diff options
| author | Ben Kaduk <kaduk@mit.edu> | 2012-11-06 22:15:50 -0500 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2012-11-14 15:31:13 -0500 |
| commit | ccaf2682c79974cee368d2f3b0611dabc1361df5 (patch) | |
| tree | bf852491bce076326a300a3494fccb8dc0809562 /doc/admin/admin_commands/k5srvutil.rst | |
| parent | 07b66c2220ad1b38c5465cacc2537096afe332d2 (diff) | |
| download | krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.tar.gz krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.tar.xz krb5-ccaf2682c79974cee368d2f3b0611dabc1361df5.zip | |
Rename doc subdirectories
We like these names better, and they match the PDF document filenames.
admins -> admin
appldev -> appdev
users -> user
and catch up where the names are used elsewhere.
The relay/ directory has been removed, with its contents moved to the
top level in build_this.rst and a new about.rst.
The section headers for kadmind, krb5kdc, sserver, kpasswd, kswitch,
and sclient are misdetected as conflict markers.
bigredbutton: whitespace
ticket: 7433
tags: pullup
Diffstat (limited to 'doc/admin/admin_commands/k5srvutil.rst')
| -rw-r--r-- | doc/admin/admin_commands/k5srvutil.rst | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/doc/admin/admin_commands/k5srvutil.rst b/doc/admin/admin_commands/k5srvutil.rst new file mode 100644 index 0000000000..493c176531 --- /dev/null +++ b/doc/admin/admin_commands/k5srvutil.rst @@ -0,0 +1,57 @@ +.. _k5srvutil(1): + +k5srvutil +========= + +SYNOPSIS +-------- + +**k5srvutil** *operation* +[**-i**] +[**-f** *filename*] + +DESCRIPTION +----------- + +k5srvutil allows an administrator to list or change keys currently in +a keytab or to add new keys to the keytab. + +*operation* must be one of the following: + +**list** + Lists the keys in a keytab showing version number and principal + name. + +**change** + Uses the kadmin protocol to update the keys in the Kerberos + database to new randomly-generated keys, and updates the keys in + the keytab to match. If a key's version number doesn't match the + version number stored in the Kerberos server's database, then the + operation will fail. Old keys are retained in the keytab so that + existing tickets continue to work. If the **-i** flag is given, + k5srvutil will prompt for confirmation before changing each key. + If the **-k** option is given, the old and new keys will be + displayed. + +**delold** + Deletes keys that are not the most recent version from the keytab. + This operation should be used some time after a change operation + to remove old keys, after existing tickets issued for the service + have expired. If the **-i** flag is given, then k5srvutil will + prompt for confirmation for each principal. + +**delete** + Deletes particular keys in the keytab, interactively prompting for + each key. + +In all cases, the default keytab is used unless this is overridden by +the **-f** option. + +k5srvutil uses the :ref:`kadmin(1)` program to edit the keytab in +place. + + +SEE ALSO +-------- + +:ref:`kadmin(1)`, :ref:`ktutil(1)` |