1TURN(1) TURN(1)
2
6 turnadmin is a TURN administration tool. This tool can be used to man‐
7 age the user accounts (add/remove users, generate TURN keys for the
8 users). For security reasons, we do not recommend storing passwords
9 openly. The better option is to use pre-processed "keys" which are then
10 used for authentication. These keys are generated by turnadmin. Tur‐
11 nadmin is a link to turnserver binary, but turnadmin performs different
12 functions.
13 Options note: turnadmin has long and short option names, for most
15 options. Some options have only long form, some options have only
16 short form. Their syntax somewhat different, if an argument is
17 required:
18 The short form must be used as this (for example):
20 $ turnadmin -u <username> ...
22 The long form equivalent must use the "=" character:
24 $ turnadmin --user=<username> ...
26 If this is a flag option (no argument required) then their usage are
28 the same, for example:
29 $ turnadmin -k ...
31 is equivalent to:
33 $ turnadmin --key ...
35 You have always the use the -r <realm> option with commands for long
37 term credentials - because data for multiple realms can be stored in
38 the same database.
39
41 NAME
42 turnadmin - a TURN relay administration tool.
43 SYNOPSIS
45 $ turnadmin [command] [options]
46 $ turnadmin [ -h | --help]
48 DESCRIPTION
51 Commands:
52 -P, --generate-encrypted-password
54 Generate and print to the standard output an encrypted form of a
55 password (for web admin user or CLI). The value then can be
56 used as a safe key for the password storage on disk or in the
57 database. Every invocation for the same password produces a dif‐
58 ferent result. The format of the encrypted password is:
59 $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 char‐
60 acters, the sha256 output is 64 characters. Character 5 is the
61 algorithm id (sha256). Only sha256 is supported as the hash
62 function.
63 -k, --key
65 Generate key for a long-term credentials mechanism user.
66 -a, --add
68 Add or update a long-term user.
69 -A, --add-admin
71 Add or update an admin user.
72 -d, --delete
74 Delete a long-term user.
75 -D, --delete-admin
77 Delete an admin user.
78 -l, --list
80 List long-term users in the database.
81 -L, --list-admin
83 List admin users in the database.
84 -s, --set-secret=<value> Add shared secret for TURN REST API
86 -S, --show-secret
88 Show stored shared secrets for TURN REST API
89 -X, --delete-secret=<value> Delete a shared secret.
91 --delete-all_secrets
93 Delete all shared secrets for REST API.
94 -O, --add-origin
96 Add origin-to-realm relation.
97 -R, --del-origin
99 Delete origin-to-realm relation.
100 -I, --list-origins
102 List origin-to-realm relations.
103 -g, --set-realm-option
105 Set realm params: max-bps, total-quota, user-quota.
106 -G, --list-realm-options
108 List realm params.
109 -E, --generate-encrypted-password-aes
111 Generate and print to the standard output an encrypted form of
112 password with AES-128
113 Options with required values:
115 -b, --db, --userdb
117 SQLite user database file name (default - /var/db/turndb or
118 /usr/local/var/db/turndb or /var/lib/turn/turndb). See the same
119 option in the turnserver section.
120 -e, --psql-userdb
122 PostgreSQL user database connection string. See the
123 --psql-userdb option in the turnserver section.
124 -M, --mysql-userdb
126 MySQL user database connection string. See the --mysql-userdb
127 option in the turnserver section.
128 -J, --mongo-userdb
130 MongoDB user database connection string. See the --mysql-mongo
131 option in the turnserver section.
132 -N, --redis-userdb
134 Redis user database connection string. See the --redis-userdb
135 option in the turnserver section.
136 -u, --user
138 User name.
139 -r, --realm
141 Realm.
142 -p, --password
144 Password.
145 -x, --key-path
147 Generates a 128 bit key into the given path.
148 -f, --file-key-path
150 Contains a 128 bit key in the given path.
151 -v, --verify
153 Verify a given base64 encrypted type password.
154 -o, --origin
156 Origin
157 --max-bps
159 Set value of realm's max-bps parameter.
160 --total-quota
162 Set value of realm's total-quota parameter.
163 --user-quota
165 Set value of realm's user-quota parameter.
166 -h, --help
168 Help.
169 Command examples:
171 Generate an encrypted form of a password:
173 $ turnadmin -P -p <password>
175 Generate a key:
177 $ turnadmin -k -u <username> -r <realm> -p <password>
179 Add/update a user in the in the database:
181 $ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M
183 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
184 <realm> -p <password>
185 Delete a user from the database:
187 $ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M
189 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
190 <realm>
191 List all long-term users in MySQL database:
193 $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
195 List all admin users in Redis database:
197 $ turnadmin -L --redis-userdb="<db-connection-string>"
199 Set secret in MySQL database:
201 $ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r
203 <realm>
204 Show secret stored in PostgreSQL database:
206 $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
208 Set origin-to-realm relation in MySQL database:
210 $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <ori‐
212 gin>
213 Delete origin-to-realm relation from Redis DB:
215 $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
217 List all origin-to-realm relations in Redis DB:
219 $ turnadmin --redis-userdb="<db-connection-string>" -I
221 List the origin-to-realm relations in PostgreSQL DB for a single realm:
223 $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
225 Create new key file for mysql password encryption:
227 $ turnadmin -E --key-path <key-file>
229 Create encrypted mysql password:
231 $ turnadmin -E --file-key-path <key-file> -p <secret>
233 Verify/decrypt encrypted password:
235 $ turnadmin --file-key-path <key-file> -v <encrypted>
237 Help:
239 $ turnadmin -h
241
243 DOCS
244 After installation, run the command:
245 $ man turnadmin
247 or in the project root directory:
249 $ man -M man turnadmin
251 to see the man page.
253
255 FILES
256 /etc/turnserver.conf
257 /var/db/turndb
259 /usr/local/var/db/turndb
261 /var/lib/turn/turndb
263 /usr/local/etc/turnserver.conf
265
267 DIRECTORIES
268 /usr/local/share/turnserver
269 /usr/local/share/doc/turnserver
271 /usr/local/share/examples/turnserver
273
275 SEE ALSO
276 turnserver, turnutils
277
279 WEB RESOURCES
280 project page:
281 https://github.com/coturn/coturn/
283 Wiki page:
285 https://github.com/coturn/coturn/wiki
287 forum:
289 https://groups.google.com/forum/?from‐
291 groups=#!forum/turn-server-project-rfc5766-turn-server/
292
294 AUTHORS
295 Oleg Moskalenko <mom040267@gmail.com>
296 Gabor Kovesdan http://kovesdan.org/
298 Daniel Pocock http://danielpocock.com/
300 John Selbie (jselbie@gmail.com)
302 Lee Sylvester <lee@designrealm.co.uk>
304 Erik Johnston <erikj@openmarket.com>
306 Roman Lisagor <roman@demonware.net>
308 Vladimir Tsanev <tsachev@gmail.com>
310 Po-sheng Lin <personlin118@gmail.com>
312 Peter Dunkley <peter.dunkley@acision.com>
314 Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
316 Federico Pinna <fpinna@vivocha.com>
318 Bradley T. Hughes <bradleythughes@fastmail.fm>
320 Mihály Mészáros <misi@majd.eu>
322 ACTIVE MAINTAINERS
324 Mihály Mészáros <misi@majd.eu>
325 10 January 2021 TURN(1)