mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-01 00:18:15 +01:00
94 lines
2.6 KiB
Groff
94 lines
2.6 KiB
Groff
.\" from: /mit/kerberos/src/man/RCS/ksrvutil.8,v 4.0 89/07/27 18:35:33 jtkohl Exp $
|
|
.\" $Id$
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KSRVUTIL 8 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
ksrvutil \- host kerberos keyfile (srvtab) manipulation utility
|
|
.SH SYNOPSIS
|
|
ksrvutil
|
|
.B operation
|
|
[
|
|
.B \-k
|
|
] [
|
|
.B \-i
|
|
] [
|
|
.B \-f filename
|
|
]
|
|
.SH DESCRIPTION
|
|
.I ksrvutil
|
|
allows a system manager to list or change keys currently in his
|
|
keyfile or to add new keys to the keyfile.
|
|
.PP
|
|
|
|
Operation must be one of the following:
|
|
.TP 10n
|
|
.I list
|
|
lists the keys in a keyfile showing version number and principal
|
|
name. If the \-k option is given, keys will also be shown.
|
|
.TP 10n
|
|
.I change
|
|
changes all the keys in the keyfile by using the regular admin
|
|
protocol. If the \-i flag is given,
|
|
.I ksrvutil
|
|
will prompt for yes or no before changing each key. If the \-k
|
|
option is used, the old and new keys will be displayed.
|
|
.TP 10n
|
|
.I add
|
|
allows the user to add a key.
|
|
.I add
|
|
prompts for name, instance, realm, and key version number, asks
|
|
for confirmation, and then asks for a password.
|
|
.I ksrvutil
|
|
then converts the password to a key and appends the keyfile with
|
|
the new information. If the \-k option is used, the key is
|
|
displayed.
|
|
|
|
.PP
|
|
In all cases, the default file used is KEY_FILE as defined in
|
|
krb.h unless this is overridden by the \-f option.
|
|
|
|
.PP
|
|
A good use for
|
|
.I ksrvutil
|
|
would be for adding keys to a keyfile. A system manager could
|
|
ask a kerberos administrator to create a new service key with
|
|
.IR kadmin (8)
|
|
and could supply an initial password. Then, he could use
|
|
.I ksrvutil
|
|
to add the key to the keyfile and then to change the key so that
|
|
it will be random and unknown to either the system manager or
|
|
the kerberos administrator.
|
|
|
|
.I ksrvutil
|
|
always makes a backup copy of the keyfile before making any
|
|
changes.
|
|
|
|
.SH DIAGNOSTICS
|
|
If
|
|
.I ksrvutil
|
|
should exit on an error condition at any time during a change or
|
|
add, a copy of the
|
|
original keyfile can be found in
|
|
.IR filename .old
|
|
where
|
|
.I filename
|
|
is the name of the keyfile, and a copy of the file with all new
|
|
keys changed or added so far can be found in
|
|
.IR filename .work.
|
|
The original keyfile is left unmodified until the program exits
|
|
at which point it is removed and replaced it with the workfile.
|
|
Appending the workfile to the backup copy and replacing the
|
|
keyfile with the result should always give a usable keyfile,
|
|
although the resulting keyfile will have some out of date keys
|
|
in it.
|
|
|
|
.SH SEE ALSO
|
|
kadmin(8), ksrvtgt(1)
|
|
|
|
.SH AUTHOR
|
|
Emanuel Jay Berkenbilt, MIT Project Athena
|