1TURN(1)                                                                TURN(1)
2
3
4

GENERAL INFORMATION

6       turnadmin  is a TURN administration tool. This tool can be used to man‐
7       age the user accounts (add/remove users, generate  TURN  keys  for  the
8       users).  For  security  reasons,  we do not recommend storing passwords
9       openly. The better option is to use pre-processed "keys" which are then
10       used  for  authentication. These keys are generated by turnadmin.  Tur‐
11       nadmin is a link to turnserver binary, but turnadmin performs different
12       functions.
13
14       Options  note:  turnadmin  has  long  and  short option names, for most
15       options.  Some options have only long  form,  some  options  have  only
16       short  form.  Their  syntax  somewhat  different,  if  an  argument  is
17       required:
18
19       The short form must be used as this (for example):
20
21         $ turnadmin -u <username> ...
22
23       The long form equivalent must use the "=" character:
24
25         $ turnadmin --user=<username> ...
26
27       If this is a flag option (no argument required) then  their  usage  are
28       the same, for example:
29
30        $ turnadmin -k ...
31
32       is equivalent to:
33
34        $ turnadmin --key ...
35
36       You  have  always  the use the -r <realm> option with commands for long
37       term credentials - because data for multiple realms can  be  stored  in
38       the same database.
39
40       =====================================
41
42   NAME
43        turnadmin - a TURN relay administration tool.
44
45   SYNOPSIS
46       $ turnadmin [command] [options]
47
48       $ turnadmin [ -h | --help]
49
50   DESCRIPTION
51       Commands:
52
53       -P, --generate-encrypted-password
54              Generate and print to the standard output an encrypted form of a
55              password (for web admin user or CLI).  The  value  then  can  be
56              used  as  a  safe key for the password storage on disk or in the
57              database. Every invocation for the same password produces a dif‐
58              ferent  result.  The  for  mat  of  the  encrypted  password is:
59              $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16  char‐
60              acters,  the  sha256 output is 64 characters. Character 5 is the
61              algorithm id (sha256).  Only sha256 is  supported  as  the  hash
62              function.
63
64       -k, --key
65              Generate key for a long-term credentials mechanism user.
66
67       -a, --add
68              Add or update a long-term user.
69
70       -A, --add-admin
71              Add or update an admin user.
72
73       -d, --delete
74              Delete a long-term user.
75
76       -D, --delete-admin
77              Delete an admin user.
78
79       -l, --list
80              List long-term users in the database.
81
82       -L, --list-admin
83              List admin users in the database.
84
85       -s, --set-secret=<value> Add shared secret for TURN RESP API
86
87       -S, --show-secret
88              Show stored shared secrets for TURN REST API
89
90       -X, --delete-secret=<value> Delete a shared secret.
91
92              --delete-all_secrets
93                     Delete all shared secrets for REST API.
94
95       -O, --add-origin
96              Add origin-to-realm relation.
97
98       -R, --del-origin
99              Delete origin-to-realm relation.
100
101       -I, --list-origins
102              List origin-to-realm relations.
103
104       -g, --set-realm-option
105              Set realm params: max-bps, total-quota, user-quota.
106
107       -G, --list-realm-options
108              List realm params.
109
110       -E, --generate-encrypted-password-aes
111              Generate  and  print to the standard output an encrypted form of
112              password with AES-128
113
114       Options with required values:
115
116       -b, --db, --userdb
117              SQLite user database file  name  (default  -  /var/db/turndb  or
118              /usr/local/var/db/turndb or /var/lib/turn/turndb).  See the same
119              option in the turnserver section.
120
121       -e, --psql-userdb
122              PostgreSQL   user   database   connection   string.    See   the
123              --psql-userdb option in the turnserver section.
124
125       -M, --mysql-userdb
126              MySQL  user  database connection string.  See the --mysql-userdb
127              option in the turnserver section.
128
129       -J, --mongo-userdb
130              MongoDB user database connection string.  See the  --mysql-mongo
131              option in the turnserver section.
132
133       -N, --redis-userdb
134              Redis  user  database connection string.  See the --redis-userdb
135              option in the turnserver section.
