = { 297 name = "rename" 298 function = "rename_entry" 299 argument = "from to" 300 min_args = "2" 301 max_args = "2" 302 help = "Renames a principal." 303} 304command = { 305 name = "modify" 306 function = "mod_entry" 307 option = { 308 long = "max-ticket-life" 309 type = "string" 310 argument ="lifetime" 311 help = "max ticket lifetime" 312 } 313 option = { 314 long = "max-renewable-life" 315 type = "string" 316 argument = "lifetime" 317 help = "max renewable life" 318 } 319 option = { 320 long = "attributes" 321 short = "a" 322 type = "string" 323 argument = "attributes" 324 help = "principal attributes" 325 } 326 option = { 327 long = "expiration-time" 328 type = "string" 329 argument = "time" 330 help = "principal expiration time" 331 } 332 option = { 333 long = "pw-expiration-time" 334 type = "string" 335 argument = "time" 336 help = "password expiration time" 337 } 338 option = { 339 long = "kvno" 340 type = "integer" 341 help = "key version number" 342 default = "-1" 343 } 344 option = { 345 long = "constrained-delegation" 346 type = "strings" 347 argument = "principal" 348 help = "allowed target principals" 349 } 350 option = { 351 long = "alias" 352 type = "strings" 353 argument = "principal" 354 help = "aliases" 355 } 356 option = { 357 long = "pkinit-acl" 358 type = "strings" 359 argument = "subject dn" 360 help = "aliases" 361 } 362 argument = "principal" 363 min_args = "1" 364 max_args = "1" 365 help = "Modifies some attributes of the specified principal." 366} 367command = { 368 name = "privileges" 369 name = "privs" 370 function = "get_privs" 371 help = "Shows which operations you are allowed to perform." 372} 373command = { 374 name = "list" 375 function = "list_princs" 376 /* XXX sync options with "get" */ 377 option = { 378 long = "long" 379 short = "l" 380 type = "flag" 381 help = "long format" 382 } 383 option = { 384 long = "short" 385 short = "s" 386 type = "flag" 387 help = "short format" 388 } 389 option = { 390 long = "terse" 391 short = "t" 392 type = "flag" 393 help = "terse format" 394 default = "-1" 395 } 396 option = { 397 long = "column-info" 398 short = "o" 399 type = "string" 400 help = "columns to print for short output" 401 } 402 argument = "principal..." 403 min_args = "1" 404 help = "Lists principals in a terse format. Equivalent to \"get -t\"." 405} 406command = { 407 name = "verify-password-quality" 408 name = "pwq" 409 function = "password_quality" 410 argument = "principal password" 411 min_args = "2" 412 max_args = "2" 413 help = "Try run the password quality function locally (not doing RPC out to server)." 414} 415command = { 416 name = "check" 417 function = "check" 418 argument = "[realm]" 419 min_args = "0" 420 max_args = "1" 421 help = "Check the realm (if not given, the default realm) for configuration errors." 422} 423command = { 424 name = "help" 425 name = "?" 426 argument = "[command]" 427 min_args = "0" 428 max_args = "1" 429 help = "Help! I need somebody." 430} 431command = { 432 name = "exit" 433 name = "quit" 434 function = "exit_kadmin" 435 help = "Quits." 436} 437