Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
KTUTIL(8)		  BSD System Manager's Manual		     KTUTIL(8)

     ktutil -- manage Kerberos keytabs

     ktutil [-k	keytab | --keytab=keytab] [-v |	--verbose] [--version]
	    [-h	| --help] command [args]

     ktutil is a program for managing keytabs.	Supported options:

     -v, --verbose
	     Verbose output.

     command can be one	of the following:

     add [-p principal]	[--principal=principal]	[-V kvno] [--kvno=kvno]	[-e
		 enctype] [--enctype=enctype] [-w password]
		 [--password=password] [-r] [--random] [-s] [--no-salt]	[-H]
		 Adds a	key to the keytab. Options that	are not	specified will
		 be prompted for. This requires	that you know the password or
		 the hex key of	the principal to add; if what you really want
		 is to add a new principal to the keytab, you should consider
		 the get command, which	talks to the kadmin server.

     change [-r	realm] [--realm=realm] [--a host] [--admin-server=host]	[--s
		 port] [--server-port=port]
		 Update	one or several keys to new versions.  By default, use
		 the admin server for the realm	of a keytab entry.  Otherwise
		 it will use the values	specified by the options.

		 If no principals are given, all the ones in the keytab	are

     copy keytab-src keytab-dest
		 Copies	all the	entries	from keytab-src	to keytab-dest.

     get [-p admin principal] [--principal=admin principal] [-e	enctype]
		 [--enctypes=enctype] [-r realm] [--realm=realm] [-a admin
		 server] [--admin-server=admin server] [-s server port]
		 [--server-port=server port] principal ...
		 For each principal, generate a	new key	for it (creating it if
		 it doesn't already exist), and	put that key in	the keytab.

		 If no realm is	specified, the realm to	operate	on is taken
		 from the first	principal.

     list [--keys] [--timestamp]
		 List the keys stored in the keytab.

     remove [-p	principal] [--principal=principal] [-V -kvno] [--kvno=kvno]
		 [-e -enctype] [--enctype=enctype]
		 Removes the specified key or keys. Not	specifying a kvno re-
		 moves keys with any version number. Not specifying an enctype
		 removes keys of any type.

     rename from-principal to-principal
		 Renames all entries in	the keytab that	match the
		 from-principal	to to-principal.

     purge [--age=age]
		 Removes all old versions of a key for which there is a	newer
		 version that is at least age (default one week) old.


HEIMDAL				April 14, 2005			       HEIMDAL


Want to link to this manual page? Use this URL:

home | help