1ktutil(1)                        User Commands                       ktutil(1)
2
3
4

NAME

6       ktutil - Kerberos keytab maintenance utility
7

SYNOPSIS

9       /usr/bin/ktutil
10
11

DESCRIPTION

13       The ktutil command is an interactive command-line interface utility for
14       managing  the keylist in keytab files. You  must  read  in  a  keytab's
15       keylist   before  you  can manage it. Also, the user running the ktutil
16       command must have read/write permissions on the keytab. For example, if
17       a keytab is owned by root, which it typically is, ktutil must be run as
18       root to have the appropriate permissions.
19

COMMANDS

21       clear_list             Clears the current keylist.
22       clear
23
24       read_kt file           Reads a keytab into  the  current  keylist.  You
25       rkt file               must specify a keytab file to read.
26
27
28       write_kt file          Writes the current keylist to a keytab file. You
29       wkt file               must specify a keytab  file  to  write.  If  the
30                              keytab  file already exists, the current keylist
31                              is appended to the existing keytab file.
32
33
34       add_entry number       Adds an entry to the  current  keylist.  Specify
35       addent number          the entry by the keylist slot number.
36
37
38       delete_entry number    Deletes an entry from the current keylist. Spec‐
39       delent number          ify the entry by the keylist slot number.
40
41
42       list                   Lists the current keylist.
43       l
44
45       list_request           Lists available requests (commands).
46       lr
47
48       quit                   Exits utility.
49       exit
50       q

EXAMPLES

52       Example 1 Deleting a principal from a file
53
54
55       The following example deletes the host/denver@ACME.com  principal  from
56       the  /etc/krb5/krb5.keytab  file.  Notice that if you want to delete an
57       entry from an existing keytab, you must first write the  keylist  to  a
58       temporary keytab and then overwrite the existing keytab with the tempo‐
59       rary keytab. This is because the wkt command actually appends the  cur‐
60       rent  keylist to an existing keytab, so you can't use it to overwrite a
61       keytab.
62
63
64         example# /usr/krb5/bin/ktutil
65             ktutil: rkt /etc/krb5/krb5.keytab
66             ktutil: list
67         slot KVNO Principal
68         ---- ---- ---------------------------------------
69            1    8 host/vail@ACME.COM
70            2    5 host/denver@ACME.COM
71             ktutil:delent 2
72             ktutil:l
73         slot KVNO Principal
74         ---- ---- --------------------------------------
75            1    8 host/vail@ACME.COM
76             ktutil:wkt /tmp/krb5.keytab
77             ktutil:q
78         example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab
79
80
81

FILES

83       /etc/krb5/krb5.keytab    keytab file for Kerberos clients
84
85

ATTRIBUTES

87       See attributes(5) for descriptions of the following attributes:
88
89
90
91
92       ┌─────────────────────────────┬─────────────────────────────┐
93       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
94       ├─────────────────────────────┼─────────────────────────────┤
95       │Availability                 │SUNWkrbu                     │
96       ├─────────────────────────────┼─────────────────────────────┤
97       │Interface Stability          │See below.                   │
98       └─────────────────────────────┴─────────────────────────────┘
99
100
101       The command arguments are Evolving. The command output is Unstable.
102

SEE ALSO

104       kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5)
105
106
107
108SunOS 5.11                        16 Nov 2006                        ktutil(1)