Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ktutil(1) [opensolaris man page]

ktutil(1)							   User Commands							 ktutil(1)

NAME
ktutil - Kerberos keytab maintenance utility SYNOPSIS
/usr/bin/ktutil DESCRIPTION
The ktutil command is an interactive command-line interface utility for managing the keylist in keytab files. You must read in a keytab's keylist before you can manage it. Also, the user running the ktutil command must have read/write permissions on the keytab. For example, if a keytab is owned by root, which it typically is, ktutil must be run as root to have the appropriate permissions. COMMANDS
clear_list Clears the current keylist. clear read_kt file Reads a keytab into the current keylist. You must specify a keytab file to read. rkt file write_kt file Writes the current keylist to a keytab file. You must specify a keytab file to write. If the keytab file already wkt file exists, the current keylist is appended to the existing keytab file. add_entry number Adds an entry to the current keylist. Specify the entry by the keylist slot number. addent number delete_entry number Deletes an entry from the current keylist. Specify the entry by the keylist slot number. delent number list Lists the current keylist. l list_request Lists available requests (commands). lr quit Exits utility. exit q EXAMPLES
Example 1 Deleting a principal from a file The following example deletes the host/denver@ACME.com principal from the /etc/krb5/krb5.keytab file. Notice that if you want to delete an entry from an existing keytab, you must first write the keylist to a temporary keytab and then overwrite the existing keytab with the tem- porary keytab. This is because the wkt command actually appends the current keylist to an existing keytab, so you can't use it to overwrite a keytab. example# /usr/krb5/bin/ktutil ktutil: rkt /etc/krb5/krb5.keytab ktutil: list slot KVNO Principal ---- ---- --------------------------------------- 1 8 host/vail@ACME.COM 2 5 host/denver@ACME.COM ktutil:delent 2 ktutil:l slot KVNO Principal ---- ---- -------------------------------------- 1 8 host/vail@ACME.COM ktutil:wkt /tmp/krb5.keytab ktutil:q example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab FILES
/etc/krb5/krb5.keytab keytab file for Kerberos clients ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkrbu | +-----------------------------+-----------------------------+ |Interface Stability |See below. | +-----------------------------+-----------------------------+ The command arguments are Evolving. The command output is Unstable. SEE ALSO
kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5) SunOS 5.11 16 Nov 2006 ktutil(1)

Check Out this Related Man Page

ipa-rmkeytab(1) 						 IPA Manual Pages						   ipa-rmkeytab(1)

NAME
ipa-rmkeytab - Remove a kerberos principal from a keytab SYNOPSIS
ipa-rmkeytab [ -p principal-name ] [ -k keytab-file ] [ -r realm ] [ -d ] DESCRIPTION
Removes a kerberos principal from a keytab. Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or keys) for a kerberos principal. A kerberos service principal is a kerberos identity that can be used for authentication. Service principals contain the name of the ser- vice, the hostname of the server, and the realm name. ipa-rmkeytab provides two ways to remove principals. A specific principal can be removed or all principals for a given realm can be removed. All encryption types and versions of a principal are removed. The realm may be included when removing a specific principal but it is not required. NOTE: removing a principal from the keytab does not affect the Kerberos principal stored in the IPA server. It merely removes the entry from the local keytab. OPTIONS
-p principal-name The non-realm part of the full principal name. -k keytab-file The keytab file to append the principal(s) from. -r realm A realm to remove all principals for. -d Debug mode. Additional information is displayed. EXAMPLES
Remove the NFS service principal on the host foo.example.com from /tmp/nfs.keytab. # ipa-rmkeytab -p nfs/foo.example.com -k /tmp/nfs.keytab Remove the ldap service principal on the host foo.example.com from /etc/krb5.keytab. # ipa-rmkeytab -p ldap/foo.example.com -k /etc/krb5.keytab Remove all principals for the realm EXAMPLE.COM. # ipa-rmkeytab -r EXAMPLE.COM -k /etc/krb5.keytab EXIT STATUS
The exit status is 0 on success, nonzero on error. 1 Kerberos initialization failed 2 Memory allocation error 3 Unable to open keytab 4 Unable to parse the principal name 5 Principal name or realm not found in keytab 6 Unable to remove principal from keytab IPA
Oct 30 2009 ipa-rmkeytab(1)
Man Page