Go to main content

man pages section 1: User Commands

Exit Print View

Updated: July 2017
 
 

k5srvutil (1)

Name

k5srvutil - host key table (keytab) manipulation utility

Synopsis

k5srvutil operation [-i] [-f filename] [-e keysalts]

Description

K5SRVUTIL(1)                     MIT Kerberos                     K5SRVUTIL(1)



NAME
       k5srvutil - host key table (keytab) manipulation utility

SYNOPSIS
       k5srvutil operation [-i] [-f filename] [-e keysalts]

DESCRIPTION
       k5srvutil allows an administrator to list or change keys currently in a
       keytab or to add new keys to the keytab.

       operation must be one of the following:

       list   Lists the keys in a keytab showing version number and  principal
              name.

       change Uses  the  kadmin  protocol  to  update the keys in the Kerberos
              database to new randomly-generated keys, and updates the keys in
              the  keytab  to  match.  If a key's version number doesn't match
              the version number stored in  the  Kerberos  server's  database,
              then  the  operation  will  fail.   Old keys are retained in the
              keytab so that existing tickets continue to  work.   If  the  -i
              flag  is  given,  k5srvutil  will prompt for confirmation before
              changing each key.  If the -k option is given, the old  and  new
              keys will be displayed.  Ordinarily, keys will be generated with
              the default encryption types and key salts.  This can  be  over-
              ridden with the -e option.

       delold Deletes  keys  that  are  not  the  most recent version from the
              keytab.  This operation should be used some time after a  change
              operation  to remove old keys, after existing tickets issued for
              the service have expired.  If the -i flag is given, then k5srvu-
              til will prompt for confirmation for each principal.

       delete Deletes  particular  keys in the keytab, interactively prompting
              for each key.

       In all cases, the default keytab is used unless this is  overridden  by
       the -f option.

       k5srvutil uses the kadmin(1) program to edit the keytab in place.


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       +---------------+------------------------+
       |ATTRIBUTE TYPE |    ATTRIBUTE VALUE     |
       +---------------+------------------------+
       |Availability   | security/kerberos-5    |
       +---------------+------------------------+
       |Stability      | Pass-through committed |
       +---------------+------------------------+
SEE ALSO
       kadmin(1), ktutil(1)

AUTHOR
       MIT

COPYRIGHT
       1985-2016, MIT



NOTES
       This     software     was    built    from    source    available    at
       https://java.net/projects/solaris-userland.   The  original   community
       source      was      downloaded      from       http://web.mit.edu/ker-
       beros/dist/krb5/1.14/krb5-1.14.4.tar.gz

       Further information about this software can be found on the open source
       community website at http://web.mit.edu/kerberos/.



1.14.4                                                            K5SRVUTIL(1)
Copyright © 1993, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next