source: trunk/third/ksrvutil/ksrvutil.8 @ 11764

Revision 11764, 2.9 KB checked in by ghudson, 26 years ago (diff)
CNS ksrvutil man page
Line 
1.\" Copyright 1989 by the Massachusetts Institute of Technology.
2.\"
3.\" For copying and distribution information,
4.\" please see the file <mit-copyright.h>.
5.\"
6.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
7.SH NAME
8ksrvutil \- host kerberos keyfile (srvtab) manipulation utility
9.SH SYNOPSIS
10ksrvutil
11.B operation
12[
13.B \-k
14] [
15.B \-i
16] [
17.B \-f filename
18]
19.SH DESCRIPTION
20.I ksrvutil
21allows a system manager to list or change keys currently in his
22keyfile or to add new keys to the keyfile.
23.PP
24
25Operation must be one of the following:
26.TP 10n
27.I list
28lists the keys in a keyfile showing version number and principal
29name.  If the \-k option is given, keys will also be shown.
30.TP 10n
31.I change
32changes all the keys in the keyfile to new randomly-generated keys,
33updating the keys in the Kerberos server's database to match by using the
34kadmin protocol.  If a key's version number doesn't match the
35version number stored in the Kerberos server's database, it will ask
36whether to correct the version number in the keyfile to match (they
37must match for Kerberos to work properly).
38If the \-i flag is given,
39.I ksrvutil
40will prompt for yes or no before changing each key.  If the \-k
41option is used, the old and new keys will be displayed.
42.TP 10n
43.I add
44allows the user to add a key.
45.I add
46prompts for name, instance, realm, and key version number, asks
47for confirmation, and then asks for a password. 
48.I ksrvutil
49then converts the password to a key and appends the keyfile with
50the new information.  If the \-k option is used, the key is
51displayed.
52.TP 10n
53.I delete
54deletes particular keys in the keyfile, interactively prompting for
55each key.
56
57.PP
58In all cases, the default file used is KEYFILE as defined in
59krb.h unless this is overridden by the \-f option.
60
61.PP
62A good use for
63.I ksrvutil
64would be for adding keys to a keyfile.  A system manager could
65ask a kerberos administrator to create a new service key with
66.IR kadmin (8)
67and could supply an initial password.  Then, he could use
68.I ksrvutil
69to add the key to the keyfile and then to change the key so that
70it will be random and unknown to either the system manager or
71the kerberos administrator.
72
73.I ksrvutil
74always makes a backup copy of the keyfile before making any
75changes. 
76
77.SH DIAGNOSTICS
78If
79.I ksrvutil
80should exit on an error condition at any time during a change or
81add, a copy of the
82original keyfile can be found in
83.IR filename .old
84where
85.I filename
86is the name of the keyfile, and a copy of the file with all new
87keys changed or added so far can be found in
88.IR filename .work.
89The original keyfile is left unmodified until the program exits
90at which point it is removed and replaced it with the workfile.
91Appending the workfile to the backup copy and replacing the
92keyfile with the result should always give a usable keyfile,
93although the resulting keyfile will have some out of date keys
94in it.
95
96.SH SEE ALSO
97kadmin(8), ksrvtgt(1)
98
99.SH AUTHOR
100Emanuel Jay Berkenbilt, MIT Project Athena
Note: See TracBrowser for help on using the repository browser.