ksrvutil(8) - NetBSD Manual Pages




KSRVUTIL(8)                                           KSRVUTIL(8)



NAME
ksrvutil - host kerberos keyfile (srvtab) manipulation utility
SYNOPSIS
ksrvutil operation [ -k ] [ -i ] [ -f filename ]
DESCRIPTION
ksrvutil allows a system manager to list or change keys currently in his keyfile or to add new keys to the key- file. Operation must be one of the following: list lists the keys in a keyfile showing version num- ber and principal name. If the -k option is given, keys will also be shown. change changes all the keys in the keyfile by using the regular admin protocol. If the -i flag is given, ksrvutil will prompt for yes or no before changing each key. If the -k option is used, the old and new keys will be displayed. add allows the user to add a key. add prompts for name, instance, realm, and key version number, asks for confirmation, and then asks for a pass- word. ksrvutil then converts the password to a key and appends the keyfile with the new infor- mation. If the -k option is used, the key is displayed. In all cases, the default file used is KEY_FILE as defined in krb.h unless this is overridden by the -f option. A good use for ksrvutil would be for adding keys to a key- file. A system manager could ask a kerberos administrator to create a new service key with kadmin(8) and could sup- ply an initial password. Then, he could use ksrvutil to add the key to the keyfile and then to change the key so that it will be random and unknown to either the system manager or the kerberos administrator. ksrvutil always makes a backup copy of the keyfile before making any changes.
DIAGNOSTICS
If ksrvutil should exit on an error condition at any time during a change or add, a copy of the original keyfile can be found in filename.old where filename is the name of the MIT Project Athena Kerberos Version 4.0 1 KSRVUTIL(8) KSRVUTIL(8) keyfile, and a copy of the file with all new keys changed or added so far can be found in filename.work. The origi- nal keyfile is left unmodified until the program exits at which point it is removed and replaced it with the work- file. Appending the workfile to the backup copy and replacing the keyfile with the result should always give a usable keyfile, although the resulting keyfile will have some out of date keys in it.
SEE ALSO
kadmin(8), ksrvtgt(1)
AUTHOR
Emanuel Jay Berkenbilt, MIT Project Athena MIT Project Athena Kerberos Version 4.0 2

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.