ktutil(1) User Commands ktutil(1)
NAME
ktutil - Kerberos keytab maintenance utility
SYNOPSIS
/usr/bin/ktutil
DESCRIPTION
The ktutil command is an interactive command-line interface utility for managing the keylist in keytab files. You must read in a keytab's
keylist before you can manage it. Also, the user running the ktutil command must have read/write permissions on the keytab. For example,
if a keytab is owned by root, which it typically is, ktutil must be run as root to have the appropriate permissions.
COMMANDS
clear_list Clears the current keylist.
clear
read_kt file Reads a keytab into the current keylist. You must specify a keytab file to read.
rkt file
write_kt file Writes the current keylist to a keytab file. You must specify a keytab file to write. If the keytab file already
wkt file exists, the current keylist is appended to the existing keytab file.
add_entry number Adds an entry to the current keylist. Specify the entry by the keylist slot number.
addent number
delete_entry number Deletes an entry from the current keylist. Specify the entry by the keylist slot number.
delent number
list Lists the current keylist.
l
list_request Lists available requests (commands).
lr
quit Exits utility.
exit
q
EXAMPLES
Example 1 Deleting a principal from a file
The following example deletes the host/denver@ACME.com principal from the /etc/krb5/krb5.keytab file. Notice that if you want to delete an
entry from an existing keytab, you must first write the keylist to a temporary keytab and then overwrite the existing keytab with the tem-
porary keytab. This is because the wkt command actually appends the current keylist to an existing keytab, so you can't use it to overwrite
a keytab.
example# /usr/krb5/bin/ktutil
ktutil: rkt /etc/krb5/krb5.keytab
ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------
1 8 host/vail@ACME.COM
2 5 host/denver@ACME.COM
ktutil:delent 2
ktutil:l
slot KVNO Principal
---- ---- --------------------------------------
1 8 host/vail@ACME.COM
ktutil:wkt /tmp/krb5.keytab
ktutil:q
example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab
FILES
/etc/krb5/krb5.keytab keytab file for Kerberos clients
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWkrbu |
+-----------------------------+-----------------------------+
|Interface Stability |See below. |
+-----------------------------+-----------------------------+
The command arguments are Evolving. The command output is Unstable.
SEE ALSO
kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5)
SunOS 5.11 16 Nov 2006 ktutil(1)