jpayne@68: .\" Man page generated from reStructuredText. jpayne@68: . jpayne@68: .TH "K5SRVUTIL" "1" " " "1.20.1" "MIT Kerberos" jpayne@68: .SH NAME jpayne@68: k5srvutil \- host key table (keytab) manipulation utility jpayne@68: . jpayne@68: .nr rst2man-indent-level 0 jpayne@68: . jpayne@68: .de1 rstReportMargin jpayne@68: \\$1 \\n[an-margin] jpayne@68: level \\n[rst2man-indent-level] jpayne@68: level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: - jpayne@68: \\n[rst2man-indent0] jpayne@68: \\n[rst2man-indent1] jpayne@68: \\n[rst2man-indent2] jpayne@68: .. jpayne@68: .de1 INDENT jpayne@68: .\" .rstReportMargin pre: jpayne@68: . RS \\$1 jpayne@68: . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] jpayne@68: . nr rst2man-indent-level +1 jpayne@68: .\" .rstReportMargin post: jpayne@68: .. jpayne@68: .de UNINDENT jpayne@68: . RE jpayne@68: .\" indent \\n[an-margin] jpayne@68: .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: .nr rst2man-indent-level -1 jpayne@68: .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: .in \\n[rst2man-indent\\n[rst2man-indent-level]]u jpayne@68: .. jpayne@68: .SH SYNOPSIS jpayne@68: .sp jpayne@68: \fBk5srvutil\fP \fIoperation\fP jpayne@68: [\fB\-i\fP] jpayne@68: [\fB\-f\fP \fIfilename\fP] jpayne@68: [\fB\-e\fP \fIkeysalts\fP] jpayne@68: .SH DESCRIPTION jpayne@68: .sp jpayne@68: k5srvutil allows an administrator to list keys currently in jpayne@68: a keytab, to obtain new keys for a principal currently in a keytab, jpayne@68: or to delete non\-current keys from a keytab. jpayne@68: .sp jpayne@68: \fIoperation\fP must be one of the following: jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fBlist\fP jpayne@68: Lists the keys in a keytab, showing version number and principal jpayne@68: name. jpayne@68: .TP jpayne@68: \fBchange\fP jpayne@68: Uses the kadmin protocol to update the keys in the Kerberos jpayne@68: database to new randomly\-generated keys, and updates the keys in jpayne@68: the keytab to match. If a key\(aqs version number doesn\(aqt match the jpayne@68: version number stored in the Kerberos server\(aqs database, then the jpayne@68: operation will fail. If the \fB\-i\fP flag is given, k5srvutil will jpayne@68: prompt for confirmation before changing each key. If the \fB\-k\fP jpayne@68: option is given, the old and new keys will be displayed. jpayne@68: Ordinarily, keys will be generated with the default encryption jpayne@68: types and key salts. This can be overridden with the \fB\-e\fP jpayne@68: option. Old keys are retained in the keytab so that existing jpayne@68: tickets continue to work, but \fBdelold\fP should be used after jpayne@68: such tickets expire, to prevent attacks against the old keys. jpayne@68: .TP jpayne@68: \fBdelold\fP jpayne@68: Deletes keys that are not the most recent version from the keytab. jpayne@68: This operation should be used some time after a change operation jpayne@68: to remove old keys, after existing tickets issued for the service jpayne@68: have expired. If the \fB\-i\fP flag is given, then k5srvutil will jpayne@68: prompt for confirmation for each principal. jpayne@68: .TP jpayne@68: \fBdelete\fP jpayne@68: Deletes particular keys in the keytab, interactively prompting for jpayne@68: each key. jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: In all cases, the default keytab is used unless this is overridden by jpayne@68: the \fB\-f\fP option. jpayne@68: .sp jpayne@68: k5srvutil uses the kadmin(1) program to edit the keytab in jpayne@68: place. jpayne@68: .SH ENVIRONMENT jpayne@68: .sp jpayne@68: See kerberos(7) for a description of Kerberos environment jpayne@68: variables. jpayne@68: .SH SEE ALSO jpayne@68: .sp jpayne@68: kadmin(1), ktutil(1), kerberos(7) jpayne@68: .SH AUTHOR jpayne@68: MIT jpayne@68: .SH COPYRIGHT jpayne@68: 1985-2022, MIT jpayne@68: .\" Generated by docutils manpage writer. jpayne@68: .