1k5srvutil(1M)           System Administration Commands           k5srvutil(1M)
2
3
4

NAME

6       k5srvutil - host key table (keytab) manipulation utility
7

SYNOPSIS

9       /usr/sbin/k5srvutil operation [-ik] [-f filename]
10
11

DESCRIPTION

13       The  k5srvutil  command  allows a system manager to list or change keys
14       currently in his keytab or to add new keys to the keytab.
15
16
17       The operand operation must be one of the following:
18
19       list      Lists the keys in a keytab, showing version number and  prin‐
20                 cipal name.
21
22
23       change    Changes  all the keys in the keytab to new randomly-generated
24                 keys, updating the keys in the Kerberos server's database  to
25                 match  those by using the kadmin protocol. If a key's version
26                 number does not match the version number stored in  the  Ker‐
27                 beros  server's  database,  the operation fails. The old keys
28                 are retained so that existing tickets continue  to  work.  If
29                 the  -i  flag  is  specified, k5srvutil prompts for yes or no
30                 before changing each key. If the -k option is used,  the  old
31                 and new keys are displayed.
32
33
34       delold    Deletes  keys  that  are not the most recent version from the
35                 keytab. This operation should be used at some point  after  a
36                 change operation to remove old keys. If the -i flag is speci‐
37                 fied, k5srvutil asks the user whether the old keys associated
38                 with each principal should be removed.
39
40
41       delete    Deletes  particular keys in the keytab, interactively prompt‐
42                 ing for each key.
43
44
45
46       In all cases, the default keytab file is /etc/krb5.keytab  file  unless
47       this is overridden by the -f option.
48
49
50       k5srvutil uses the kadmin(1M) program to edit the keytab in place. How‐
51       ever, old keys are retained, so they are available in case of failure.
52

OPTIONS

54       The following options are supported:
55
56       -f filename    Specify a keytab  file  other  than  the  default  file,
57                      /etc/krb5.keytab.
58
59
60       -i             Prompts  user before changing keys when using the change
61                      or delold operands.
62
63
64       -k             Displays old and new keys when using the change operand.
65
66

ATTRIBUTES

68       See attributes(5) for descriptions of the following attributes:
69
70
71
72
73       ┌─────────────────────────────┬─────────────────────────────┐
74       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
75       ├─────────────────────────────┼─────────────────────────────┤
76       │Availability                 │SUNWkdcu                     │
77       ├─────────────────────────────┼─────────────────────────────┤
78       │Interface Stability          │Committed                    │
79       └─────────────────────────────┴─────────────────────────────┘
80

SEE ALSO

82       ktutil(1), kadmin(1M), attributes(5)
83
84
85
86SunOS 5.11                        29 Aug 2006                    k5srvutil(1M)
Impressum