1TURN(1) TURN(1)
2
3
4
6 turnadmin is a TURN administration tool. This tool can be used to man‐
7 age the user accounts (add/remove users, generate TURN keys for the
8 users). For security reasons, we do not recommend storing passwords
9 openly. The better option is to use pre-processed "keys" which are then
10 used for authentication. These keys are generated by turnadmin. Tur‐
11 nadmin is a link to turnserver binary, but turnadmin performs different
12 functions.
13
14 Options note: turnadmin has long and short option names, for most
15 options. Some options have only long form, some options have only
16 short form. Their syntax somewhat different, if an argument is
17 required:
18
19 The short form must be used as this (for example):
20
21 $ turnadmin -u <username> ...
22
23 The long form equivalent must use the "=" character:
24
25 $ turnadmin --user=<username> ...
26
27 If this is a flag option (no argument required) then their usage are
28 the same, for example:
29
30 $ turnadmin -k ...
31
32 is equivalent to:
33
34 $ turnadmin --key ...
35
36 You have always the use the -r <realm> option with commands for long
37 term credentials - because data for multiple realms can be stored in
38 the same database.
39
40 =====================================
41
42 NAME
43 turnadmin - a TURN relay administration tool.
44
45 SYNOPSIS
46 $ turnadmin [command] [options]
47
48 $ turnadmin [ -h | --help]
49
50 DESCRIPTION
51 Commands:
52
53 -P, --generate-encrypted-password
54 Generate and print to the standard output an encrypted form of a
55 password (for web admin user or CLI). The value then can be
56 used as a safe key for the password storage on disk or in the
57 database. Every invocation for the same password produces a dif‐
58 ferent result. The for mat of the encrypted password is:
59 $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 char‐
60 acters, the sha256 output is 64 characters. Character 5 is the
61 algorithm id (sha256). Only sha256 is supported as the hash
62 function.
63
64 -k, --key
65 Generate key for a long-term credentials mechanism user.
66
67 -a, --add
68 Add or update a long-term user.
69
70 -A, --add-admin
71 Add or update an admin user.
72
73 -d, --delete
74 Delete a long-term user.
75
76 -D, --delete-admin
77 Delete an admin user.
78
79 -l, --list
80 List long-term users in the database.
81
82 -L, --list-admin
83 List admin users in the database.
84
85 -s, --set-secret=<value> Add shared secret for TURN RESP API
86
87 -S, --show-secret
88 Show stored shared secrets for TURN REST API
89
90 -X, --delete-secret=<value> Delete a shared secret.
91
92 --delete-all_secrets
93 Delete all shared secrets for REST API.
94
95 -O, --add-origin
96 Add origin-to-realm relation.
97
98 -R, --del-origin
99 Delete origin-to-realm relation.
100
101 -I, --list-origins
102 List origin-to-realm relations.
103
104 -g, --set-realm-option
105 Set realm params: max-bps, total-quota, user-quota.
106
107 -G, --list-realm-options
108 List realm params.
109
110 -E, --generate-encrypted-password-aes
111 Generate and print to the standard output an encrypted form of
112 password with AES-128
113
114 Options with required values:
115
116 -b, --db, --userdb
117 SQLite user database file name (default - /var/db/turndb or
118 /usr/local/var/db/turndb or /var/lib/turn/turndb). See the same
119 option in the turnserver section.
120
121 -e, --psql-userdb
122 PostgreSQL user database connection string. See the
123 --psql-userdb option in the turnserver section.
124
125 -M, --mysql-userdb
126 MySQL user database connection string. See the --mysql-userdb
127 option in the turnserver section.
128
129 -J, --mongo-userdb
130 MongoDB user database connection string. See the --mysql-mongo
131 option in the turnserver section.
132
133 -N, --redis-userdb
134 Redis user database connection string. See the --redis-userdb
135 option in the turnserver section.
