jpayne@68: .\" Man page generated from reStructuredText. jpayne@68: . jpayne@68: .TH "KDB5_UTIL" "8" " " "1.20.1" "MIT Kerberos" jpayne@68: .SH NAME jpayne@68: kdb5_util \- Kerberos database maintenance utility jpayne@68: . jpayne@68: .nr rst2man-indent-level 0 jpayne@68: . jpayne@68: .de1 rstReportMargin jpayne@68: \\$1 \\n[an-margin] jpayne@68: level \\n[rst2man-indent-level] jpayne@68: level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: - jpayne@68: \\n[rst2man-indent0] jpayne@68: \\n[rst2man-indent1] jpayne@68: \\n[rst2man-indent2] jpayne@68: .. jpayne@68: .de1 INDENT jpayne@68: .\" .rstReportMargin pre: jpayne@68: . RS \\$1 jpayne@68: . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] jpayne@68: . nr rst2man-indent-level +1 jpayne@68: .\" .rstReportMargin post: jpayne@68: .. jpayne@68: .de UNINDENT jpayne@68: . RE jpayne@68: .\" indent \\n[an-margin] jpayne@68: .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: .nr rst2man-indent-level -1 jpayne@68: .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] jpayne@68: .in \\n[rst2man-indent\\n[rst2man-indent-level]]u jpayne@68: .. jpayne@68: .SH SYNOPSIS jpayne@68: .sp jpayne@68: \fBkdb5_util\fP jpayne@68: [\fB\-r\fP \fIrealm\fP] jpayne@68: [\fB\-d\fP \fIdbname\fP] jpayne@68: [\fB\-k\fP \fImkeytype\fP] jpayne@68: [\fB\-kv\fP \fImkeyVNO\fP] jpayne@68: [\fB\-M\fP \fImkeyname\fP] jpayne@68: [\fB\-m\fP] jpayne@68: [\fB\-sf\fP \fIstashfilename\fP] jpayne@68: [\fB\-P\fP \fIpassword\fP] jpayne@68: [\fB\-x\fP \fIdb_args\fP] jpayne@68: \fIcommand\fP [\fIcommand_options\fP] jpayne@68: .SH DESCRIPTION jpayne@68: .sp jpayne@68: kdb5_util allows an administrator to perform maintenance procedures on jpayne@68: the KDC database. Databases can be created, destroyed, and dumped to jpayne@68: or loaded from ASCII files. kdb5_util can create a Kerberos master jpayne@68: key stash file or perform live rollover of the master key. jpayne@68: .sp jpayne@68: When kdb5_util is run, it attempts to acquire the master key and open jpayne@68: the database. However, execution continues regardless of whether or jpayne@68: not kdb5_util successfully opens the database, because the database jpayne@68: may not exist yet or the stash file may be corrupt. jpayne@68: .sp jpayne@68: Note that some KDC database modules may not support all kdb5_util jpayne@68: commands. jpayne@68: .SH COMMAND-LINE OPTIONS jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fB\-r\fP \fIrealm\fP jpayne@68: specifies the Kerberos realm of the database. jpayne@68: .TP jpayne@68: \fB\-d\fP \fIdbname\fP jpayne@68: specifies the name under which the principal database is stored; jpayne@68: by default the database is that listed in kdc.conf(5)\&. The jpayne@68: password policy database and lock files are also derived from this jpayne@68: value. jpayne@68: .TP jpayne@68: \fB\-k\fP \fImkeytype\fP jpayne@68: specifies the key type of the master key in the database. The jpayne@68: default is given by the \fBmaster_key_type\fP variable in jpayne@68: kdc.conf(5)\&. jpayne@68: .TP jpayne@68: \fB\-kv\fP \fImkeyVNO\fP jpayne@68: Specifies the version number of the master key in the database; jpayne@68: the default is 1. Note that 0 is not allowed. jpayne@68: .TP jpayne@68: \fB\-M\fP \fImkeyname\fP jpayne@68: principal name for the master key in the database. If not jpayne@68: specified, the name is determined by the \fBmaster_key_name\fP jpayne@68: variable in kdc.conf(5)\&. jpayne@68: .TP jpayne@68: \fB\-m\fP jpayne@68: specifies that the master database password should be read from jpayne@68: the keyboard rather than fetched from a file on disk. jpayne@68: .TP jpayne@68: \fB\-sf\fP \fIstash_file\fP jpayne@68: specifies the stash filename of the master database password. If jpayne@68: not specified, the filename is determined by the jpayne@68: \fBkey_stash_file\fP variable in kdc.conf(5)\&. jpayne@68: .TP jpayne@68: \fB\-P\fP \fIpassword\fP jpayne@68: specifies the master database password. Using this option may jpayne@68: expose the password to other users on the system via the process jpayne@68: list. jpayne@68: .TP jpayne@68: \fB\-x\fP \fIdb_args\fP jpayne@68: specifies database\-specific options. See kadmin(1) for jpayne@68: supported options. jpayne@68: .UNINDENT jpayne@68: .SH COMMANDS jpayne@68: .SS create jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBcreate\fP [\fB\-s\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Creates a new database. If the \fB\-s\fP option is specified, the stash jpayne@68: file is also created. This command fails if the database already jpayne@68: exists. If the command is successful, the database is opened just as jpayne@68: if it had already existed when the program was first run. jpayne@68: .SS destroy jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBdestroy\fP [\fB\-f\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Destroys the database, first overwriting the disk sectors and then jpayne@68: unlinking the files, after prompting the user for confirmation. With jpayne@68: the \fB\-f\fP argument, does not prompt the user. jpayne@68: .SS stash jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBstash\fP [\fB\-f\fP \fIkeyfile\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Stores the master principal\(aqs keys in a stash file. The \fB\-f\fP jpayne@68: argument can be used to override the \fIkeyfile\fP specified in jpayne@68: kdc.conf(5)\&. jpayne@68: .SS dump jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBdump\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP] jpayne@68: [\fB\-verbose\fP] [\fB\-mkey_convert\fP] [\fB\-new_mkey_file\fP jpayne@68: \fImkey_file\fP] [\fB\-rev\fP] [\fB\-recurse\fP] [\fIfilename\fP jpayne@68: [\fIprincipals\fP\&...]] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Dumps the current Kerberos and KADM5 database into an ASCII file. By jpayne@68: default, the database is dumped in current format, "kdb5_util jpayne@68: load_dump version 7". If filename is not specified, or is the string jpayne@68: "\-", the dump is sent to standard output. Options: jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fB\-b7\fP jpayne@68: causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util jpayne@68: load_dump version 4"). This was the dump format produced on jpayne@68: releases prior to 1.2.2. jpayne@68: .TP jpayne@68: \fB\-r13\fP jpayne@68: causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util jpayne@68: load_dump version 5"). This was the dump format produced on jpayne@68: releases prior to 1.8. jpayne@68: .TP jpayne@68: \fB\-r18\fP jpayne@68: causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util jpayne@68: load_dump version 6"). This was the dump format produced on jpayne@68: releases prior to 1.11. jpayne@68: .TP jpayne@68: \fB\-verbose\fP jpayne@68: causes the name of each principal and policy to be printed as it jpayne@68: is dumped. jpayne@68: .TP jpayne@68: \fB\-mkey_convert\fP jpayne@68: prompts for a new master key. This new master key will be used to jpayne@68: re\-encrypt principal key data in the dumpfile. The principal keys jpayne@68: themselves will not be changed. jpayne@68: .TP jpayne@68: \fB\-new_mkey_file\fP \fImkey_file\fP jpayne@68: the filename of a stash file. The master key in this stash file jpayne@68: will be used to re\-encrypt the key data in the dumpfile. The key jpayne@68: data in the database will not be changed. jpayne@68: .TP jpayne@68: \fB\-rev\fP jpayne@68: dumps in reverse order. This may recover principals that do not jpayne@68: dump normally, in cases where database corruption has occurred. jpayne@68: .TP jpayne@68: \fB\-recurse\fP jpayne@68: causes the dump to walk the database recursively (btree only). jpayne@68: This may recover principals that do not dump normally, in cases jpayne@68: where database corruption has occurred. In cases of such jpayne@68: corruption, this option will probably retrieve more principals jpayne@68: than the \fB\-rev\fP option will. jpayne@68: .sp jpayne@68: Changed in version 1.15: Release 1.15 restored the functionality of the \fB\-recurse\fP jpayne@68: option. jpayne@68: jpayne@68: .sp jpayne@68: Changed in version 1.5: The \fB\-recurse\fP option ceased working until release 1.15, jpayne@68: doing a normal dump instead of a recursive traversal. jpayne@68: jpayne@68: .UNINDENT jpayne@68: .SS load jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBload\fP [\fB\-b7\fP|\fB\-r13\fP|\fB\-r18\fP] [\fB\-hash\fP] jpayne@68: [\fB\-verbose\fP] [\fB\-update\fP] \fIfilename\fP jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Loads a database dump from the named file into the named database. If