NAME
ktutil
- manage Kerberos keytabs
SYNOPSIS
ktutil
--keytab=keytab
[-k keytab Xo]
[-v | --verbose]
[--version]
[-h | --help]
command
[args]
DESCRIPTION
ktutil
is a program for managing keytabs.
Supported options:
- Xo
-
-v,
--verbose
Verbose output.
command
can be one of the following:
- add Xo
-
[-p principal]
[--principal=principal]
[-V kvno]
[--kvno=kvno]
[-e enctype]
[--enctype=enctype]
[-w password]
[--password=password]
[-r]
[--random]
[-s]
[--no-salt]
[-H]
[--hex]
Adds a key to the keytab. Options that are not specified will be
prompted for. This requires that you know the password or the hex key of the
principal to add; if what you really want is to add a new principal to
the keytab, you should consider the
get
command, which talks to the kadmin server.
- change Xo
-
[-r realm]
[--realm=realm]
[--a host]
[--admin-server=host]
[--s port]
[--server-port=port]
Update one or several keys to new versions. By default, use the admin
server for the realm of a keytab entry. Otherwise it will use the
values specified by the options.
If no principals are given, all the ones in the keytab are updated.
- copy Xo
-
keytab-src
keytab-dest
Copies all the entries from
keytab-src
to
keytab-dest.
- get Xo
-
[-p admin principal]
[--principal=admin principal]
[-e enctype]
[--enctypes=enctype]
[-r realm]
[--realm=realm]
[-a admin server]
[--admin-server=admin server]
[-s server port]
[--server-port=server port]
principal ...
For each
principal,
generate a new key for it (creating it if it doesn't already exist),
and put that key in the keytab.
If no
realm
is specified, the realm to operate on is taken from the first
principal.
- list Xo
-
[--keys]
[--timestamp]
List the keys stored in the keytab.
- remove Xo
-
[-p principal]
[--principal=principal]
[-V kvno]
[--kvno=kvno]
[-e enctype]
[--enctype=enctype]
Removes the specified key or keys. Not specifying a
kvno
removes keys with any version number. Not specifying an
enctype
removes keys of any type.
- rename Xo
-
from-principal
to-principal
Renames all entries in the keytab that match the
from-principal
to
to-principal.
- purge Xo
-
[--age=age]
Removes all old versions of a key for which there is a newer version
that is at least
age
(default one week) old.
- srvconvert
-
- srv2keytab Xo
-
[-s srvtab]
[--srvtab=srvtab]
Converts the version 4 srvtab in
srvtab
to a version 5 keytab and stores it in
keytab.
Identical to:
-
ktutil
copy
krb4:
srvtab
keytab
- srvcreate
-
- key2srvtab Xo
-
[-s srvtab]
[--srvtab=srvtab]
Converts the version 5 keytab in
keytab
to a version 4 srvtab and stores it in
srvtab.
Identical to:
-
ktutil
copy
keytab
krb4:
srvtab
SEE ALSO
kadmin(8)