+2002-07-29 Jen Selby <jenselby@mit.edu>
+
+ * kvno.M: added documentation of the "-q" and "-h" options.
+
2002-07-27 Ken Raeburn <raeburn@mit.edu>
* kvno.c: Include stdlib.h.
.SH NAME
kvno \- print key version numbers of Kerberos principals
.SH SYNOPSIS
-\fBklist\fP [\fB\-e etype\fP] \fBservice1\fP \fBservice2\fP \fB...\fP
+\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB\-4\fP] [\fB\-e etype\fP]
+\fBservice1\fP \fBservice2\fP \fB...\fP
.br
.SH DESCRIPTION
.I Kvno
all the services named on the command line. This is useful in certain
backward compatibility situations.
.TP
+.B \-q
+suppress printing
+.TP
+.B \-h
+prints a usage statement and exits
+.TP
.B \-4
specifies that Kerberos version 4 tickets should be acquired and
described. This option is only available if Kerberos 4 support was
+2002-07-29 Jen Selby <jenselby@mit.edu>
+
+ * kadmin.M: corrected documenation of "-k/-t" options.
+ Added documentation for some other options. Updated the lists
+ of aliases for commands, some command options, and some of
+ the sample output.
+
2002-06-06 Tom Yu <tlyu@mit.edu>
* kadmin.M: Remove references to "rename_principal".
environment variable, or the username as obtained with getpwuid, in
order of preference.
.TP
-\fB\-k\fP \fIkeytab\fP
+\fB\-k\fP
+Use a keytab to decrypt the KDC response instead of prompting for a
+password on the TTY. In this case, the default principal will be
+host/\fIhostname\fP. If there is not a keytab specified with the
+.B\-t
+option, then the default keytab will be used.
+.TP
+\fB\-t\fP \fIkeytab\fP
Use
.I keytab
-to decrypt the KDC response instead of prompting for a password on the
-TTY. In this case, the default principal will be host/\fIhostname\fP.
+to decrypt the KDC response. This can only be used with the
+.B \-k
+option.
.TP
\fB\-c\fP \fIcredentials_cache\fP
Use
which will perform
.I query
and then exit. This can be useful for writing scripts.
+.TP
+\fB\-d\fP \fIdbname\fP
+Specifies the name of the Kerberos database.
+.TP
+\fB\-s\fP \fIadmin_server[:port]\fP
+Specifies the admin server which kadmin should contact.
+.TP
+\fB\-m\fP
+Do not authenticate using a keytab. This option will cause kadmin
+to prompt for the master database password.
+.TP
+\fB\-e\fP \fIenc:salt_list\fP
+Sets the list of encryption types and salt types to be used for any new
+keys created.
+
.SH DATE FORMAT
Various commands in kadmin can take a variety of date formats,
specifying durations or absolute times. Examples of valid formats are:
the same as the one being listed. With the
.B \-terse
option, outputs fields as quoted tab-separated strings. Alias
-.BR listprincs .
+.BR getprinc .
.sp
.nf
.RS
expression. Requires the
.I list
priviledge. Alias
-.BR listprincs .
+.BR listprincs ,
+.BR get_principals ,
+.BR get_princs .
.nf
.RS
.TP
.fi
.RE
.TP
-\fBdelete_policy\fP \fIpolicy\fB
+\fBdelete_policy [\-force]\fP \fIpolicy\fB
deletes the named policy. Prompts for confirmation before deletion.
The command will fail if the policy is in use by any principals.
Requires the
kadmin: del_policy guests
Are you sure you want to delete the policy "guests"?
(yes/no): yes
-Policy "guests" deleted.
kadmin:
.TP
ERRORS:
are printed. Requires the
.I list
priviledge. Alias
-.BR listpols .
+.BR listpols ,
+.BR get_policies ,
+.BR getpols .
.sp
.nf
.RS
+2002-07-29 Jen Selby <jenselby@mit.edu>
+
+ * kdb5_util.M: added documentation for some options.
+
2002-07-15 Ezra Peisach <epeisach@bu.edu>
* dump.c (dump_ov_princ): Remove variable set but unused.
.B \-m
specifies that the master database password should be read from the TTY
rather than fetched from a file on disk.
+.TP
+\fB\-sf\fP \fIstash_file\fP
+specifies the stash file of the master database password.
+.TP
+\fB\-P\fP \fIpassword\fP
+specifies the master database password. This option is not recommended.
.SH COMMANDS
.TP
\fBcreate\fP [\fB\-s\fP]
dumped.
.RE
.TP
-\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-ov\fP]
+\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-b7\fP] [\fB\-ov\fP] [\fB\-hash\fP]
[\fB\-verbose\fP] [\fB\-update\fP] \fIfilename dbname\fP [\fIadmin_dbname\fP]
.br
Loads a database dump from the named file into the named database.
.B \-update
option.
.TP
+.B \-hash
+requires the database to be stored as a hash. If this option is not
+specified, the database will be stored as a binary tree. This option
+is not recommended, as databases stored in hash format are known to
+corrupt data and lose principals.
+.TP
.B \-verbose
causes the name of each principal and policy to be printed as it is
dumped.
Dumps the current database into the Kerberos 4 database dump format.
The \-S option specifies the short lifetime algorithm.
.TP
-\fBload_v4\fP [\fB\-S\fP] [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\ \fIstashfile\fP] \fIinputfile\fP
+\fBload_v4\fP [\fB\-T\fP] [\fB\-v\fP] [\fB\-h\fP] [\fB\-S\fP]
+[\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\ \fIstashfile\fP]
+\fIinputfile\fP
Loads a Kerberos 4 database dump file. Options:
.RS
.TP
.TP
.B \-S
Uses the short lifetime algorithm for conversion.
+.TP
+.B \-h
+Stores the database as a hash instead of a binary tree. This option is
+not recommended, as databases stored in hash format are known to
+corrupt data and lose principals.
.PP
Note: if the Kerberos 4 database had a default expiration date of 12/31/1999
or 12/31/2009 (the compiled in defaults for older or newer Kerberos
password change time. In practice, Version 4 "modifications" were
always password changes. \fIload_v4\fP copies the value into both
fields.
+.TP
+\fBark\fP
+Adds a random key.
.SH SEE ALSO
kadmin(8)