136
137       -u, --user
138              User name.
139
140       -r, --realm
141              Realm.
142
143       -p, --password
144              Password.
145
146       -x, --key-path
147              Generates a 128 bit key into the given path.
148
149       -f, --file-key-path
150              Contains a 128 bit key in the given path.
151
152       -v, --verify
153              Verify a given base64 encrypted type password.
154
155       -o, --origin
156              Origin
157
158       --max-bps
159              Set value of realm's max-bps parameter.
160
161       --total-quota
162              Set value of realm's total-quota parameter.
163
164       --user-quota
165              Set value of realm's user-quota parameter.
166
167       -h, --help
168              Help.
169
170       Command examples:
171
172       Generate an encrypted form of a password:
173
174       $ turnadmin -P -p <password>
175
176       Generate a key:
177
178       $ turnadmin -k -u <username> -r <realm> -p <password>
179
180       Add/update a user in the in the database:
181
182       $ turnadmin -a [-b  <userdb-file>  |  -e  <db-connection-string>  |  -M
183       <db-connection-string>  |  -N <db-connection-string> ] -u <username> -r
184       <realm> -p <password>
185
186       Delete a user from the database:
187
188       $ turnadmin -d [-b  <userdb-file>  |  -e  <db-connection-string>  |  -M
189       <db-connection-string>  |  -N <db-connection-string> ] -u <username> -r
190       <realm>
191
192       List all long-term users in MySQL database:
193
194       $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
195
196       List all admin users in Redis database:
197
198       $ turnadmin -L --redis-userdb="<db-connection-string>"
199
200       Set secret in MySQL database:
201
202       $  turnadmin  -s  <secret>  --mysql-userdb="<db-connection-string>"  -r
203       <realm>
204
205       Show secret stored in PostgreSQL database:
206
207       $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
208
209       Set origin-to-realm relation in MySQL database:
210
211       $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <ori‐
212       gin>
213
214       Delete origin-to-realm relation from Redis DB:
215
216       $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
217
218       List all origin-to-realm relations in Redis DB:
219
220       $ turnadmin --redis-userdb="<db-connection-string>" -I
221
222       List the origin-to-realm relations in PostgreSQL DB for a single realm:
223
224       $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
225
226       Create new key file for mysql password encryption:
227
228       $ turnadmin -E --key-path <key-file>
229
230       Create encrypted mysql password:
231
232       $ turnadmin -E --file-key-path <key-file> -p <secret>
233
234       Verify/decrypt encrypted password:
235
236       $ turnadmin --file-key-path <key-file> -v <encrypted>
237
238              Help:
239
240              $ turnadmin -h
241
242              =======================================
243
244   DOCS
245       After installation, run the command:
246
247       $ man turnadmin
248
249       or in the project root directory:
250
251       $ man -M man turnadmin
252
253       to see the man page.
254
255       =====================================
256
257   FILES
258       /etc/turnserver.conf
259
260       /var/db/turndb
261
262       /usr/local/var/db/turndb
263
264       /var/lib/turn/turndb
265
266       /usr/local/etc/turnserver.conf
267
268       =====================================
269
270   DIRECTORIES
271       /usr/local/share/turnserver
272
273       /usr/local/share/doc/turnserver
274
275       /usr/local/share/examples/turnserver
276
277       ======================================
278
279   SEE ALSO
280       turnserver, turnutils
281
282       ======================================
283
284   WEB RESOURCES
285       project page:
286
287       https://github.com/coturn/coturn/
288
289       Wiki page:
290
291       https://github.com/coturn/coturn/wiki
292
293       forum:
294
295       https://groups.google.com/forum/?from‐
296       groups=#!forum/turn-server-project-rfc5766-turn-server/
297
298       ======================================
299
300   AUTHORS
301       Oleg Moskalenko <mom040267@gmail.com>
302
303       Gabor Kovesdan http://kovesdan.org/
304
305       Daniel Pocock http://danielpocock.com/
306
307       John Selbie (jselbie@gmail.com)
308
309       Lee Sylvester <lee@designrealm.co.uk>
310
311       Erik Johnston <erikj@openmarket.com>
312
313       Roman Lisagor <roman@demonware.net>
314
315       Vladimir Tsanev <tsachev@gmail.com>
316
317       Po-sheng Lin <personlin118@gmail.com>
318
319       Peter Dunkley <peter.dunkley@acision.com>
320
321       Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
322
323       Federico Pinna <fpinna@vivocha.com>
324
325       Bradley T. Hughes <bradleythughes@fastmail.fm>
326
327       Mihaly Meszaros <misi@majd.eu>
328
329
330
331                                29 January 2019                        TURN(1)