pullup from 1.2-beta4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12497 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 30 insertions, 3 deletions

diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M
index a74874ff9..5acd48b9c 100644
--- a/src/kadmin/cli/kadmin.M
+++ b/src/kadmin/cli/kadmin.M
@@ -320,6 +320,12 @@ sets the key of the principal to a random value
 sets the key of the principal to the specified string and does not
 prompt for a password.  Note:  using this option in a shell script can
 be dangerous if unauthorized users gain read access to the script.
+.TP
+\fB\-e\fP \fI"enc:salt ..."\fP
+uses the specified list of enctype\-salttype pairs for setting the key
+of the principal.  The quotes are necessary if there are multiple
+enctype\-salttype pairs.  This will not function against kadmin
+daemons earlier than krb5\-1.2.
 .nf
 .TP
 EXAMPLE:
@@ -372,8 +378,8 @@ KADM5_UNK_PRINC (principal does not exist)
 modifies the specified principal, changing the fields as specified.  The
 options are as above for
 .BR add_principal ,
-except that password changing is forbidden by this command.  In
-addition, the option
+except that password changing and flags related to password changing
+are forbidden by this command.  In addition, the option
 .B \-clearpolicy
 will clear the current policy of a principal.  This command requires the
 .I modify
@@ -447,6 +453,18 @@ sets the key of the principal to a random value
 .TP
 \fB\-pw\fP \fIpassword\fP
 set the password to the specified string.  Not recommended.
+.TP
+\fB\-e\fP \fI"enc:salt ..."\fP
+uses the specified list of enctype\-salttype pairs for setting the key
+of the principal.  The quotes are necessary if there are multiple
+enctype\-salttype pairs.  This will not function against kadmin
+daemons earlier than krb5\-1.2.
+.TP
+\fB\-keepold \fP 
+Keeps the previous kvno's keys around.  There is no
+easy way to delete the old keys, and this flag is usually not
+necessary except perhaps for TGS keys.  Don't use this flag unless you
+know what you're doing.
 .nf
 .TP
 EXAMPLE:
@@ -664,7 +682,10 @@ kadmin:
 .RE
 .fi
 .TP
-\fBktadd\fP [\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] [\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP]
+\fBktadd\fP [\fB\-k\fP \fIkeytab\fP] [\fB\-q\fP] [\fB\-e\fP \fIkeysaltlist\fP]
+.br
+[\fIprincipal\fP | \fB\-glob\fP \fIprinc-exp\fP] [\fI...\fP]
+.br
 Adds a principal or all principals matching
 .I princ-exp
 to a keytab, randomizing each principal's key in the process.  Requires the
@@ -772,3 +793,9 @@ OpenVision Kerberos administration program.
 .SH BUGS
 .PP
 Command output needs to be cleaned up.
+
+There is no way to delete a key kept around from a "\-keepold" option
+to a password-changing command, other than to do a password change
+without the "\-keepold" option, which will of course cause problems if
+the key is a TGS key.  There will be more powerful key-manipulation
+commands in the future.