kdb5_util man page on Peanut

Man page or keyword search:  
man Server   7435 pages
apropos Keyword Search (all sections)
Output format
Peanut logo
[printable version]

KDB5_UTIL(8)							  KDB5_UTIL(8)

NAME
       kdb5_util - Kerberos database maintainance utility

SYNOPSIS
       kdb5_util    [-r realm]	  [-d dbname]	 [-k mkeytype]	 [-M mkeyname]
       [-sf stashfilename] [-m] command [command_options]

DESCRIPTION
       kdb5_util allows an administrator  to  perform  low-level  maintainance
       procedures  on  the Kerberos and KADM5 database.	 Databases can be cre‐
       ated, destroyed, and dumped to and loaded from ASCII files.   Addition‐
       ally, kdb5_util can create a Kerberos master key stash file.  kdb5_util
       subsumes the functionality of and makes obsolete the previous  database
       maintainance   programs	 kdb5_create,	kdb5_edit,  kdb5_destroy,  and
       kdb5_stash.

       When kdb5_util is run, it attempts to acquire the master key  and  open
       the  database.	However,  execution continues regardless of whether or
       not kdb5_util successfully opens the database, because the database may
       not exist yet or the stash file may be corrupt.

COMMAND-LINE OPTIONS
       -r realm
	      specifies	 the  Kerberos	realm  of the database; by default the
	      realm returned by krb5_default_local_realm(3) is used.

       -d dbname
	      specifies the name under which the principal database is stored;
	      by  default  the	database  is  that listed in kdc.conf(5).  The
	      KADM5 policy database and lock file are also derived  from  this
	      value.

       -k mkeytype
	      specifies	 the  key  type of the master key in the database; the
	      default is that given in kdc.conf.

       -M mkeyname
	      principal name for the master key in the database;  the  default
	      is that given in kdc.conf.

       -m     specifies	 that the master database password should be read from
	      the TTY rather than fetched from a file on disk.

       -sf stash_file
	      specifies the stash file of the master database password.

       -P password
	      specifies the master database password.  This option is not rec‐
	      ommended.

COMMANDS
       create [-s]
	      Creates  a  new  database.   If  the -s option is specified, the
	      stash file is also created.  This command fails if the  database
	      already  exists.	 If the command is successful, the database is
	      opened just as if it had already existed when  the  program  was
	      first run.

       destroy [-f]
	      Destroys	the  database,	first overwriting the disk sectors and
	      then unlinking the files, after prompting the user for confirma‐
	      tion.  With the -f argument, does not prompt the user.

       stash [-f keyfile]
	      Stores  the  master  principal's	keys  in a stash file.	The -f
	      argument can be  used  to	 override  the	keyfile	 specified  at
	      startup.

       dump [-old] [-b6] [-b7] [-ov]
	      [-verbose]  [-mkey_convert]  [-new_mkey_file  mkey_file]	[-rev]
	      [-recurse] [filename [principals...]]
	      Dumps the current Kerberos and  KADM5  database  into  an	 ASCII
	      file.   By  default,  the	 database is dumped in current format,
	      "kdb5_util load_dumpversion 5".  If filename is  not  specified,
	      or  is  the  string  "-",	 the  dump is sent to standard output.
	      Options:

	      -old   causes the dump to be in the Kerberos 5 Beta 5  and  ear‐
		     lier dump format ("kdb5_edit load_dump version 2.0").

	      -b6    causes  the  dump	to  be in the Kerberos 5 Beta 6 format
		     ("kdb5_edit load_dump version 3.0").

	      -b7    causes the dump to be in the Kerberos  5  Beta  7	format
		     ("kdb5_util  load_dump  version  4").   This was the dump
		     format produced on releases prior to 1.2.2.

	      -ov    causes the dump to be in ovsec_adm_export format.

	      -verbose
		     causes the name  of  each	principal  and	policy	to  be
		     printed as it is dumped.

	      -mkey_convert
		     prompts  for  a new master key.  This new master key will
		     be used to re-encrypt the key data in the dumpfile.   The
		     key data in the database will not be changed.

