94 lines
2.7 KiB
Groff
94 lines
2.7 KiB
Groff
|
.\" from: /mit/kerberos/src/man/RCS/ksrvutil.8,v 4.0 89/07/27 18:35:33 jtkohl Exp $
|
||
|
|
.\" $Id: ksrvutil.8,v 1.2 1994/07/19 19:27:53 g89r4222 Exp $
|
||
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||
|
|
.\"
|
||
|
|
.\" For copying and distribution information,
|
||
|
|
.\" please see the file <Copyright.MIT>.
|
||
|
|
.\"
|
||
|
|
.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
|
||
|
|
.SH NAME
|
||
|
|
ksrvutil \- host kerberos keyfile (srvtab) manipulation utility
|
||
|
|
.SH SYNOPSIS
|
||
|
|
ksrvutil
|
||
|
|
.B operation
|
||
|
|
[
|
||
|
|
.B \-k
|
||
|
|
] [
|
||
|
|
.B \-i
|
||
|
|
] [
|
||
|
|
.B \-f filename
|
||
|
|
]
|
||
|
|
.SH DESCRIPTION
|
||
|
|
.I ksrvutil
|
||
|
|
allows a system manager to list or change keys currently in his
|
||
|
|
keyfile or to add new keys to the keyfile.
|
||
|
|
.PP
|
||
|
|
|
||
|
|
Operation must be one of the following:
|
||
|
|
.TP 10n
|
||
|
|
.I list
|
||
|
|
lists the keys in a keyfile showing version number and principal
|
||
|
|
name. If the \-k option is given, keys will also be shown.
|
||
|
|
.TP 10n
|
||
|
|
.I change
|
||
|
|
changes all the keys in the keyfile by using the regular admin
|
||
|
|
protocol. If the \-i flag is given,
|
||
|
|
.I ksrvutil
|
||
|
|
will prompt for yes or no before changing each key. If the \-k
|
||
|
|
option is used, the old and new keys will be displayed.
|
||
|
|
.TP 10n
|
||
|
|
.I add
|
||
|
|
allows the user to add a key.
|
||
|
|
.I add
|
||
|
|
prompts for name, instance, realm, and key version number, asks
|
||
|
|
for confirmation, and then asks for a password.
|
||
|
|
.I ksrvutil
|
||
|
|
then converts the password to a key and appends the keyfile with
|
||
|
|
the new information. If the \-k option is used, the key is
|
||
|
|
displayed.
|
||
|
|
|
||
|
|
.PP
|
||
|
|
In all cases, the default file used is KEY_FILE as defined in
|
||
|
|
krb.h unless this is overridden by the \-f option.
|
||
|
|
|
||
|
|
.PP
|
||
|
|
A good use for
|
||
|
|
.I ksrvutil
|
||
|
|
would be for adding keys to a keyfile. A system manager could
|
||
|
|
ask a kerberos administrator to create a new service key with
|
||
|
|
.IR kadmin (8)
|
||
|
|
and could supply an initial password. Then, he could use
|
||
|
|
.I ksrvutil
|
||
|
|
to add the key to the keyfile and then to change the key so that
|
||
|
|
it will be random and unknown to either the system manager or
|
||
|
|
the kerberos administrator.
|
||
|
|
|
||
|
|
.I ksrvutil
|
||
|
|
always makes a backup copy of the keyfile before making any
|
||
|
|
changes.
|
||
|
|
|
||
|
|
.SH DIAGNOSTICS
|
||
|
|
If
|
||
|
|
.I ksrvutil
|
||
|
|
should exit on an error condition at any time during a change or
|
||
|
|
add, a copy of the
|
||
|
|
original keyfile can be found in
|
||
|
|
.IR filename .old
|
||
|
|
where
|
||
|
|
.I filename
|
||
|
|
is the name of the keyfile, and a copy of the file with all new
|
||
|
|
keys changed or added so far can be found in
|
||
|
|
.IR filename .work.
|
||
|
|
The original keyfile is left unmodified until the program exits
|
||
|
|
at which point it is removed and replaced it with the workfile.
|
||
|
|
Appending the workfile to the backup copy and replacing the
|
||
|
|
keyfile with the result should always give a usable keyfile,
|
||
|
|
although the resulting keyfile will have some out of date keys
|
||
|
|
in it.
|
||
|
|
|
||
|
|
.SH SEE ALSO
|
||
|
|
kadmin(8), ksrvtgt(1)
|
||
|
|
|
||
|
|
.SH AUTHOR
|
||
|
|
Emanuel Jay Berkenbilt, MIT Project Athena
|