LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    kdb5_util

    
    
    

    SYNOPSIS

           kdb5_util    [-r realm]    [-d dbname]    [-k mkeytype]   [-M mkeyname]
           [-kv mkeyVNO] [-sf stashfilename] [-m] command [command_options]
    
    
    

    DESCRIPTION

           kdb5_util allows an administrator to perform low-level maintenance pro-
           cedures  on the Kerberos and KADM5 database.  Databases can be created,
           destroyed, and dumped to and loaded from  ASCII  files.   Additionally,
           kdb5_util  can create a Kerberos master key stash file.  kdb5_util sub-
           sumes the functionality of and makes  obsolete  the  previous  database
           maintenance   programs   kdb5_create,   kdb5_edit,   kdb5_destroy,  and
           kdb5_stash.
    
           When kdb5_util is run, it attempts to acquire the master key  and  open
           the  database.   However,  execution continues regardless of whether or
           not kdb5_util successfully opens the database, because the database may
           not exist yet or the stash file may be corrupt.
    
           Note that some KDB plugins may not support all kdb5_util commands.
    
    
    

    COMMAND-LINE OPTIONS

           -r realm
                  specifies  the  Kerberos  realm  of the database; by default the
                  realm returned by krb5_default_local_realm(3) is used.
    
           -d dbname
                  specifies the name under which the principal database is stored;
                  by  default  the  database  is  that listed in kdc.conf(5).  The
                  KADM5 policy database and lock file are also derived  from  this
                  value.
    
           -k mkeytype
                  specifies  the  key  type of the master key in the database; the
                  default is that given in kdc.conf.
    
           -kv mkeyVNO
                  Specifies the version number of the master key in the  database;
                  the default is 1.  Note that 0 is not allowed.
    
           -M mkeyname
                  principal  name  for the master key in the database; the default
                  is that given in kdc.conf.
    
           -m     specifies that the master database password should be read  from
                  the TTY rather than fetched from a file on disk.
    
           -sf stash_file
                  specifies the stash file of the master database password.
    
           -P password
                  specifies the master database password.  This option is not rec-
                  ommended.
    
           stash [-f keyfile]
                  Stores the master principal's keys in  a  stash  file.   The  -f
                  argument  can  be  used  to  override  the  keyfile specified at
                  startup.
    
           dump [-old|-b6|-b7|-ov|-r13]
                  [-verbose]  [-mkey_convert]  [-new_mkey_file  mkey_file]  [-rev]
                  [-recurse] [filename [principals...]]
                  Dumps  the  current  Kerberos  and  KADM5 database into an ASCII
                  file.  By default, the database is  dumped  in  current  format,
                  "kdb5_util  load_dump version 6".  If filename is not specified,
                  or is the string "-", the  dump  is  sent  to  standard  output.
                  Options:
    
                  -old   causes  the  dump to be in the Kerberos 5 Beta 5 and ear-
                         lier dump format ("kdb5_edit load_dump version 2.0").
    
                  -b6    causes the dump to be in the Kerberos  5  Beta  6  format
                         ("kdb5_edit load_dump version 3.0").
    
                  -b7    causes  the  dump  to  be in the Kerberos 5 Beta 7 format
                         ("kdb5_util load_dump version 4").   This  was  the  dump
                         format produced on releases prior to 1.2.2.
    
                  -ov    causes the dump to be in ovsec_adm_export format.
    
                  -r13   causes  the  dump  to  be  in  the  Kerberos 5 1.3 format
                         ("kdb5_util load_dump version 5").   This  was  the  dump
                         format produced on releases prior to 1.8.
    
                  -verbose
                         causes  the  name  of  each  principal  and  policy to be
                         printed as it is dumped.
    
                  -mkey_convert
                         prompts for a new master key.  This new master  key  will
                         be  used to re-encrypt the key data in the dumpfile.  The
                         key data in the database will not be changed.
    
                  -new_mkey_file mkey_file
                         the filename of a stash file.  The  master  key  in  this
                         stash file will be used to re-encrypt the key data in the
                         dumpfile.  The key data  in  the  database  will  not  be
                         changed.
    
                  -rev   dumps in reverse order.  This may recover principals that
                         do not dump normally, in cases where database  corruption
                         has occurred.
    
                  -recurse
                         causes  the  dump to walk the database recursively (btree
                         only).  This may recover principals that do not dump nor-
    
                  -old   requires the database to be in the Kerberos 5 Beta 5  and
                         earlier format ("kdb5_edit load_dump version 2.0").
    
                  -b6    requires the database to be in the Kerberos 5 Beta 6 for-
                         mat ("kdb5_edit load_dump version 3.0").
    
                  -b7    requires the database to be in the Kerberos 5 Beta 7 for-
                         mat ("kdb5_util load_dump version 4").
    
                  -ov    requires  the  database to be in ovsec_adm_import format.
                         Must be used with the -update option.
    
                  -hash  requires the database to be stored as a  hash.   If  this
                         option is not specified, the database will be stored as a
                         btree.  This option  is  not  recommended,  as  databases
                         stored  in hash format are known to corrupt data and lose
                         principals.
    
                  -verbose
                         causes the name  of  each  principal  and  policy  to  be
                         printed as it is dumped.
    
                  -update
                         records from the dump file are added to or updated in the
                         existing database; otherwise, a new database  is  created
                         containing  only what is in the dump file and the old one
                         destroyed upon successful completion.
    
                  dbname is required and overrides the value specified on the com-
                         mand line or the default.
    
           ark    Adds a random key.
    
           add_mkey [-e etype] [-s]
                  Adds a new master key to the K/M (master key) principal.  Exist-
                  ing master keys will remain.  The -e etype option allows  speci-
                  fication  of  the  enctype of the new master key.  The -s option
                  stashes the new master key in a local stash file which  will  be
                  created if it doesn't already exist.
    
           use_mkey mkeyVNO [time]
                  Sets the activation time of the master key specified by mkeyVNO.
                  Once a master key is active (i.e. its activation time  has  been
                  reached)  it  will then be used to encrypt principal keys either
                  when the principal keys change, are newly created  or  when  the
                  update_princ_encryption command is run.  If the time argument is
                  provided then that will be the  activation  time  otherwise  the
                  current  time  is  used  by default.  The format of the optional
                  time argument is that specified in the Time Formats  section  of
                  the kadmin man page.
    
           -n     do  a  dry run, shows master keys that would be purged, does not
                  actually purge any keys.
    
           -v     verbose output.
    
           update_princ_encryption [-f] [-n] [-v] [princ-pattern]
                  Update  all  principal  records  (or  only  those  matching  the
                  princ-pattern glob pattern) to re-encrypt the key data using the
                  active database master key, if they are  encrypted  using  older
                  versions,  and  give a count at the end of the number of princi-
                  pals updated.  If the -f option is not given, ask for  confirma-
                  tion before starting to make changes.  The -v option causes each
                  principal processed  (each  one  matching  the  pattern)  to  be
                  listed, and an indication given as to whether it needed updating
                  or not.  The -n option causes the actions not to be taken,  only
                  the normal or verbose status messages displayed; this implies -f
                  since no database changes will be  performed  and  thus  there's
                  little reason to seek confirmation.
    
    
    

    SEE ALSO

           kadmin(8)
    
                                                                      KDB5_UTIL(8)
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz