diff options
Diffstat (limited to 'crypto/krb5/doc/admin/admin_commands/k5srvutil.rst')
| -rw-r--r-- | crypto/krb5/doc/admin/admin_commands/k5srvutil.rst | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/crypto/krb5/doc/admin/admin_commands/k5srvutil.rst b/crypto/krb5/doc/admin/admin_commands/k5srvutil.rst deleted file mode 100644 index 79502cf9eb98..000000000000 --- a/crypto/krb5/doc/admin/admin_commands/k5srvutil.rst +++ /dev/null @@ -1,69 +0,0 @@ -.. _k5srvutil(1): - -k5srvutil -========= - -SYNOPSIS --------- - -**k5srvutil** *operation* -[**-i**] -[**-f** *filename*] -[**-e** *keysalts*] - -DESCRIPTION ------------ - -k5srvutil allows an administrator to list keys currently in -a keytab, to obtain new keys for a principal currently in a keytab, -or to delete non-current keys from a keytab. - -*operation* must be one of the following: - -**list** - Lists the keys in a keytab, showing version number and principal - name. - -**change** - Uses the kadmin protocol to update the keys in the Kerberos - database to new randomly-generated keys, and updates the keys in - the keytab to match. If a key's version number doesn't match the - version number stored in the Kerberos server's database, then the - operation will fail. If the **-i** flag is given, k5srvutil will - prompt for confirmation before changing each key. If the **-k** - option is given, the old and new keys will be displayed. - Ordinarily, keys will be generated with the default encryption - types and key salts. This can be overridden with the **-e** - option. Old keys are retained in the keytab so that existing - tickets continue to work, but **delold** should be used after - such tickets expire, to prevent attacks against the old keys. - -**delold** - Deletes keys that are not the most recent version from the keytab. - This operation should be used some time after a change operation - to remove old keys, after existing tickets issued for the service - have expired. If the **-i** flag is given, then k5srvutil will - prompt for confirmation for each principal. - -**delete** - Deletes particular keys in the keytab, interactively prompting for - each key. - -In all cases, the default keytab is used unless this is overridden by -the **-f** option. - -k5srvutil uses the :ref:`kadmin(1)` program to edit the keytab in -place. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`ktutil(1)`, :ref:`kerberos(7)` |