1 .\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $
2 .\" $FreeBSD: src/crypto/kerberosIV/man/ksrvutil.8,v 1.3.2.1 2001/05/08 15:08:10 assar Exp $
3 .\" Copyright 1989 by the Massachusetts Institute of Technology.
5 .\" For copying and distribution information,
6 .\" please see the file <mit-copyright.h>.
13 .Nd "host kerberos keyfile (srvtab) manipulation utility"
24 allows a system manager to list or change keys currently in his
25 keyfile or to add new keys to the keyfile.
27 Operation must be one of the following:
28 .Bl -tag -width indent
30 lists the keys in a keyfile showing version number and principal name.
33 option is given, keys will also be shown.
35 changes all the keys in the keyfile by using the regular admin
40 will prompt for yes or no before changing each key. If the
42 option is used, the old and new keys will be displayed.
44 allows the user to add a key.
46 prompts for name, instance, realm, and key version number, asks
47 for confirmation, and then asks for a password.
49 then converts the password to a key and appends the keyfile with the
50 new information. If the
52 option is used, the key is displayed.
54 gets a service from the Kerberos server, possibly creating the
55 principal. Names, instances and realms for the service keys to get are
56 prompted for. The default principal used in the kadmin transcation is
57 your root instance. This can be changed with the
62 In all cases, the default file used is KEY_FILE as defined in krb.h
63 unless this is overridden by the
69 would be for adding keys to a keyfile. A system manager could
70 ask a kerberos administrator to create a new service key with
72 and could supply an initial password. Then, he could use
74 to add the key to the keyfile and then to change the key so that it
75 will be random and unknown to either the system manager or the
76 kerberos administrator.
79 always makes a backup copy of the keyfile before making any changes.
83 should exit on an error condition at any time during a change or add,
84 a copy of the original keyfile can be found in
88 is the name of the keyfile, and a copy of the file with all new
89 keys changed or added so far can be found in
90 .Pa filename Ns .work .
91 The original keyfile is left unmodified until the program exits at
92 which point it is removed and replaced it with the workfile.
93 Appending the workfile to the backup copy and replacing the keyfile
94 with the result should always give a usable keyfile, although the
95 resulting keyfile will have some out of date keys in it.
100 Emanuel Jay Berkenbilt, MIT Project Athena