1K5SRVUTIL(1)                     MIT Kerberos                     K5SRVUTIL(1)
2
3
4

NAME

6       k5srvutil - host key table (keytab) manipulation utility
7

SYNOPSIS

9       k5srvutil operation [-i] [-f filename] [-e keysalts]
10

DESCRIPTION

12       k5srvutil  allows  an administrator to list keys currently in a keytab,
13       to obtain new keys for a principal currently in a keytab, or to  delete
14       non-current keys from a keytab.
15
16       operation must be one of the following:
17
18       list   Lists the keys in a keytab, showing version number and principal
19              name.
20
21       change Uses the kadmin protocol to update  the  keys  in  the  Kerberos
22              database to new randomly-generated keys, and updates the keys in
23              the keytab to match.  If a key's version  number  doesn't  match
24              the  version  number  stored  in the Kerberos server's database,
25              then the operation will fail.  If the -i flag is given,  k5srvu‐
26              til  will  prompt for confirmation before changing each key.  If
27              the -k option is given, the old and new keys will be  displayed.
28              Ordinarily,  keys  will be generated with the default encryption
29              types and key salts.  This can be overridden with the -e option.
30              Old  keys  are  retained  in the keytab so that existing tickets
31              continue to work, but delold should be used after  such  tickets
32              expire, to prevent attacks against the old keys.
33
34       delold Deletes  keys  that  are  not  the  most recent version from the
35              keytab.  This operation should be used some time after a  change
36              operation  to remove old keys, after existing tickets issued for
37              the service have expired.  If the -i flag is given, then k5srvu‐
38              til will prompt for confirmation for each principal.
39
40       delete Deletes  particular  keys in the keytab, interactively prompting
41              for each key.
42
43       In all cases, the default keytab is used unless this is  overridden  by
44       the -f option.
45
46       k5srvutil uses the kadmin(1) program to edit the keytab in place.
47

SEE ALSO

49       kadmin(1), ktutil(1)
50

AUTHOR

52       MIT
53
55       1985-2017, MIT
56
57
58
59
601.15.1                                                            K5SRVUTIL(1)
Impressum