1TURN(1) TURN(1)
2
6 turnadmin is a TURN administration tool. This tool can be used to man‐
7 age the user accounts (add/remove users, generate TURN keys for the
8 users). For security reasons, we do not recommend storing passwords
9 openly. The better option is to use pre-processed "keys" which are then
10 used for authentication. These keys are generated by turnadmin. Tur‐
11 nadmin is a link to turnserver binary, but turnadmin performs different
12 functions.
13 Options note: turnadmin has long and short option names, for most op‐
15 tions. Some options have only long form, some options have only short
16 form. Their syntax somewhat different, if an argument is required:
17 The short form must be used as this (for example):
19 $ turnadmin -u <username> ...
21 The long form equivalent must use the "=" character:
23 $ turnadmin --user=<username> ...
25 If this is a flag option (no argument required) then their usage are
27 the same, for example:
28 $ turnadmin -k ...
30 is equivalent to:
32 $ turnadmin --key ...
34 You have always the use the -r <realm> option with commands for long
36 term credentials - because data for multiple realms can be stored in
37 the same database.
38
40 NAME
41 turnadmin - a TURN relay administration tool.
42 SYNOPSIS
44 $ turnadmin [command] [options]
45 $ turnadmin [ -h | --help]
47 DESCRIPTION
50 Commands:
51 -P, --generate-encrypted-password
53 Generate and print to the standard output an encrypted form of a
54 password (for web admin user or CLI). The value then can be
55 used as a safe key for the password storage on disk or in the
56 database. Every invocation for the same password produces a dif‐
57 ferent result. The format of the encrypted password is:
58 $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 char‐
59 acters, the sha256 output is 64 characters. Character 5 is the
60 algorithm id (sha256). Only sha256 is supported as the hash
61 function.
62 -k, --key
64 Generate key for a long-term credentials mechanism user.
65 -a, --add
67 Add or update a long-term user.
68 -A, --add-admin
70 Add or update an admin user.
71 -d, --delete
73 Delete a long-term user.
74 -D, --delete-admin
76 Delete an admin user.
77 -l, --list
79 List long-term users in the database.
80 -L, --list-admin
82 List admin users in the database.
83 -s, --set-secret=<value> Add shared secret for TURN REST API
85 -S, --show-secret
87 Show stored shared secrets for TURN REST API
88 -X, --delete-secret=<value> Delete a shared secret.
90 --delete-all_secrets
92 Delete all shared secrets for REST API.
93 -O, --add-origin
95 Add origin-to-realm relation.
96 -R, --del-origin
98 Delete origin-to-realm relation.
99 -I, --list-origins
101 List origin-to-realm relations.
102 -g, --set-realm-option
104 Set realm params: max-bps, total-quota, user-quota.
105 -G, --list-realm-options
107 List realm params.
108 -E, --generate-encrypted-password-aes
110 Generate and print to the standard output an encrypted form of
111 password with AES-128
112 Options with required values:
114 -b, --db, --userdb
116 SQLite user database file name (default - /var/db/turndb or
117 /usr/local/var/db/turndb or /var/lib/turn/turndb). See the same
118 option in the turnserver section.
119 -e, --psql-userdb
121 PostgreSQL user database connection string. See the
122 --psql-userdb option in the turnserver section.
123 -M, --mysql-userdb
125 MySQL user database connection string. See the --mysql-userdb
126 option in the turnserver section.
127 -J, --mongo-userdb
129 MongoDB user database connection string. See the --mysql-mongo
130 option in the turnserver section.
131 -N, --redis-userdb
133 Redis user database connection string. See the --redis-userdb
134 option in the turnserver section.
135 -u, --user
137 User name.
138 -r, --realm
140 Realm.
141 -p, --password
143 Password.
144 -x, --key-path
146 Generates a 128 bit key into the given path.
147 -f, --file-key-path
149 Contains a 128 bit key in the given path.
150 -v, --verify
152 Verify a given base64 encrypted type password.
153 -o, --origin
155 Origin
156 --max-bps
158 Set value of realm's max-bps parameter.
159 --total-quota
161 Set value of realm's total-quota parameter.
162 --user-quota
164 Set value of realm's user-quota parameter.
165 -h, --help
167 Help.
168 Command examples:
170 Generate an encrypted form of a password:
172 $ turnadmin -P -p <password>
174 Generate a key:
176 $ turnadmin -k -u <username> -r <realm> -p <password>
178 Add/update a user in the in the database:
180 $ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M
182 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
183 <realm> -p <password>
184 Delete a user from the database:
186 $ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M
188 <db-connection-string> | -N <db-connection-string> ] -u <username> -r
189 <realm>
190 List all long-term users in MySQL database:
192 $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
194 List all admin users in Redis database:
196 $ turnadmin -L --redis-userdb="<db-connection-string>"
198 Set secret in MySQL database:
200 $ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r
202 <realm>
203 Show secret stored in PostgreSQL database:
205 $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
207 Set origin-to-realm relation in MySQL database:
209 $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <ori‐
211 gin>
212 Delete origin-to-realm relation from Redis DB:
214 $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
216 List all origin-to-realm relations in Redis DB:
218 $ turnadmin --redis-userdb="<db-connection-string>" -I
220 List the origin-to-realm relations in PostgreSQL DB for a single realm:
222 $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
224 Create new key file for mysql password encryption:
226 $ turnadmin -E --key-path <key-file>
228 Create encrypted mysql password:
230 $ turnadmin -E --file-key-path <key-file> -p <secret>
232 Verify/decrypt encrypted password:
234 $ turnadmin --file-key-path <key-file> -v <encrypted>
236 Help:
238 $ turnadmin -h
240
242 DOCS
243 After installation, run the command:
244 $ man turnadmin
246 or in the project root directory:
248 $ man -M man turnadmin
250 to see the man page.
252
254 FILES
255 /etc/turnserver.conf
256 /var/db/turndb
258 /usr/local/var/db/turndb
260 /var/lib/turn/turndb
262 /usr/local/etc/turnserver.conf
264
266 DIRECTORIES
267 /usr/local/share/turnserver
268 /usr/local/share/doc/turnserver
270 /usr/local/share/examples/turnserver
272
274 SEE ALSO
275 turnserver, turnutils
276
278 WEB RESOURCES
279 project page:
280 https://github.com/coturn/coturn/
282 Wiki page:
284 https://github.com/coturn/coturn/wiki
286 forum:
288 https://groups.google.com/forum/?fromgroups=#!fo‐
290 rum/turn-server-project-rfc5766-turn-server/
291
293 AUTHORS
294 Oleg Moskalenko <mom040267@gmail.com>
295 Gabor Kovesdan http://kovesdan.org/
297 Daniel Pocock http://danielpocock.com/
299 John Selbie (jselbie@gmail.com)
301 Lee Sylvester <lee@designrealm.co.uk>
303 Erik Johnston <erikj@openmarket.com>
305 Roman Lisagor <roman@demonware.net>
307 Vladimir Tsanev <tsachev@gmail.com>
309 Po-sheng Lin <personlin118@gmail.com>
311 Peter Dunkley <peter.dunkley@acision.com>
313 Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>
315 Federico Pinna <fpinna@vivocha.com>
317 Bradley T. Hughes <bradleythughes@fastmail.fm>
319 Mihály Mészáros <misi@majd.eu>
321 ACTIVE MAINTAINERS
323 Mihály Mészáros <misi@majd.eu>
324 05 June 2021 TURN(1)