xenial (1) k5srvutil.1.gz

Provided by: krb5-user_1.13.2+dfsg-5ubuntu2.2_amd64 bug

NAME

       k5srvutil - host key table (keytab) manipulation utility

SYNOPSIS

       k5srvutil operation [-i] [-f filename] [-e keysalts]

DESCRIPTION

       k5srvutil  allows an administrator to list or change keys currently in a keytab or to add new keys to the
       keytab.

       operation must be one of the following:

       list   Lists the keys in a keytab showing version number and principal name.

       change Uses the kadmin protocol to update the keys in the Kerberos  database  to  new  randomly-generated
              keys,  and  updates  the keys in the keytab to match.  If a key's version number doesn't match the
              version number stored in the Kerberos server's database, then the operation will fail.   Old  keys
              are  retained  in  the keytab so that existing tickets continue to work.  If the -i flag is given,
              k5srvutil will prompt for confirmation before changing each key.  If the -k option is  given,  the
              old  and  new  keys  will  be  displayed.   Ordinarily,  keys  will  be generated with the default
              encryption types and key salts.  This can be overridden with the -e option.

       delold Deletes keys that are not the most recent version from the keytab.  This operation should be  used
              some  time  after  a  change  operation  to remove old keys, after existing tickets issued for the
              service have expired.  If the -i flag is given, then k5srvutil will prompt  for  confirmation  for
              each principal.

       delete Deletes particular keys in the keytab, interactively prompting for each key.

       In all cases, the default keytab is used unless this is overridden by the -f option.

       k5srvutil uses the kadmin(1) program to edit the keytab in place.

SEE ALSO

       kadmin(1), ktutil(1)

AUTHOR

       MIT

       1985-2015, MIT