*KRB5_KDB_PWCHANGE_SERVICE* flag on the principal in the
database.
-Command options specific to eDirectory:
-
-.. _kdb5_ldap_util_create_edir:
-
-**-kdcdn** *kdc_service_list*
- Specifies the list of KDC service objects serving the realm. The
- list contains the DNs of the KDC service objects separated by
- colon (``:``).
-
-**-admindn** *admin_service_list*
- Specifies the list of Administration service objects serving the
- realm. The list contains the DNs of the Administration service
- objects separated by colon (``:``).
-
-.. _kdb5_ldap_util_create_edir_end:
-
EXAMPLE:
::
*KRB5_KDB_PWCHANGE_SERVICE* flag on the principal in the
database.
-Command options specific to eDirectory:
-
-.. _kdb5_ldap_util_modify_edir:
-
-**-kdcdn** *kdc_service_list*
- Specifies the list of KDC service objects serving the realm. The
- list contains the DNs of the KDC service objects separated by a
- colon (``:``). This list replaces the existing list.
-
-**-clearkdcdn** *kdc_service_list*
- Specifies the list of KDC service objects that need to be removed
- from the existing list. The list contains the DNs of the KDC
- service objects separated by a colon (``:``).
-
-**-addkdcdn** *kdc_service_list*
- Specifies the list of KDC service objects that need to be added to
- the existing list. The list contains the DNs of the KDC service
- objects separated by a colon (``:``).
-
-**-admindn** *admin_service_list*
- Specifies the list of Administration service objects serving the
- realm. The list contains the DNs of the Administration service
- objects separated by a colon (``:``). This list replaces the
- existing list.
-
-**-clearadmindn** *admin_service_list*
- Specifies the list of Administration service objects that need to
- be removed from the existing list. The list contains the DNs of
- the Administration service objects separated by a colon (``:``).
-
-**-addadmindn** *admin_service_list*
- Specifies the list of Administration service objects that need to
- be added to the existing list. The list contains the DNs of the
- Administration service objects separated by a colon (``:``).
-
-.. _kdb5_ldap_util_modify_edir_end:
-
EXAMPLE:
::
.. _kdb5_ldap_util_list_policy_end:
-Commands specific to eDirectory
--------------------------------
-
-setsrvpw
-~~~~~~~~
-
-.. _kdb5_ldap_util_setsrvpw:
-
- **setsrvpw**
- [**-randpw\|-fileonly**]
- [**-f** *filename*]
- *service_dn*
-
-Allows an administrator to set password for service objects such as
-KDC and Administration server in eDirectory and store them in a file.
-The **-fileonly** option stores the password in a file and not in the
-eDirectory object. Options:
-
-**-randpw**
- Generates and sets a random password. This options can be
- specified to store the password both in eDirectory and a file.
- The **-fileonly** option can not be used if **-randpw** option is
- already specified.
-
-**-fileonly**
- Stores the password only in a file and not in eDirectory. The
- **-randpw** option can not be used when **-fileonly** options is
- specified.
-
-**-f** *filename*
- Specifies complete path of the service password file. By default,
- ``/usr/local/var/service_passwd`` is used.
-
-*service_dn*
- Specifies Distinguished Name (DN) of the service object whose
- password is to be set.
-
-EXAMPLE:
- ::
-
- kdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile cn=service-kdc,o=org
- Password for "cn=admin,o=org":
- Password for "cn=service-kdc,o=org":
- Re-enter password for "cn=service-kdc,o=org":
-
-.. _kdb5_ldap_util_setsrvpw_end:
-
-create_service
-~~~~~~~~~~~~~~
-
-.. _kdb5_ldap_util_create_service:
-
- **create_service**
- {**-kdc**\|\ **-admin**\|\ **-pwd**}
- [**-servicehost** *service_host_list*]
- [**-realm** *realm_list*]
- [**-randpw**\|\ **-fileonly**]
- [**-f** *filename*]
- *service_dn*
-
-Creates a service in directory and assigns appropriate rights. Options:
-
-**-kdc**
- Specifies the service is a KDC service
-
-**-admin**
- Specifies the service is a Administration service
-
-**-pwd**
- Specifies the Password service
-
-**-servicehost** *service_host_list*
- Specifies the list of entries separated by a colon (``:``). Each
- entry consists of the hostname or IP address of the server hosting
- the service, transport protocol, and the port number of the
- service separated by a pound sign (``#``). For example,
- ``server1#tcp#88:server2#udp#89``.
