SuSE: krb5 (SUSE-SA:2008:016)

03-19-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

SuSE: krb5 (SUSE-SA:2008:016)

LinuxSecurity.com: his update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

ktutil(1) User Commands ktutil(1) NAME
ktutil - Kerberos keytab maintenance utility SYNOPSIS
/usr/bin/ktutil DESCRIPTION
The ktutil command is an interactive command-line interface utility for managing the keylist in keytab files. You must read in a keytab's keylist before you can manage it. Also, the user running the ktutil command must have read/write permissions on the keytab. For example, if a keytab is owned by root, which it typically is, ktutil must be run as root to have the appropriate permissions. COMMANDS
clear_list Clears the current keylist. clear read_kt file Reads a keytab into the current keylist. You must specify a keytab file to read. rkt file write_kt file Writes the current keylist to a keytab file. You must specify a keytab file to write. If the keytab file already wkt file exists, the current keylist is appended to the existing keytab file. add_entry number Adds an entry to the current keylist. Specify the entry by the keylist slot number. addent number delete_entry number Deletes an entry from the current keylist. Specify the entry by the keylist slot number. delent number list Lists the current keylist. l list_request Lists available requests (commands). lr quit Exits utility. exit q EXAMPLES
Example 1 Deleting a principal from a file The following example deletes the host/denver@ACME.com principal from the /etc/krb5/krb5.keytab file. Notice that if you want to delete an entry from an existing keytab, you must first write the keylist to a temporary keytab and then overwrite the existing keytab with the tem- porary keytab. This is because the wkt command actually appends the current keylist to an existing keytab, so you can't use it to overwrite a keytab. example# /usr/krb5/bin/ktutil ktutil: rkt /etc/krb5/krb5.keytab ktutil: list slot KVNO Principal ---- ---- --------------------------------------- 1 8 host/vail@ACME.COM 2 5 host/denver@ACME.COM ktutil:delent 2 ktutil:l slot KVNO Principal ---- ---- -------------------------------------- 1 8 host/vail@ACME.COM ktutil:wkt /tmp/krb5.keytab ktutil:q example# mv /tmp/krb5.keytab /etc/krb5/krb5.keytab FILES
/etc/krb5/krb5.keytab keytab file for Kerberos clients ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkrbu | +-----------------------------+-----------------------------+ |Interface Stability |See below. | +-----------------------------+-----------------------------+ The command arguments are Evolving. The command output is Unstable. SEE ALSO
kadmin(1M), k5srvutil(1M), attributes(5), kerberos(5) SunOS 5.11 16 Nov 2006 ktutil(1)

Security Advisories (RSS)

SuSE: krb5 (SUSE-SA:2008:016)

LEARN ABOUT OPENSOLARIS

ktutil