The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
of the Administration service objects separated by colon(:).
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-create -subtrees o=org -sscope SUB
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu
+create \-subtrees o=org \-sscope SUB
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Initializing database for realm 'ATHENA.MIT.EDU'
The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
contains the DNs of the Administration service objects separated by a colon (:).
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify
-+requires_preauth -r ATHENA.MIT.EDU \fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify
++requires_preauth \-r ATHENA.MIT.EDU \fP
.nf
Password for "cn=admin,o=org":
.fi
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Realm Name: ATHENA.MIT.EDU
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy
--r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy
+\-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
.nf
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list\fP
Password for "cn=admin,o=org":
ATHENA.MIT.EDU
OPENLDAP.MIT.EDU
Specifies Distinguished name (DN) of the service object whose password is to be stored in file.
.TP
EXAMPLE:
-\fBkdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util stashsrvpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
.nf
Password for "cn=service-kdc,o=org":
Re-enter password for "cn=service-kdc,o=org":
The various flags are:
.TP
{\fB\-\fP|\fB+\fP}\fBallow_postdated\fP
-.B -allow_postdated
+.B \-allow_postdated
prohibits principals from obtaining postdated tickets. (Sets the
.SM KRB5_KDB_DISALLOW_POSTDATED
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_forwardable\fP
-.B -allow_forwardable
+.B \-allow_forwardable
prohibits principals from obtaining forwardable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_FORWARDABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_renewable\fP
-.B -allow_renewable
+.B \-allow_renewable
prohibits principals from obtaining renewable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_RENEWABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_proxiable\fP
-.B -allow_proxiable
+.B \-allow_proxiable
prohibits principals from obtaining proxiable tickets. (Sets the
.SM KRB5_KDB_DISALLOW_PROXIABLE
flag.)
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_dup_skey\fP
-.B -allow_dup_skey
+.B \-allow_dup_skey
Disables user-to-user authentication for principals by prohibiting
principals from obtaining a session key for another user. (Sets the
.SM KRB5_KDB_DISALLOW_DUP_SKEY
kinit. (Sets the
.SM KRB5_KDB_REQUIRES_PRE_AUTH
flag.)
-.B -requires_preauth
+.B \-requires_preauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBrequires_hwauth\fP
before being allowed to kinit. (Sets the
.SM KRB5_KDB_REQUIRES_HW_AUTH
flag.)
-.B -requires_hwauth
+.B \-requires_hwauth
clears this flag.
.TP
{\fB\-\fP|\fB+\fP}\fBallow_svr\fP
-.B -allow_svr
+.B \-allow_svr
prohibits the issuance of service tickets for principals. (Sets the
.SM KRB5_KDB_DISALLOW_SVR
flag.)
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu create_policy -r ATHENA.MIT.EDU -maxtktlife "1 day" -maxrenewlife "1 week" -allow_postdated +needchange -allow_forwardable tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu create_policy \-r ATHENA.MIT.EDU \-maxtktlife "1 day" \-maxrenewlife "1 week" \-allow_postdated +needchange \-allow_forwardable tktpolicy\fP
.nf
Password for "cn=admin,o=org":
.fi
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu modify_policy -r ATHENA.MIT.EDU -maxtktlife "60 minutes" -maxrenewlife "10 hours" +allow_postdated -requires_preauth tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu modify_policy \-r ATHENA.MIT.EDU \-maxtktlife "60 minutes" \-maxrenewlife "10 hours" +allow_postdated \-requires_preauth tktpolicy\fP
.nf
Password for "cn=admin,o=org":
.fi
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu view_policy -r ATHENA.MIT.EDU tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu view_policy \-r ATHENA.MIT.EDU tktpolicy\fP
.nf
Password for "cn=admin,o=org":
Ticket policy: tktpolicy
Specifies the name of the ticket policy.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu destroy_policy -r ATHENA.MIT.EDU tktpolicy\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu destroy_policy \-r ATHENA.MIT.EDU tktpolicy\fP
.nf
Password for "cn=admin,o=org":
This will delete the policy object 'tktpolicy', are you sure?
is used.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu list_policy -r ATHENA.MIT.EDU\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org \-H ldaps://ldap-server1.mit.edu list_policy \-r ATHENA.MIT.EDU\fP
.nf
Password for "cn=admin,o=org":
tktpolicy
\fBsetsrvpw\fP [\fB\-randpw\fP|\fB\-fileonly\fP] [\fB\-f\fP\ \fIfilename\fP] \fIservice_dn\fP
Allows an administrator to set password for service objects such as KDC and Administration server in
eDirectory and store them in a file. The
-.I -fileonly
+.I \-fileonly
option stores the password in a file and not in the eDirectory object. Options:
.RS
.TP
\fB\-randpw \fP
Generates and sets a random password. This options can be specified to store the password both in eDirectory and a file. The
-.I -fileonly
+.I \-fileonly
option can not be used if
-.I -randpw
+.I \-randpw
option is already specified.
.TP
\fB\-fileonly\fP
Stores the password only in a file and not in eDirectory. The
-.I -randpw
+.I \-randpw
option can not be used when
-.I -fileonly
+.I \-fileonly
options is specified.
.TP
\fB\-f\fP\ \fIfilename\fP
Specifies Distinguished name (DN) of the service object whose password is to be set.
.TP
EXAMPLE:
-\fBkdb5_ldap_util setsrvpw -D cn=admin,o=org setsrvpw -fileonly -f /home/andrew/conf_keyfile
+\fBkdb5_ldap_util setsrvpw \-D cn=admin,o=org setsrvpw \-fileonly \-f /home/andrew/conf_keyfile
cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
.TP
\fB\-randpw \fP
Generates and sets a random password. This option is used to set the random password for the service object in directory and also to store it in the file. The
-.I -fileonly
+.I \-fileonly
option can not be used if
-.I -randpw
+.I \-randpw
option is specified.
.TP
\fB\-fileonly\fP
Stores the password only in a file and not in eDirectory. The
-.I -randpw
+.I \-randpw
option can not be used when
-.I -fileonly
+.I \-fileonly
option is specified.
.TP
\fB\-f\fP\ \fIfilename\fP
Specifies Distinguished name (DN) of the Kerberos service to be created.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org create_service -kdc -randpw -f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org create_service \-kdc \-randpw \-f /home/andrew/conf_keyfile cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
File does not exist. Creating the file /home/andrew/conf_keyfile...
Specifies Distinguished name (DN) of the Kerberos service to be modified.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org modify_service -realm ATHENA.MIT.EDU
+\fBkdb5_ldap_util \-D cn=admin,o=org modify_service \-realm ATHENA.MIT.EDU
cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
Specifies Distinguished name (DN) of the Kerberos service to be viewed.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org view_service cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org view_service cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
Service dn: cn=service-kdc,o=org
Specifies Distinguished name (DN) of the Kerberos service to be destroyed.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org destroy_service cn=service-kdc,o=org\fP
.nf
Password for "cn=admin,o=org":
This will delete the service object 'cn=service-kdc,o=org', are you sure?
.B Root.
.TP
EXAMPLE:
-\fBkdb5_ldap_util -D cn=admin,o=org list_service\fP
+\fBkdb5_ldap_util \-D cn=admin,o=org list_service\fP
.nf
Password for "cn=admin,o=org":
cn=service-kdc,o=org
projects / krb5.git / commitdiff