Merge from vendor branch ZLIB:

[dragonfly.git] / crypto / heimdal / admin / ktutil.8

.\" $Id: ktutil.8,v 1.15 2002/08/20 17:07:00 joda Exp $
.\"
.Dd December 16, 2000
.Dt KTUTIL 8
.Os HEIMDAL
.Sh NAME
.Nm ktutil
.Nd manage Kerberos keytabs
.Sh SYNOPSIS
.Nm
.Oo Fl k Ar keytab \*(Ba Xo
.Fl -keytab= Ns Ar keytab
.Xc
.Oc
.Op Fl v | Fl -verbose
.Op Fl -version
.Op Fl h | Fl -help
.Ar command
.Op Ar args
.Sh DESCRIPTION
.Nm
is a program for managing keytabs.
.Ar command
can be one of the following:
.Bl -tag -width srvconvert
.It add Xo
.Op Fl p Ar principal
.Op Fl -principal= Ns Ar principal
.Op Fl V Ar kvno
.Op Fl -kvno= Ns Ar kvno
.Op Fl e Ar encype
.Op Fl -enctype= Ns Ar enctype
.Op Fl w Ar password
.Op Fl -password= Ns Ar password
.Op Fl r
.Op Fl -random
.Op Fl s
.Op Fl -no-salt
.Xc
Adds a key to the keytab. Options that are not specified will be
prompted for. This requires that you know the password of the
principal to add; if what you really want is to add a new principal to
the keytab, you should consider the
.Ar get
command, which talks to the kadmin server.
.It change Xo
.Op Fl r Ar realm
.Op Fl -realm= Ns Ar realm
.Op Fl -a Ar host
.Op Fl -admin-server= Ns Ar host
.Op Fl -s Ar port
.Op Fl -server-port= Ns Ar port
.Xc
Update one or several keys to new versions.  By default, use the admin
server for the realm of an keytab entry.  Otherwise it will use the
values specified by the options.
.Pp
If no principals are given, all the ones in the keytab are updated.
.It copy Xo
.Ar keytab-src
.Ar keytab-dest
.Xc
Copies all the entries from
.Ar keytab-src
to
.Ar keytab-dest .
.It get Xo
.Op Fl p Ar admin principal
.Op Fl -principal= Ns Ar admin principal
.Op Fl e Ar enctype
.Op Fl -enctypes= Ns Ar enctype
.Op Fl r Ar realm
.Op Fl -realm= Ns Ar realm
.Op Fl a Ar admin server
.Op Fl -admin-server= Ns Ar admin server
.Op Fl s Ar server port
.Op Fl -server-port= Ns Ar server port
.Ar principal ...
.Xc
For each
.Ar principal ,
generate a new key for it (creating it if it doesn't already exist),
and put that key in the keytab.
.Pp
If no
.Ar realm
is specified, the realm to operate on is taken from the first
principal.
.It list Xo
.Op Fl -keys
.Op Fl -timestamp
.Xc
List the keys stored in the keytab.
.It remove Xo
.Op Fl p Ar principal
.Op Fl -principal= Ns Ar principal
.Op Fl V kvno
.Op Fl -kvno= Ns Ar kvno
.Op Fl e enctype
.Op Fl -enctype= Ns Ar enctype
.Xc
Removes the specified key or keys. Not specifying a
.Ar kvno
removes keys with any version number. Not specifying a
.Ar enctype
removes keys of any type.
.It rename Xo
.Ar from-principal
.Ar to-principal
.Xc
Renames all entries in the keytab that match the
.Ar from-principal
to
.Ar to-principal .
.It purge Xo
.Op Fl -age= Ns Ar age
.Xc
Removes all old entries (for which there is a newer version) that are
older than
.Ar age
(default one week).
.It srvconvert
.It srv2keytab Xo
.Op Fl s Ar srvtab
.Op Fl -srvtab= Ns Ar srvtab
.Xc
Converts the version 4 srvtab in
.Ar srvtab
to a version 5 keytab and stores it in
.Ar keytab .
Identical to:
.Bd -ragged -offset indent
.Li ktutil copy
.Li krb4: Ns Ar srvtab
.Ar keytab
.Ed
.It srvcreate
.It key2srvtab Xo
.Op Fl s Ar srvtab
.Op Fl -srvtab= Ns Ar srvtab
.Xc
Converts the version 5 keytab in
.Ar keytab
to a version 4 srvtab and stores it in
.Ar srvtab .
Identical to:
.Bd -ragged -offset indent
.Li ktutil copy
.Ar keytab
.Li krb4: Ns Ar srvtab
.Ed
.El
.Sh SEE ALSO
.Xr kadmin 8