136
137 -u, --user
138 User name.
139
140 -r, --realm
141 Realm.
142
143 -p, --password
144 Password.
145
146 -x, --key-path
147 Generates a 128 bit key into the given path.
148
149 -f, --file-key-path
150 Contains a 128 bit key in the given path.
151
152 -v, --verify
153 Verify a given base64 encrypted type password.
154
155 -o, --origin
156 Origin
157
158 --max-bps
159 Set value of realm's max-bps parameter.
160
161 --total-quota
162 Set value of realm's total-quota parameter.
163
164 --user-quota
165 Set value of realm's user-quota parameter.
166
167 -h, --help
168 Help.
169
170 Command examples:
171
172 Generate an encrypted form of a password:
173
174 $ turnadmin -P -p <password>
175
176 Generate a key:
177
178 $ turnadmin -k -u <username> -r <realm> -p <password>
179
180 Add/update a user in the in the database:
181
182 $ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M
183 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
184 <realm> -p <password>
185
186 Delete a user from the database:
187
188 $ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M
189 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
190 <realm>
191
192 List all long-term users in MySQL database:
193
194 $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
195
196 List all admin users in Redis database:
197
198 $ turnadmin -L --redis-userdb="<db-connection-string>"
199
200 Set secret in MySQL database:
201
202 $ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r
203 <realm>
204
205 Show secret stored in PostgreSQL database:
206
207 $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
208
209 Set origin-to-realm relation in MySQL database:
210
211 $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <ori‐
212 gin>
213
214 Delete origin-to-realm relation from Redis DB:
215
216 $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
217
218 List all origin-to-realm relations in Redis DB:
219
220 $ turnadmin --redis-userdb="<db-connection-string>" -I
221
222 List the origin-to-realm relations in PostgreSQL DB for a single realm:
223
224 $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
225
226 Create new key file for mysql password encryption:
227
228 $ turnadmin -E --key-path <key-file>
229
230 Create encrypted mysql password:
231
232 $ turnadmin -E --file-key-path <key-file> -p <secret>
233
234 Verify/decrypt encrypted password:
235
236 $ turnadmin --file-key-path <key-file> -v <encrypted>
237
238 Help:
239
240 $ turnadmin -h
241
242 =======================================
243
244 DOCS
245 After installation, run the command:
246
247 $ man turnadmin
248
249 or in the project root directory:
250
251 $ man -M man turnadmin
252
253 to see the man page.
254
255 =====================================
256
257 FILES
258 /etc/turnserver.conf
259
260 /var/db/turndb
261
262 /usr/local/var/db/turndb
263
264 /var/lib/turn/turndb
265
266 /usr/local/etc/turnserver.conf
267
268 =====================================
269
270 DIRECTORIES
271 /usr/local/share/turnserver
272
273 /usr/local/share/doc/turnserver
274
275 /usr/local/share/examples/turnserver
276
277 ======================================
278
279 SEE ALSO
280 turnserver, turnutils
281
282 ======================================
283
284 WEB RESOURCES
285 project page:
286
287 https://github.com/coturn/coturn/
288
289 Wiki page:
290
291 https://github.com/coturn/coturn/wiki
292
293 forum:
294
295 https://groups.google.com/forum/?from‐
296 groups=#!forum/turn-server-project-rfc5766-turn-server/
297
298 ======================================
299
300 AUTHORS
301 Oleg Moskalenko <mom040267@gmail.com>
302
303 Gabor Kovesdan http://kovesdan.org/
304
305 Daniel Pocock http://danielpocock.com/
306
307 John Selbie (jselbie@gmail.com)
308
309 Lee Sylvester <lee@designrealm.co.uk>
310
311 Erik Johnston <erikj@openmarket.com>
312
313 Roman Lisagor <roman@demonware.net>
314
315 Vladimir Tsanev <tsachev@gmail.com>
316
317 Po-sheng Lin <personlin118@gmail.com>
318
319 Peter Dunkley <peter.dunkley@acision.com>
320
321 Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
322
323 Federico Pinna <fpinna@vivocha.com>
324
325 Bradley T. Hughes <bradleythughes@fastmail.fm>
326
327 Mihaly Meszaros <misi@majd.eu>
328
329
330
331 29 January 2019 TURN(1)