|
jpayne@68
|
1 .\" Man page generated from reStructuredText.
|
|
jpayne@68
|
2 .
|
|
jpayne@68
|
3 .TH "K5SRVUTIL" "1" " " "1.20.1" "MIT Kerberos"
|
|
jpayne@68
|
4 .SH NAME
|
|
jpayne@68
|
5 k5srvutil \- host key table (keytab) manipulation utility
|
|
jpayne@68
|
6 .
|
|
jpayne@68
|
7 .nr rst2man-indent-level 0
|
|
jpayne@68
|
8 .
|
|
jpayne@68
|
9 .de1 rstReportMargin
|
|
jpayne@68
|
10 \\$1 \\n[an-margin]
|
|
jpayne@68
|
11 level \\n[rst2man-indent-level]
|
|
jpayne@68
|
12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
13 -
|
|
jpayne@68
|
14 \\n[rst2man-indent0]
|
|
jpayne@68
|
15 \\n[rst2man-indent1]
|
|
jpayne@68
|
16 \\n[rst2man-indent2]
|
|
jpayne@68
|
17 ..
|
|
jpayne@68
|
18 .de1 INDENT
|
|
jpayne@68
|
19 .\" .rstReportMargin pre:
|
|
jpayne@68
|
20 . RS \\$1
|
|
jpayne@68
|
21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
jpayne@68
|
22 . nr rst2man-indent-level +1
|
|
jpayne@68
|
23 .\" .rstReportMargin post:
|
|
jpayne@68
|
24 ..
|
|
jpayne@68
|
25 .de UNINDENT
|
|
jpayne@68
|
26 . RE
|
|
jpayne@68
|
27 .\" indent \\n[an-margin]
|
|
jpayne@68
|
28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
29 .nr rst2man-indent-level -1
|
|
jpayne@68
|
30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
jpayne@68
|
31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
jpayne@68
|
32 ..
|
|
jpayne@68
|
33 .SH SYNOPSIS
|
|
jpayne@68
|
34 .sp
|
|
jpayne@68
|
35 \fBk5srvutil\fP \fIoperation\fP
|
|
jpayne@68
|
36 [\fB\-i\fP]
|
|
jpayne@68
|
37 [\fB\-f\fP \fIfilename\fP]
|
|
jpayne@68
|
38 [\fB\-e\fP \fIkeysalts\fP]
|
|
jpayne@68
|
39 .SH DESCRIPTION
|
|
jpayne@68
|
40 .sp
|
|
jpayne@68
|
41 k5srvutil allows an administrator to list keys currently in
|
|
jpayne@68
|
42 a keytab, to obtain new keys for a principal currently in a keytab,
|
|
jpayne@68
|
43 or to delete non\-current keys from a keytab.
|
|
jpayne@68
|
44 .sp
|
|
jpayne@68
|
45 \fIoperation\fP must be one of the following:
|
|
jpayne@68
|
46 .INDENT 0.0
|
|
jpayne@68
|
47 .TP
|
|
jpayne@68
|
48 \fBlist\fP
|
|
jpayne@68
|
49 Lists the keys in a keytab, showing version number and principal
|
|
jpayne@68
|
50 name.
|
|
jpayne@68
|
51 .TP
|
|
jpayne@68
|
52 \fBchange\fP
|
|
jpayne@68
|
53 Uses the kadmin protocol to update the keys in the Kerberos
|
|
jpayne@68
|
54 database to new randomly\-generated keys, and updates the keys in
|
|
jpayne@68
|
55 the keytab to match. If a key\(aqs version number doesn\(aqt match the
|
|
jpayne@68
|
56 version number stored in the Kerberos server\(aqs database, then the
|
|
jpayne@68
|
57 operation will fail. If the \fB\-i\fP flag is given, k5srvutil will
|
|
jpayne@68
|
58 prompt for confirmation before changing each key. If the \fB\-k\fP
|
|
jpayne@68
|
59 option is given, the old and new keys will be displayed.
|
|
jpayne@68
|
60 Ordinarily, keys will be generated with the default encryption
|
|
jpayne@68
|
61 types and key salts. This can be overridden with the \fB\-e\fP
|
|
jpayne@68
|
62 option. Old keys are retained in the keytab so that existing
|
|
jpayne@68
|
63 tickets continue to work, but \fBdelold\fP should be used after
|
|
jpayne@68
|
64 such tickets expire, to prevent attacks against the old keys.
|
|
jpayne@68
|
65 .TP
|
|
jpayne@68
|
66 \fBdelold\fP
|
|
jpayne@68
|
67 Deletes keys that are not the most recent version from the keytab.
|
|
jpayne@68
|
68 This operation should be used some time after a change operation
|
|
jpayne@68
|
69 to remove old keys, after existing tickets issued for the service
|
|
jpayne@68
|
70 have expired. If the \fB\-i\fP flag is given, then k5srvutil will
|
|
jpayne@68
|
71 prompt for confirmation for each principal.
|
|
jpayne@68
|
72 .TP
|
|
jpayne@68
|
73 \fBdelete\fP
|
|
jpayne@68
|
74 Deletes particular keys in the keytab, interactively prompting for
|
|
jpayne@68
|
75 each key.
|
|
jpayne@68
|
76 .UNINDENT
|
|
jpayne@68
|
77 .sp
|
|
jpayne@68
|
78 In all cases, the default keytab is used unless this is overridden by
|
|
jpayne@68
|
79 the \fB\-f\fP option.
|
|
jpayne@68
|
80 .sp
|
|
jpayne@68
|
81 k5srvutil uses the kadmin(1) program to edit the keytab in
|
|
jpayne@68
|
82 place.
|
|
jpayne@68
|
83 .SH ENVIRONMENT
|
|
jpayne@68
|
84 .sp
|
|
jpayne@68
|
85 See kerberos(7) for a description of Kerberos environment
|
|
jpayne@68
|
86 variables.
|
|
jpayne@68
|
87 .SH SEE ALSO
|
|
jpayne@68
|
88 .sp
|
|
jpayne@68
|
89 kadmin(1), ktutil(1), kerberos(7)
|
|
jpayne@68
|
90 .SH AUTHOR
|
|
jpayne@68
|
91 MIT
|
|
jpayne@68
|
92 .SH COPYRIGHT
|
|
jpayne@68
|
93 1985-2022, MIT
|
|
jpayne@68
|
94 .\" Generated by docutils manpage writer.
|
|
jpayne@68
|
95 .
|
