Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ktutil(1) [opensolaris man page]

ktutil(1)							   User Commands							 ktutil(1)

NAME

       ktutil - Kerberos keytab maintenance utility

SYNOPSIS

       /usr/bin/ktutil

DESCRIPTION

       The  ktutil command is an interactive command-line interface utility for managing  the keylist in keytab files. You must read in a keytab's
       keylist	before you can manage it. Also, the user running the ktutil command must have read/write permissions on the keytab.  For  example,
       if a keytab is owned by root, which it typically is, ktutil must be run as root to have the appropriate permissions.

COMMANDS

       clear_list	      Clears the current keylist.
       clear

       read_kt file	      Reads a keytab into the current keylist. You must specify a keytab file to read.
       rkt file

       write_kt file	      Writes  the  current  keylist  to a keytab file. You must specify a keytab file to write. If the keytab file already
       wkt file 	      exists, the current keylist is appended to the existing keytab file.

       add_entry number       Adds an entry to the current keylist. Specify the entry by the keylist slot number.
       addent number

       delete_entry number    Deletes an entry from the current keylist. Specify the entry by the keylist slot number.
       delent number

       list		      Lists the current keylist.
       l

       list_request	      Lists available requests (commands).
       lr

       quit		      Exits utility.
       exit
       q
EXAMPLES

       Example 1 Deleting a principal from a file

       The following example deletes the host/denver@ACME.com principal from the /etc/krb5/krb5.keytab file. Notice that if you want to delete	an
       entry  from an existing keytab, you must first write the keylist to a temporary keytab and then overwrite the existing keytab with the tem-
       porary keytab. This is because the wkt command actually appends the current keylist to an existing keytab, so you can't use it to overwrite
       a keytab.

	 example# /usr/krb5/bin/ktutil
	     ktutil: rkt /etc/krb5/krb5.keytab
	     ktutil: list
	 slot KVNO Principal
	 ---- ---- ---------------------------------------
	    1	 8 host/vail@ACME.COM
	    2	 5 host/denver@ACME.COM
	     ktutil:delent 2
	     ktutil:l
	 slot KVNO Principal
	 ---- ---- --------------------------------------
	    1	 8 host/vail@ACME.COM
	     ktutil:wkt /tmp/krb5.keytab
	     ktutil:q
	 example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab

FILES

       /etc/krb5/krb5.keytab	keytab file for Kerberos clients

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWkrbu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |See below.		   |
       +-----------------------------+-----------------------------+

       The command arguments are Evolving. The command output is Unstable.

SEE ALSO

       kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5)

SunOS 5.11							    16 Nov 2006 							 ktutil(1)

Check Out this Related Man Page

KTUTIL(8)						    BSD System Manager's Manual 						 KTUTIL(8)

NAME

     ktutil -- manage Kerberos keytabs

SYNOPSIS

     ktutil [-k keytab | --keytab=keytab] [-v | --verbose] [--version] [-h | --help] command [args]

DESCRIPTION

     ktutil is a program for managing keytabs.	Supported options:

     -v, --verbose
	     Verbose output.

     command can be one of the following:

     add [-p principal] [--principal=principal] [-V kvno] [--kvno=kvno] [-e enctype] [--enctype=enctype] [-w password] [--password=password] [-r]
		 [--random] [-s] [--no-salt] [-H] [--hex]
		 Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the
		 hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the get
		 command, which talks to the kadmin server.

     change [-r realm] [--realm=realm] [--a host] [--admin-server=host] [--s port] [--server-port=port]
		 Update one or several keys to new versions.  By default, use the admin server for the realm of a keytab entry.  Otherwise it will
		 use the values specified by the options.

		 If no principals are given, all the ones in the keytab are updated.

     copy keytab-src keytab-dest
		 Copies all the entries from keytab-src to keytab-dest.

     get [-p admin principal] [--principal=admin principal] [-e enctype] [--enctypes=enctype] [-r realm] [--realm=realm] [-a admin server]
		 [--admin-server=admin server] [-s server port] [--server-port=server port] principal ...
		 For each principal, generate a new key for it (creating it if it doesn't already exist), and put that key in the keytab.

		 If no realm is specified, the realm to operate on is taken from the first principal.

     list [--keys] [--timestamp]
		 List the keys stored in the keytab.

     remove [-p principal] [--principal=principal] [-V -kvno] [--kvno=kvno] [-e -enctype] [--enctype=enctype]
		 Removes the specified key or keys. Not specifying a kvno removes keys with any version number. Not specifying an enctype removes
		 keys of any type.

     rename from-principal to-principal
		 Renames all entries in the keytab that match the from-principal to to-principal.

     purge [--age=age]
		 Removes all old versions of a key for which there is a newer version that is at least age (default one week) old.

SEE ALSO

     kadmin(8)

BSD
								  April 14, 2005							       BSD
Man Page