diff options
Diffstat (limited to 'crypto/krb5/src/man/kdb5_util.man')
| -rw-r--r-- | crypto/krb5/src/man/kdb5_util.man | 75 |
1 files changed, 42 insertions, 33 deletions
diff --git a/crypto/krb5/src/man/kdb5_util.man b/crypto/krb5/src/man/kdb5_util.man index d43d913d09c8..fd2218189fa6 100644 --- a/crypto/krb5/src/man/kdb5_util.man +++ b/crypto/krb5/src/man/kdb5_util.man @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "KDB5_UTIL" "8" " " "1.21.3" "MIT Kerberos" +.TH "KDB5_UTIL" "8" " " "1.22" "MIT Kerberos" .SH NAME kdb5_util \- Kerberos database maintenance utility .SH SYNOPSIS @@ -65,14 +65,14 @@ specifies the Kerberos realm of the database. .TP \fB\-d\fP \fIdbname\fP specifies the name under which the principal database is stored; -by default the database is that listed in kdc.conf(5)\&. The +by default the database is that listed in \fI\%kdc.conf\fP\&. The password policy database and lock files are also derived from this value. .TP \fB\-k\fP \fImkeytype\fP specifies the key type of the master key in the database. The default is given by the \fBmaster_key_type\fP variable in -kdc.conf(5)\&. +\fI\%kdc.conf\fP\&. .TP \fB\-kv\fP \fImkeyVNO\fP Specifies the version number of the master key in the database; @@ -81,7 +81,7 @@ the default is 1. Note that 0 is not allowed. \fB\-M\fP \fImkeyname\fP principal name for the master key in the database. If not specified, the name is determined by the \fBmaster_key_name\fP -variable in kdc.conf(5)\&. +variable in \fI\%kdc.conf\fP\&. .TP \fB\-m\fP specifies that the master database password should be read from @@ -90,7 +90,7 @@ the keyboard rather than fetched from a file on disk. \fB\-sf\fP \fIstash_file\fP specifies the stash filename of the master database password. If not specified, the filename is determined by the -\fBkey_stash_file\fP variable in kdc.conf(5)\&. +\fBkey_stash_file\fP variable in \fI\%kdc.conf\fP\&. .TP \fB\-P\fP \fIpassword\fP specifies the master database password. Using this option may @@ -98,7 +98,7 @@ expose the password to other users on the system via the process list. .TP \fB\-x\fP \fIdb_args\fP -specifies database\-specific options. See kadmin(1) for +specifies database\-specific options. See \fI\%kadmin\fP for supported options. .UNINDENT .SH COMMANDS @@ -132,7 +132,7 @@ the \fB\-f\fP argument, does not prompt the user. .sp Stores the master principal\(aqs keys in a stash file. The \fB\-f\fP argument can be used to override the \fIkeyfile\fP specified in -kdc.conf(5)\&. +\fI\%kdc.conf\fP\&. .SS dump .INDENT 0.0 .INDENT 3.5 @@ -144,24 +144,24 @@ kdc.conf(5)\&. .UNINDENT .sp Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, "kdb5_util -load_dump version 7". If filename is not specified, or is the string -"\-", the dump is sent to standard output. Options: +default, the database is dumped in current format, \(dqkdb5_util +load_dump version 7\(dq. If filename is not specified, or is the string +\(dq\-\(dq, the dump is sent to standard output. Options: .INDENT 0.0 .TP \fB\-b7\fP -causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util -load_dump version 4"). This was the dump format produced on +causes the dump to be in the Kerberos 5 Beta 7 format (\(dqkdb5_util +load_dump version 4\(dq). This was the dump format produced on releases prior to 1.2.2. .TP \fB\-r13\fP -causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util -load_dump version 5"). This was the dump format produced on +causes the dump to be in the Kerberos 5 1.3 format (\(dqkdb5_util +load_dump version 5\(dq). This was the dump format produced on releases prior to 1.8. .TP \fB\-r18\fP -causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util -load_dump version 6"). This was the dump format produced on +causes the dump to be in the Kerberos 5 1.8 format (\(dqkdb5_util +load_dump version 6\(dq). This was the dump format produced on releases prior to 1.11. .TP \fB\-verbose\fP @@ -218,17 +218,17 @@ Options: .TP \fB\-b7\fP requires the database to be in the Kerberos 5 Beta 7 format -("kdb5_util load_dump version 4"). This was the dump format +(\(dqkdb5_util load_dump version 4\(dq). This was the dump format produced on releases prior to 1.2.2. .TP \fB\-r13\fP -requires the database to be in Kerberos 5 1.3 format ("kdb5_util -load_dump version 5"). This was the dump format produced on +requires the database to be in Kerberos 5 1.3 format (\(dqkdb5_util +load_dump version 5\(dq). This was the dump format produced on releases prior to 1.8. .TP \fB\-r18\fP -requires the database to be in Kerberos 5 1.8 format ("kdb5_util -load_dump version 6"). This was the dump format produced on +requires the database to be in Kerberos 5 1.8 format (\(dqkdb5_util +load_dump version 6\(dq). This was the dump format produced on releases prior to 1.11. .TP \fB\-hash\fP @@ -269,12 +269,12 @@ salt types to be used for the new keys. Adds a new master key to the master key principal, but does not mark it as active. Existing master keys will remain. The \fB\-e\fP option specifies the encryption type of the new master key; see -Encryption_types in kdc.conf(5) for a list of possible +\fI\%Encryption types\fP in \fI\%kdc.conf\fP for a list of possible values. The \fB\-s\fP option stashes the new master key in the stash file, which will be created if it doesn\(aqt already exist. .sp After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of kprop(8)\&. Then, +servers via a manual or periodic invocation of \fI\%kprop\fP\&. Then, the stash files on the replica servers should be updated with the kdb5_util \fBstash\fP command. Once those steps are complete, the key is ready to be marked active with the kdb5_util \fBuse_mkey\fP command. @@ -289,7 +289,7 @@ Sets the activation time of the master key specified by \fImkeyVNO\fP\&. Once a master key becomes active, it will be used to encrypt newly created principal keys. If no \fItime\fP argument is given, the current time is used, causing the specified master key version to become -active immediately. The format for \fItime\fP is getdate string. +active immediately. The format for \fItime\fP is \fI\%getdate time\fP string. .sp After a new master key becomes active, the kdb5_util \fBupdate_princ_encryption\fP command can be used to update all @@ -303,7 +303,7 @@ principal keys to be encrypted in the new master key. .sp List all master keys, from most recent to earliest, in the master key principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of kadmin(1) \fBgetprinc\fP\&. A +each mkey, similar to the output of \fI\%kadmin\fP \fBgetprinc\fP\&. A \fB*\fP following an mkey denotes the currently active master key. .SS purge_mkeys .INDENT 0.0 @@ -374,7 +374,7 @@ instead of the default tab\-separated (unquoted, unescaped) format .TP \fB\-e\fP write empty hexadecimal string fields as empty fields instead of -as "\-1". +as \(dq\-1\(dq. .TP \fB\-n\fP produce numeric output for fields that normally have symbolic @@ -389,6 +389,17 @@ output Dump types: .INDENT 0.0 .TP +\fBalias\fP +principal alias information +.INDENT 7.0 +.TP +\fBaliasname\fP +the name of the alias +.TP +\fBtargetname\fP +the target of the alias +.UNINDENT +.TP \fBkeydata\fP principal encryption key information, including actual key data (which is still encrypted in the master key) @@ -524,8 +535,7 @@ Examples: .INDENT 0.0 .INDENT 3.5 .sp -.nf -.ft C +.EX $ kdb5_util tabdump \-o keyinfo.txt keyinfo $ cat keyinfo.txt name keyindex kvno enctype salttype salt @@ -540,20 +550,19 @@ K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal sqlite> .quit $ awk \-F\(aq\et\(aq \(aq$4 ~ /aes256\-/ { print }\(aq keyinfo.txt K/M@EXAMPLE.COM 1 1 aes256\-cts\-hmac\-sha384\-192 normal \-1 -.ft P -.fi +.EE .UNINDENT .UNINDENT .SH ENVIRONMENT .sp -See kerberos(7) for a description of Kerberos environment +See \fI\%kerberos\fP for a description of Kerberos environment variables. .SH SEE ALSO .sp -kadmin(1), kerberos(7) +\fI\%kadmin\fP, \fI\%kerberos\fP .SH AUTHOR MIT .SH COPYRIGHT -1985-2024, MIT +1985-2025, MIT .\" Generated by docutils manpage writer. . |