 |
Index for
Section 1 |
|
 |
Alphabetical
listing for K |
|
 |
Bottom of
page |
|
ktutil(1)
NAME
ktutil - Manages entries in service key table file
SYNOPSIS
/krb5/sbin/ktutil [-D] [-l] [-t [TYPE:] keytable] [-d | -p -X -x] [-c
keytable] [principal]
OPTIONS
-c keytable
Appends the specified service key table file to the service key
table file specified by the -t option.
-D Destroys the entire service key table file by first zeroing out
each entry and then deleting the file.
-d [principal]
Prints each entry in the service key table file and prompts you to
delete or retain the entry. Type yes to delete an entry. The
default is no, so pressing the return key retains the entry and
advances to the next entry. To stop at any time, type quit, exit,
or done. All answers can be abbreviated to as few as one character.
Use the optional principal argument to identify a specific
principal ID, which indicates that only entries for that principal
should be deleted from the service key table file. The command
deletes the entries without prompting you.
-l Lists the contents of a service key table file. This is the default
action if you execute ktutil with no options other than the -t
option.
You must specify the file type WFILE for all options other than the
-l option. That is, ktutil requires WFILE if the service key table
file must be modified or destroyed.
-p [principal]
Purges older entries from the service key table file, which means
that all entries but the most recent entry for each principal are
deleted. The relative age of the entries is determined by comparing
the entry key version numbers.
Use the optional principal argument to identify a specific
principal ID, which indicates that only the older keys for that
principal should be deleted from the key table file.
-t [TYPE:] keytable
Specifies the name of a service key table file other than the
default /krb5/v5srvtab, unless the CSFC5KTNAME environment variable
is set to an alternate key table type or file name.
The supported types are FILE and WFILE (writable file). The default
key table type is FILE. You can specify both the type and service
key table file name, or you can accept the default type and only
specify the service key table name.
You must specify the file type WFILE for all options other than the
-l option. That is, ktutil requires WFILE if the service key table
file must be modified or destroyed.
-x [principal]
Extracts from the security server a key for the host service
principal (the account for the computer where the administrator is
logged in) and adds the key to the service key table file
designated by the -t option. Use the optional principal argument to
identify a specific principal ID, which indicates that the key for
that principal should be extracted from the security server and
added to the service key table file.
Use the -x and -p options together to first add the extracted key
and then purge all older entries for the designated principal from
the service key table file.
If the principal argument is not used with the -x -p combination,
the older keys for only the host principal are purged from the file
after the new key is added.
-X [principal]
Requests that the security server generate a new random key for the
host service principal (the account for the computer where the
administrator is logged in). The command then extracts that key
from the security server and adds it to the service key table file
designated by the -t option.
Use the optional principal argument to identify a specific
principal ID, which indicates that the key for that principal
should be regenerated and extracted from the security server and
added to the service key table file.
Use the -X and -p options together to first add the extracted key
and then purge all older entries for the designated principal from
the service key table file.
If the [principal] argument is not used with the -X -p combination,
the older keys for only the host principal are purged from the file
after the new key is added.
DESCRIPTION
The ktutil command manages entries in service key table files. Note that
the service key table file is owned by root, so you must log on as root to
access it.
All options other than the -l option attempt to modify the service key
table file. Therefore, when you execute those commands, you must include
the -t TYPE:WFILE option to specify that the service key table file is a
writable file. To specify that the service key table file should not be
modified, use the default -t TYPE:FILE option instead.
Before you can extract a key from the service key table file using the -x
or -X options, you must authenticate yourself to the Kerberos server and
have the appropriate permissions.
EXAMPLES
1. To view all entries in the default service key table file, enter:
# ktutil
or
# ktutil -t keytable -l
2. To destroy the service key table file called /krb5/mytable, enter:
# ktutil -D -t WFILE:/krb5/mytable
3. To add all the entries in a service key table called /krb5/srvtable to
the default service key table file, enter:
# ktutil -c /krb5/srvtable -t WFILE:/krb5/v5srvtab
If the -t option is not used to specify the WFILE type, this operation
fails; the type must be defined as WFILE rather than the default FILE:
for this operation to succeed.
4. To add a new entry to the default service key table file for the
principal host/ftpd.biz.com@BIZ.COM and then purge all older entries
from the service key table file, enter:
# ktutil -t WFILE:/krb5/v5srvtab -x -p host/ftpd.biz.com@BIZ.COM
ENVIRONMENT VARIABLES
CSFC5KTNAME
Controls the service key table file.
FILES
/krb5/v5svrtab
Default service key table file.
SEE ALSO
Commands: kdestroy(1), kinit(1) klist(1)
|
Index for
Section 1 |
|
|
Alphabetical
listing for K |
|
 |
Top of
page |
|