jpayne@68: no option is given to determine the format of the dump file, the jpayne@68: format is detected automatically and handled as appropriate. Unless jpayne@68: the \fB\-update\fP option is given, \fBload\fP creates a new database jpayne@68: containing only the data in the dump file, overwriting the contents of jpayne@68: any previously existing database. Note that when using the LDAP KDC jpayne@68: database module, the \fB\-update\fP flag is required. jpayne@68: .sp jpayne@68: Options: jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fB\-b7\fP jpayne@68: requires the database to be in the Kerberos 5 Beta 7 format jpayne@68: ("kdb5_util load_dump version 4"). This was the dump format jpayne@68: produced on releases prior to 1.2.2. jpayne@68: .TP jpayne@68: \fB\-r13\fP jpayne@68: requires the database to be in Kerberos 5 1.3 format ("kdb5_util jpayne@68: load_dump version 5"). This was the dump format produced on jpayne@68: releases prior to 1.8. jpayne@68: .TP jpayne@68: \fB\-r18\fP jpayne@68: requires the database to be in Kerberos 5 1.8 format ("kdb5_util jpayne@68: load_dump version 6"). This was the dump format produced on jpayne@68: releases prior to 1.11. jpayne@68: .TP jpayne@68: \fB\-hash\fP jpayne@68: stores the database in hash format, if using the DB2 database jpayne@68: type. If this option is not specified, the database will be jpayne@68: stored in btree format. This option is not recommended, as jpayne@68: databases stored in hash format are known to corrupt data and lose jpayne@68: principals. jpayne@68: .TP jpayne@68: \fB\-verbose\fP jpayne@68: causes the name of each principal and policy to be printed as it jpayne@68: is dumped. jpayne@68: .TP jpayne@68: \fB\-update\fP jpayne@68: records from the dump file are added to or updated in the existing jpayne@68: database. Otherwise, a new database is created containing only jpayne@68: what is in the dump file and the old one destroyed upon successful jpayne@68: completion. jpayne@68: .UNINDENT jpayne@68: .SS ark jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBark\fP [\fB\-e\fP \fIenc\fP:\fIsalt\fP,...] \fIprincipal\fP jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Adds new random keys to \fIprincipal\fP at the next available key version jpayne@68: number. Keys for the current highest key version number will be jpayne@68: preserved. The \fB\-e\fP option specifies the list of encryption and jpayne@68: salt types to be used for the new keys. jpayne@68: .SS add_mkey jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBadd_mkey\fP [\fB\-e\fP \fIetype\fP] [\fB\-s\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Adds a new master key to the master key principal, but does not mark jpayne@68: it as active. Existing master keys will remain. The \fB\-e\fP option jpayne@68: specifies the encryption type of the new master key; see jpayne@68: Encryption_types in kdc.conf(5) for a list of possible jpayne@68: values. The \fB\-s\fP option stashes the new master key in the stash jpayne@68: file, which will be created if it doesn\(aqt already exist. jpayne@68: .sp jpayne@68: After a new master key is added, it should be propagated to replica jpayne@68: servers via a manual or periodic invocation of kprop(8)\&. Then, jpayne@68: the stash files on the replica servers should be updated with the jpayne@68: kdb5_util \fBstash\fP command. Once those steps are complete, the key jpayne@68: is ready to be marked active with the kdb5_util \fBuse_mkey\fP command. jpayne@68: .SS use_mkey jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBuse_mkey\fP \fImkeyVNO\fP [\fItime\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Sets the activation time of the master key specified by \fImkeyVNO\fP\&. jpayne@68: Once a master key becomes active, it will be used to encrypt newly jpayne@68: created principal keys. If no \fItime\fP argument is given, the current jpayne@68: time is used, causing the specified master key version to become jpayne@68: active immediately. The format for \fItime\fP is getdate string. jpayne@68: .sp jpayne@68: After a new master key becomes active, the kdb5_util jpayne@68: \fBupdate_princ_encryption\fP command can be used to update all jpayne@68: principal keys to be encrypted in the new master key. jpayne@68: .SS list_mkeys jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBlist_mkeys\fP jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: List all master keys, from most recent to earliest, in the master key jpayne@68: principal. The output will show the kvno, enctype, and salt type for jpayne@68: each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&. A jpayne@68: \fB*\fP following an mkey denotes the currently active master key. jpayne@68: .SS purge_mkeys jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBpurge_mkeys\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Delete master keys from the master key principal that are not used to jpayne@68: protect any principals. This command can be used to remove old master jpayne@68: keys all principal keys are protected by a newer master key. jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fB\-f\fP jpayne@68: does not prompt for confirmation. jpayne@68: .TP jpayne@68: \fB\-n\fP jpayne@68: performs a dry run, showing master keys that would be purged, but jpayne@68: not actually purging any keys. jpayne@68: .TP jpayne@68: \fB\-v\fP jpayne@68: gives more verbose output. jpayne@68: .UNINDENT jpayne@68: .SS update_princ_encryption jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] jpayne@68: [\fIprinc\-pattern\fP] jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Update all principal records (or only those matching the jpayne@68: \fIprinc\-pattern\fP glob pattern) to re\-encrypt the key data using the jpayne@68: active database master key, if they are encrypted using a different jpayne@68: version, and give a count at the end of the number of principals jpayne@68: updated. If the \fB\-f\fP option is not given, ask for confirmation jpayne@68: before starting to make changes. The \fB\-v\fP option causes each jpayne@68: principal processed to be listed, with an indication as to whether it jpayne@68: needed updating or not. The \fB\-n\fP option performs a dry run, only jpayne@68: showing the actions which would have been taken. jpayne@68: .SS tabdump jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: \fBtabdump\fP [\fB\-H\fP] [\fB\-c\fP] [\fB\-e\fP] [\fB\-n\fP] [\fB\-o\fP \fIoutfile\fP] jpayne@68: \fIdumptype\fP jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Dump selected fields of the database in a tabular format suitable for jpayne@68: reporting (e.g., using traditional Unix text processing tools) or jpayne@68: importing into relational databases. The data format is tab\-separated jpayne@68: (default), or optionally comma\-separated (CSV), with a fixed number of jpayne@68: columns. The output begins with a header line containing field names, jpayne@68: unless suppression is requested using the \fB\-H\fP option. jpayne@68: .sp jpayne@68: The \fIdumptype\fP parameter specifies the name of an output table (see jpayne@68: below). jpayne@68: .sp jpayne@68: Options: jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fB\-H\fP jpayne@68: suppress writing the field names in a header line jpayne@68: .TP jpayne@68: \fB\-c\fP jpayne@68: use comma separated values (CSV) format, with minimal quoting, jpayne@68: instead of the default tab\-separated (unquoted, unescaped) format jpayne@68: .TP jpayne@68: \fB\-e\fP jpayne@68: write empty hexadecimal string fields as empty fields instead of jpayne@68: as "\-1". jpayne@68: .TP jpayne@68: \fB\-n\fP jpayne@68: produce numeric output for fields that normally have symbolic jpayne@68: output, such as enctypes and flag names. Also requests output of jpayne@68: time stamps as decimal POSIX time_t values. jpayne@68: .TP jpayne@68: \fB\-o\fP \fIoutfile\fP jpayne@68: write the dump to the specified output file instead of to standard jpayne@68: output jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Dump types: jpayne@68: .INDENT 0.0 jpayne@68: .TP jpayne@68: \fBkeydata\fP jpayne@68: principal encryption key information, including actual key data jpayne@68: (which is still encrypted in the master key) jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBkeyindex\fP jpayne@68: index of this key in the principal\(aqs key list jpayne@68: .TP jpayne@68: \fBkvno\fP jpayne@68: key version number jpayne@68: .TP jpayne@68: \fBenctype\fP jpayne@68: encryption type jpayne@68: .TP jpayne@68: \fBkey\fP jpayne@68: key data as a hexadecimal string jpayne@68: .TP jpayne@68: \fBsalttype\fP