	      -new_mkey_file mkey_file
		     the  filename  of	a  stash file.	The master key in this
		     stash file will be used to re-encrypt the key data in the
		     dumpfile.	 The  key  data	 in  the  database will not be
		     changed.

	      -rev   dumps in reverse order.  This may recover principals that
		     do	 not dump normally, in cases where database corruption
		     has occured.

	      -recurse
		     causes the dump to walk the database  recursively	(btree
		     only).  This may recover principals that do not dump nor‐
		     mally, in cases where database  corruption	 has  occured.
		     In	 cases	of  such corruption, this option will probably
		     retrieve more principals than the -rev option will.

       load [-old] [-b6] [-b7] [-ov] [-hash]
	      [-verbose] [-update] filename dbname [admin_dbname]
	      Loads a database dump from the named file into the  named	 data‐
	      base.  Unless the -old or -b6 option is given, the format of the
	      dump file is detected automatically and handled as  appropriate.
	      Unless  the -update option is given, load creates a new database
	      containing only the principals in the dump file, overwriting the
	      contents of any previously existing database.  Options:

	      -old   requires  the database to be in the Kerberos 5 Beta 5 and
		     earlier format ("kdb5_edit load_dump version 2.0").

	      -b6    requires the database to be in the Kerberos 5 Beta 6 for‐
		     mat ("kdb5_edit load_dump version 3.0").

	      -b7    requires the database to be in the Kerberos 5 Beta 7 for‐
		     mat ("kdb5_util load_dump version 4").

	      -ov    requires the database to be in  ovsec_adm_import  format.
		     Must be used with the -update option.

	      -hash  requires  the  database  to be stored as a hash.  If this
		     option is not specified, the database will be stored as a
		     btree.   This  option  is	not  recommended, as databases
		     stored in hash format are known to corrupt data and  lose
		     principals.

	      -verbose
		     causes  the  name	of  each  principal  and  policy to be
		     printed as it is dumped.

	      -update
		     records from the dump file are added to or updated in the
		     existing  database;  otherwise, a new database is created
		     containing only what is in the dump file and the old  one
		     destroyed upon successful completion.

	      dbname is required and overrides the value specified on the com‐
		     mand line or the default.

	      admin_dbname
		     is optional and is derived from dbname if not specified.

       dump_v4 [-S] [filename]
	      Dumps the current database into the  Kerberos  4	database  dump
	      format.  The -S option specifies the short lifetime algorithm.

       load_v4 [-T] [-v] [-h] [-S]
	      [-t] [-n] [-K] [-s stashfile] inputfile
	      Loads a Kerberos 4 database dump file.  Options:

	      -K     prompts  for  the	V5  master  key	 instead  of using the
		     stashed version.

	      -n     prompts for the V4 master key, instead  of	 reading  from
		     the stash file.

	      -s stashfile
		     gets the V4 master key out of stashfile instead of /.k

	      -T     creates  a	 new  krbtgt instead of converting the V4 one.
		     The V5 server will thus not recognize  outstanding	 tick‐
		     ets, so this should be used with caution.

	      -v     lists each principal as it is converted or ignored.

	      -t     uses  a  temporary	 database, then moves that into place,
		     instead of adding the keys to the current database.

	      -S     Uses the short lifetime algorithm for conversion.

	      -h     Stores the database as a hash instead of a	 btree.	  This
		     option  is	 not  recommended, as databases stored in hash
		     format are known to corrupt data and lose principals.

	      Note: if the Kerberos 4 database had a default  expiration  date
	      of  12/31/1999 or 12/31/2009 (the compiled in defaults for older
	      or newer Kerberos releases) then any entries which have the same
	      expiration  date will be converted to "never" expire in the ver‐
	      sion 5 database.	If the default did not match either value, all
	      expiration dates will be preserved.

	      Also,  Kerberos  4  stored  a  single  modification time for any
	      change to a record; Version 5  stores  a	seperate  modification
	      time  and	 last  password	 change	 time.	In practice, Version 4
	      "modifications" were always password  changes.   load_v4	copies
	      the value into both fields.

       ark    Adds a random key.

SEE ALSO
       kadmin(8)

								  KDB5_UTIL(8)
[top]

List of man pages available for Peanut

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net