1TURN(1)                                                                TURN(1)
2
3
4

GENERAL INFORMATION

6       turnadmin  is a TURN administration tool. This tool can be used to man‐
7       age the user accounts (add/remove users, generate  TURN  keys  for  the
8       users).  For  security  reasons,  we do not recommend storing passwords
9       openly. The better option is to use pre-processed "keys" which are then
10       used  for  authentication. These keys are generated by turnadmin.  Tur‐
11       nadmin is a link to turnserver binary, but turnadmin performs different
12       functions.
13
14       Options  note:  turnadmin has long and short option names, for most op‐
15       tions.  Some options have only long form, some options have only  short
16       form. Their syntax somewhat different, if an argument is required:
17
18       The short form must be used as this (for example):
19
20         $ turnadmin -u <username> ...
21
22       The long form equivalent must use the "=" character:
23
24         $ turnadmin --user=<username> ...
25
26       If  this  is  a flag option (no argument required) then their usage are
27       the same, for example:
28
29        $ turnadmin -k ...
30
31       is equivalent to:
32
33        $ turnadmin --key ...
34
35       You have always the use the -r <realm> option with  commands  for  long
36       term  credentials  -  because data for multiple realms can be stored in
37       the same database.
38

=====================================

40   NAME
41        turnadmin - a TURN relay administration tool.
42
43   SYNOPSIS
44       $ turnadmin [command] [options]
45
46       $ turnadmin [ -h | --help]
47
48
49   DESCRIPTION
50       Commands:
51
52       -P, --generate-encrypted-password
53              Generate and print to the standard output an encrypted form of a
54              password  (for  web  admin  user or CLI).  The value then can be
55              used as a safe key for the password storage on disk  or  in  the
56              database. Every invocation for the same password produces a dif‐
57              ferent  result.  The  format  of  the  encrypted  password   is:
58              $5$<...salt...>$<...sha256(salt+password)...>.  Salt is 16 char‐
59              acters, the sha256 output is 64 characters. Character 5  is  the
60              algorithm  id  (sha256).   Only  sha256 is supported as the hash
61              function.
62
63       -k, --key
64              Generate key for a long-term credentials mechanism user.
65
66       -a, --add
67              Add or update a long-term user.
68
69       -A, --add-admin
70              Add or update an admin user.
71
72       -d, --delete
73              Delete a long-term user.
74
75       -D, --delete-admin
76              Delete an admin user.
77
78       -l, --list
79              List long-term users in the database.
80
81       -L, --list-admin
82              List admin users in the database.
83
84       -s, --set-secret=<value> Add shared secret for TURN REST API
85
86       -S, --show-secret
87              Show stored shared secrets for TURN REST API
88
89       -X, --delete-secret=<value> Delete a shared secret.
90
91              --delete-all_secrets
92                     Delete all shared secrets for REST API.
93
94       -O, --add-origin
95              Add origin-to-realm relation.
96
97       -R, --del-origin
98              Delete origin-to-realm relation.
99
100       -I, --list-origins
101              List origin-to-realm relations.
102
103       -g, --set-realm-option
104              Set realm params: max-bps, total-quota, user-quota.
105
106       -G, --list-realm-options
107              List realm params.
108
109       -E, --generate-encrypted-password-aes
110              Generate and print to the standard output an encrypted  form  of
111              password with AES-128
112
113       Options with required values:
114
115       -b, --db, --userdb
116              SQLite  user  database  file  name  (default - /var/db/turndb or
117              /usr/local/var/db/turndb or /var/lib/turn/turndb).  See the same
118              option in the turnserver section.
119
120       -e, --psql-userdb
121              PostgreSQL   user   database   connection   string.    See   the
122              --psql-userdb option in the turnserver section.
123
124       -M, --mysql-userdb
125              MySQL user database connection string.  See  the  --mysql-userdb
126              option in the turnserver section.
127
128       -J, --mongo-userdb
129              MongoDB  user database connection string.  See the --mysql-mongo
130              option in the turnserver section.
131
132       -N, --redis-userdb
133              Redis user database connection string.  See  the  --redis-userdb
134              option in the turnserver section.
135
136       -u, --user
137              User name.
138
139       -r, --realm
140              Realm.
141
142       -p, --password
143              Password.
144
145       -x, --key-path
146              Generates a 128 bit key into the given path.
147
148       -f, --file-key-path
149              Contains a 128 bit key in the given path.
150
151       -v, --verify
152              Verify a given base64 encrypted type password.
153
154       -o, --origin
155              Origin
156
157       --max-bps
158              Set value of realm's max-bps parameter.
159
160       --total-quota
161              Set value of realm's total-quota parameter.
162
163       --user-quota
164              Set value of realm's user-quota parameter.
165
166       -h, --help
167              Help.
168
169       Command examples:
170
171       Generate an encrypted form of a password:
172
173       $ turnadmin -P -p <password>
174
175       Generate a key:
176
177       $ turnadmin -k -u <username> -r <realm> -p <password>
178
179       Add/update a user in the in the database:
180
181       $  turnadmin  -a  [-b  <userdb-file>  |  -e <db-connection-string> | -M
182       <db-connection-string> | -N <db-connection-string> ] -u  <username>  -r
183       <realm> -p <password>
184
185       Delete a user from the database:
186
187       $  turnadmin  -d  [-b  <userdb-file>  |  -e <db-connection-string> | -M
188       <db-connection-string> | -N <db-connection-string> ] -u  <username>  -r
189       <realm>
190
191       List all long-term users in MySQL database:
192
193       $ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>
194
195       List all admin users in Redis database:
196
197       $ turnadmin -L --redis-userdb="<db-connection-string>"
198
199       Set secret in MySQL database:
200
201       $  turnadmin  -s  <secret>  --mysql-userdb="<db-connection-string>"  -r
202       <realm>
203
204       Show secret stored in PostgreSQL database:
205
206       $ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>
207
208       Set origin-to-realm relation in MySQL database:
209
210       $ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <ori‐
211       gin>
212
213       Delete origin-to-realm relation from Redis DB:
214
215       $ turnadmin --redis-userdb="<db-connection-string>" -o <origin>
216
217       List all origin-to-realm relations in Redis DB:
218
219       $ turnadmin --redis-userdb="<db-connection-string>" -I
220
221       List the origin-to-realm relations in PostgreSQL DB for a single realm:
222
223       $ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>
224
225       Create new key file for mysql password encryption:
226
227       $ turnadmin -E --key-path <key-file>
228
229       Create encrypted mysql password:
230
231       $ turnadmin -E --file-key-path <key-file> -p <secret>
232
233       Verify/decrypt encrypted password:
234
235       $ turnadmin --file-key-path <key-file> -v <encrypted>
236
237              Help:
238
239              $ turnadmin -h
240

=======================================

242   DOCS
243       After installation, run the command:
244
245       $ man turnadmin
246
247       or in the project root directory:
248
249       $ man -M man turnadmin
250
251       to see the man page.
252

=====================================

254   FILES
255       /etc/turnserver.conf
256
257       /var/db/turndb
258
259       /usr/local/var/db/turndb
260
261       /var/lib/turn/turndb
262
263       /usr/local/etc/turnserver.conf
264

=====================================

266   DIRECTORIES
267       /usr/local/share/turnserver
268
269       /usr/local/share/doc/turnserver
270
271       /usr/local/share/examples/turnserver
272

======================================

274   SEE ALSO
275       turnserver, turnutils
276

======================================

278   WEB RESOURCES
279       project page:
280
281       https://github.com/coturn/coturn/
282
283       Wiki page:
284
285       https://github.com/coturn/coturn/wiki
286
287       forum:
288
289       https://groups.google.com/forum/?fromgroups=#!fo‐
290       rum/turn-server-project-rfc5766-turn-server/
291

======================================

293   AUTHORS
294       See the AUTHORS.md file in the coturn source distribution.
295
296
297
298                                 05 June 2021                          TURN(1)
Impressum