k5srvutil - host key table (keytab) manipulation utility
k5srvutil operation [-i] [-f filename] [-e keysalts]
K5SRVUTIL(1) MIT Kerberos K5SRVUTIL(1)
NAME
k5srvutil - host key table (keytab) manipulation utility
SYNOPSIS
k5srvutil operation [-i] [-f filename] [-e keysalts]
DESCRIPTION
k5srvutil allows an administrator to list keys currently in a keytab,
to obtain new keys for a principal currently in a keytab, or to delete
non-current keys from a keytab.
operation must be one of the following:
list Lists the keys in a keytab, showing version number and principal
name.
change Uses the kadmin protocol to update the keys in the Kerberos
database to new randomly-generated keys, and updates the keys in
the keytab to match. If a key's version number doesn't match
the version number stored in the Kerberos server's database,
then the operation will fail. If the -i flag is given, k5srvu-
til will prompt for confirmation before changing each key. If
the -k option is given, the old and new keys will be displayed.
Ordinarily, keys will be generated with the default encryption
types and key salts. This can be overridden with the -e option.
Old keys are retained in the keytab so that existing tickets
continue to work, but delold should be used after such tickets
expire, to prevent attacks against the old keys.
delold Deletes keys that are not the most recent version from the
keytab. This operation should be used some time after a change
operation to remove old keys, after existing tickets issued for
the service have expired. If the -i flag is given, then k5srvu-
til will prompt for confirmation for each principal.
delete Deletes particular keys in the keytab, interactively prompting
for each key.
In all cases, the default keytab is used unless this is overridden by
the -f option.
k5srvutil uses the kadmin(1) program to edit the keytab in place.
ENVIRONMENT
See kerberos(7) for a description of Kerberos environment variables.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+------------------------+
|Availability | security/kerberos-5 |
+---------------+------------------------+
|Stability | Pass-through committed |
+---------------+------------------------+
SEE ALSO
kadmin(1), ktutil(1), kerberos(7)
AUTHOR
MIT
COPYRIGHT
1985-2021, MIT
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from http://web.mit.edu/ker-
beros/dist/krb5/1.18/krb5-1.18.4.tar.gz.
Further information about this software can be found on the open source
community website at http://web.mit.edu/kerberos/.
1.18.4 K5SRVUTIL(1)