jpayne@68: salt type jpayne@68: .TP jpayne@68: \fBsalt\fP jpayne@68: salt data as a hexadecimal string jpayne@68: .UNINDENT jpayne@68: .TP jpayne@68: \fBkeyinfo\fP jpayne@68: principal encryption key information (as in \fBkeydata\fP above), jpayne@68: excluding actual key data jpayne@68: .TP jpayne@68: \fBprinc_flags\fP jpayne@68: principal boolean attributes. Flag names print as hexadecimal jpayne@68: numbers if the \fB\-n\fP option is specified, and all flag positions jpayne@68: are printed regardless of whether or not they are set. If \fB\-n\fP jpayne@68: is not specified, print all known flag names for each principal, jpayne@68: but only print hexadecimal flag names if the corresponding flag is jpayne@68: set. jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBflag\fP jpayne@68: flag name jpayne@68: .TP jpayne@68: \fBvalue\fP jpayne@68: boolean value (0 for clear, or 1 for set) jpayne@68: .UNINDENT jpayne@68: .TP jpayne@68: \fBprinc_lockout\fP jpayne@68: state information used for tracking repeated password failures jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBlast_success\fP jpayne@68: time stamp of most recent successful authentication jpayne@68: .TP jpayne@68: \fBlast_failed\fP jpayne@68: time stamp of most recent failed authentication jpayne@68: .TP jpayne@68: \fBfail_count\fP jpayne@68: count of failed attempts jpayne@68: .UNINDENT jpayne@68: .TP jpayne@68: \fBprinc_meta\fP jpayne@68: principal metadata jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBmodby\fP jpayne@68: name of last principal to modify this principal jpayne@68: .TP jpayne@68: \fBmodtime\fP jpayne@68: timestamp of last modification jpayne@68: .TP jpayne@68: \fBlastpwd\fP jpayne@68: timestamp of last password change jpayne@68: .TP jpayne@68: \fBpolicy\fP jpayne@68: policy object name jpayne@68: .TP jpayne@68: \fBmkvno\fP jpayne@68: key version number of the master key that encrypts this jpayne@68: principal\(aqs key data jpayne@68: .TP jpayne@68: \fBhist_kvno\fP jpayne@68: key version number of the history key that encrypts the key jpayne@68: history data for this principal jpayne@68: .UNINDENT jpayne@68: .TP jpayne@68: \fBprinc_stringattrs\fP jpayne@68: string attributes (key/value pairs) jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBkey\fP jpayne@68: attribute name jpayne@68: .TP jpayne@68: \fBvalue\fP jpayne@68: attribute value jpayne@68: .UNINDENT jpayne@68: .TP jpayne@68: \fBprinc_tktpolicy\fP jpayne@68: per\-principal ticket policy data, including maximum ticket jpayne@68: lifetimes jpayne@68: .INDENT 7.0 jpayne@68: .TP jpayne@68: \fBname\fP jpayne@68: principal name jpayne@68: .TP jpayne@68: \fBexpiration\fP jpayne@68: principal expiration date jpayne@68: .TP jpayne@68: \fBpw_expiration\fP jpayne@68: password expiration date jpayne@68: .TP jpayne@68: \fBmax_life\fP jpayne@68: maximum ticket lifetime jpayne@68: .TP jpayne@68: \fBmax_renew_life\fP jpayne@68: maximum renewable ticket lifetime jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .sp jpayne@68: Examples: jpayne@68: .INDENT 0.0 jpayne@68: .INDENT 3.5 jpayne@68: .sp jpayne@68: .nf jpayne@68: .ft C jpayne@68: $ kdb5_util tabdump \-o keyinfo.txt keyinfo jpayne@68: $ cat keyinfo.txt jpayne@68: name keyindex kvno enctype salttype salt jpayne@68: K/M@EXAMPLE.COM 0 1 aes256\-cts\-hmac\-sha384\-192 normal \-1 jpayne@68: foo@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1 jpayne@68: bar@EXAMPLE.COM 0 1 aes128\-cts\-hmac\-sha1\-96 normal \-1 jpayne@68: $ sqlite3 jpayne@68: sqlite> .mode tabs jpayne@68: sqlite> .import keyinfo.txt keyinfo jpayne@68: sqlite> select * from keyinfo where enctype like \(aqaes256\-%\(aq; jpayne@68: K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1 jpayne@68: sqlite> .quit jpayne@68: $ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt jpayne@68: K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1 jpayne@68: .ft P jpayne@68: .fi jpayne@68: .UNINDENT jpayne@68: .UNINDENT jpayne@68: .SH ENVIRONMENT jpayne@68: .sp jpayne@68: See kerberos(7) for a description of Kerberos environment jpayne@68: variables. jpayne@68: .SH SEE ALSO jpayne@68: .sp jpayne@68: kadmin(1), kerberos(7) jpayne@68: .SH AUTHOR jpayne@68: MIT jpayne@68: .SH COPYRIGHT jpayne@68: 1985-2022, MIT jpayne@68: .\" Generated by docutils manpage writer. jpayne@68: .