-
-**-realm** *realm_list*
- Specifies the list of realms that are to be associated with this
- service. The list contains the name of the realms separated by a
- colon (``:``).
-
-**-randpw**
- Generates and sets a random password. This option is used to set
- the random password for the service object in directory and also
- to store it in the file. The **-fileonly** option can not be used
- if **-randpw** option is specified.
-
-**-fileonly**
- Stores the password only in a file and not in eDirectory. The
- **-randpw** option can not be used when **-fileonly** option is
- specified.
-
-**-f** *filename*
- Specifies the complete path of the file where the service object
- password is stashed.
-
-*service_dn*
- Specifies Distinguished Name (DN) of the Kerberos service to be
- created.
-
-EXAMPLE:
- ::
-
- shell% kdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org
- Password for "cn=admin,o=org":
- File does not exist. Creating the file /home/andrew/conf_keyfile...
- shell%
-
-.. _kdb5_ldap_util_create_service_end:
-
-modify_service
-~~~~~~~~~~~~~~
-
-.. _kdb5_ldap_util_modify_service:
-
- **modify_service**
- [**-servicehost** *service_host_list* |
- [**-clearservicehost** *service_host_list*]
- [**-addservicehost** *service_host_list*]]
- [**-realm** *realm_list* |
- [**-clearrealm** *realm_list*]
- [**-addrealm** *realm_list*]]
- *service_dn*
-
-Modifies the attributes of a service and assigns appropriate
-rights. Options:
-
-**-servicehost** *service_host_list*
- Specifies the list of entries separated by a colon (``:``). Each
- entry consists of a host name or IP Address of the Server hosting
- the service, transport protocol, and port number of the service
- separated by a pound sign (``#``). For example,
- ``server1#tcp#88:server2#udp#89``.
-
-**-clearservicehost** *service_host_list*
- Specifies the list of servicehost entries to be removed from the
- existing list separated by colon (``:``). Each entry consists of
- a host name or IP Address of the server hosting the service,
- transport protocol, and port number of the service separated by a
- pound sign (``#``).
-
-**-addservicehost** *service_host_list*
- Specifies the list of servicehost entries to be added to the
- existing list separated by colon (``:``). Each entry consists of
- a host name or IP Address of the server hosting the service,
- transport protocol, and port number of the service separated by a
- pound sign (``#``).
-
-**-realm** *realm_list*
- Specifies the list of realms that are to be associated with this
- service. The list contains the name of the realms separated by a
- colon (``:``). This list replaces the existing list.
-
-**-clearrealm** *realm_list*
- Specifies the list of realms to be removed from the existing list.
- The list contains the name of the realms separated by a colon
- (``:``).
-
-**-addrealm** *realm_list*
- Specifies the list of realms to be added to the existing list.
- The list contains the name of the realms separated by a colon
- (``:``).
-
-*service_dn*
- Specifies Distinguished Name (DN) of the Kerberos service to be
- modified.
-
-EXAMPLE:
- ::
-
- shell% kdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU cn=service-kdc,o=org
- Password for "cn=admin,o=org":
- Changing rights for the service object. Please wait ... done
- shell%
-
-.. _kdb5_ldap_util_modify_service_end:
-
-view_service
-~~~~~~~~~~~~
-
-.. _kdb5_ldap_util_view_service:
-
- **view_service** *service_dn*
-
-Displays the attributes of a service. Options:
-
-*service_dn*
- Specifies Distinguished Name (DN) of the Kerberos service to be
- viewed.
-
-EXAMPLE:
- ::
-
- shell% kdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org
- Password for "cn=admin,o=org":
- Service dn: cn=service-kdc,o=org
- Service type: kdc
- Service host list:
- Realm DN list: cn=ATHENA.MIT.EDU,cn=Kerberos,cn=Security
- shell%
-
-.. _kdb5_ldap_util_view_service_end:
-
-destroy_service
-~~~~~~~~~~~~~~~
-
-.. _kdb5_ldap_util_destroy_service:
-
- **destroy_service**
- [**-force**]
- [**-f** *stashfilename*]
- *service_dn*
-
-Destroys an existing service. Options:
-
-**-force**
- If specified, will not prompt for user's confirmation, instead
- will force destruction of the service.
-
-**-f** *stashfilename*
- Specifies the complete path of the service password file from
- where the entry corresponding to the service_dn needs to be
- removed.
-
-*service_dn*
- Specifies Distinguished Name (DN) of the Kerberos service to be
- destroyed.
-
-EXAMPLE:
- ::
-
- shell% kdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org
- Password for "cn=admin,o=org":
- This will delete the service object 'cn=service-kdc,o=org', are you sure?
- (type 'yes' to confirm)? yes
- ** service object 'cn=service-kdc,o=org' deleted.
- shell%
-
-.. _kdb5_ldap_util_destroy_service_end:
-
-list_service
-~~~~~~~~~~~~
-
-.. _kdb5_ldap_util_list_service:
-
- **list_service** [**-basedn** *base_dn*]
-
-Lists the name of services under a given base in directory. Options:
-
-**-basedn** *base_dn*
- Specifies the base DN for searching the service objects, limiting
- the search to a particular subtree. If this option is not
- provided, LDAP Server specific search base will be used. For eg,
- in the case of OpenLDAP, value of defaultsearchbase from
- slapd.conf file will be used, where as in the case of eDirectory,
- the default value for the base DN is Root.
-
-EXAMPLE:
- ::
-
- shell% kdb5_ldap_util -D cn=admin,o=org list_service
- Password for "cn=admin,o=org":
- cn=service-kdc,o=org
- cn=service-adm,o=org
- cn=service-pwd,o=org
- shell%
-
-.. _kdb5_ldap_util_list_service_end:
-
-
SEE ALSO
--------
+++ /dev/null
-eDir: Creating a Service Object
-===============================
-
-To create a service object in eDirectory and assign appropriate rights
-on the container holding kerberos data, use the
-:ref:`kdb5_ldap_util(8)` **create_service** command.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_create_service:
- :end-before: _kdb5_ldap_util_create_service_end:
-
-
-eDir: Modifying a Service Object
-================================
-
-To modify the attributes of a service and assign appropriate rights,
-if realm associations are changed, use the :ref:`kdb5_ldap_util(8)`
-**modify_service** command.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_modify_service:
- :end-before: _kdb5_ldap_util_modify_service_end:
-
-
-eDir: Retrieving Service Object Information
-===========================================
-
-To display the attributes of a service, use the
-:ref:`kdb5_ldap_util(8)` **view_service** command.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_view_service:
- :end-before: _kdb5_ldap_util_view_service_end:
-
-
-eDir: Destroying a Service Object
-=================================
-
-The :ref:`kdb5_ldap_util(8)` **destroy_service** command is used to
-destroy an existing service.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_destroy_service:
- :end-before: _kdb5_ldap_util_destroy_service_end:
-
-
-eDir: Listing Available Service Objects
-=======================================
-
-The :ref:`kdb5_ldap_util(8)` **list_service** command lists the name
-of services under a given base in eDirectory.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_list_service:
- :end-before: _kdb5_ldap_util_list_service_end:
-
-
-eDir: Passwords for Service Objects
-===================================
-
-The command :ref:`kdb5_ldap_util(8)` **setsrvpw** allows an
-administrator to set password for service objects such as KDC and
-Administration server in eDirectory and store them in a file.
-
-.. include:: ../../admin_commands/kdb5_ldap_util.rst
- :start-after: _kdb5_ldap_util_setsrvpw:
- :end-before: _kdb5_ldap_util_setsrvpw_end:
-
-
-Feedback
---------
-
-Please, provide your feedback at
-krb5-bugs@mit.edu?subject=Documentation___edir
projects / krb5.git / commitdiff