Provided by: krb5-user_1.13.2+dfsg-5ubuntu2.2_amd64 
NAME
k5srvutil - host key table (keytab) manipulation utility
SYNOPSIS
k5srvutil operation [-i] [-f filename] [-e keysalts]
DESCRIPTION
k5srvutil allows an administrator to list or change keys currently in a keytab or to add new keys to the
keytab.
operation must be one of the following:
list Lists the keys in a keytab showing version number and principal name.
change Uses the kadmin protocol to update the keys in the Kerberos database to new randomly-generated
keys, and updates the keys in the keytab to match. If a key's version number doesn't match the
version number stored in the Kerberos server's database, then the operation will fail. Old keys
are retained in the keytab so that existing tickets continue to work. If the -i flag is given,
k5srvutil will prompt for confirmation before changing each key. If the -k option is given, the
old and new keys will be displayed. Ordinarily, keys will be generated with the default
encryption types and key salts. This can be overridden with the -e option.
delold Deletes keys that are not the most recent version from the keytab. This operation should be used
some time after a change operation to remove old keys, after existing tickets issued for the
service have expired. If the -i flag is given, then k5srvutil will prompt for confirmation for
each principal.
delete Deletes particular keys in the keytab, interactively prompting for each key.
In all cases, the default keytab is used unless this is overridden by the -f option.
k5srvutil uses the kadmin(1) program to edit the keytab in place.
SEE ALSO
kadmin(1), ktutil(1)
AUTHOR
MIT
COPYRIGHT
1985-2015, MIT