.B \-d
.I v5dbname
] [
+.B \-k
+.I keytype
+] [
+.B \-M
+.I mkeyname
+] [
+.B \-e
+.I enctype
+] [
+.B \-n
+]
.B \-D
.I v4dbname
+.br
+.B kdb5_convert
+[
+.B \-r
+.I realm
] [
-.B \-f
-.I v4dumpfile
+.B \-d
+.I v5dbname
] [
.B \-k
.I keytype
.I enctype
] [
.B \-n
-]
+]
+.B \-f
+.I v4dumpfile
.br
.SH DESCRIPTION
.I kdb5_convert
.B \-M
.I mkeyname
option specifies the principal name for the master key in the database;
-the default is KRB5_KDB_M_NAME (usually "K/M" in the KDC's realm).
+the default is KRB5_KDB_M_NAME (usually "K/M" in the local realm).
.PP
The
.B \-e
The
.B \-n
option specifies that the master key for the v4 database should be
-entered manually rather than fetched from the normal v4 master key file.
+entered manually rather than fetched from the normal v5 master key file.
The
.B \-K
option specifies that the master key for the v5 (new) database should
.SH SEE ALSO
krb5(3), krb5kdc(8)
.SH BUGS
-Doesn't have flexibility about expiration times. Probably doesn't
-handle any v4 inter-realm keys.
+Doesn't have flexibility about expiration times.
.sp
When the underlying databases are built on the old DBM (not NDBM), the
+.B \-D
+option is not allowed, i.e. the
conversion must be done from a dump file rather than from a DBM
database, due to restrictions in the old DBM implementation.
.br
.SH DESCRIPTION
.I kdb5_create
-is used to create a Kerberos version 5 principal database.
+is used to create an empty Kerberos version 5 principal database.
The user is prompted for the master password, which will be used to
generate an encryption key under which all entries are stored (in order
to provide some security against database theft).
.br
.SH DESCRIPTION
.I kdb5_destroy
-destroys a Kerberos principal database.
+destroys a Kerberos principal database, i.e. all of the data is
+overwritten and then the file is removed.
The user is prompted to confirm deletion of the database.
.PP
The
version 5 principal database.
After the master key is verified, the administrator is placed into a
shell-like command loop, from which he may issue commands to modify the
-database. '?' lists the commands available; 'exit' or 'quit' exits the
-program.
+database.
.PP
The
.B \-r
.B \-m
option specifies that the master database password should be fetched
from the keyboard rather than from a file on disk.
+.SH AVAILABLE COMMANDS
+
+The following is a list of commands and their aliases that the system
+administrator may use to manipulate the database:
+
+.IP add_new_key,ank
+Add new entry to Kerberos database (prompting for password)
+
+.IP change_pwd_key,cpw
+Change key of an entry in the Kerberos database (prompting for password)
+
+.IP add_rnd_key,ark
+Add new entry to Kerberos database, using a random key
+
+.IP change_rnd_key,crk
+Change key of an entry in the Kerberos database (select a new random key)
+
+.IP add_v4_key,av4k
+Add new entry to Kerberos database (using V4 string-to-key)
+
+.IP change_v4_key,cv4k
+Change key of an entry in the Kerberos database (using V4 string-to-key)
+
+.IP delete_entry,delent,del
+Delete an entry from the database
+
+.IP extract_srvtab,xst,ex_st
+Extract service key table
+
+.IP extract_v4_srvtab,xst4
+Extract service key table
+
+.IP list_db,ldb
+List database entries
+
+.IP dump_db,ddb
+Dump database entries to a file
+
+.IP load_db,lddb
+Load database entries from a file
+
+.IP set_dbname,sdbn
+Change database name
+
+.IP enter_master_key,emk
+Enter the master key for a database
+
+.IP change_working_directory,cwd,cd
+Change working directory
+
+.IP print_working_direcotry,pwd
+Print working directory
+
+.IP list_requests,lr,?
+List available requests.
+
+.IP quit,exit,q
+Exit program.
+
.SH SEE ALSO
krb5(3), krb5kdc(8), ss(3)
.SH BUGS
-This man page needs to document the ss commands.
+This routine must be run interactively. There is no command-line interface.
stores a Kerberos principal database master key in a file;
this key may subsequently be used for unattended re-start of a Kerberos
V5 KDC.
-create a Kerberos version 5 principal database.
The user is prompted for the master password, which will be verified
against the database, and then stored in a file.
.PP
.br
.SH DESCRIPTION
.I kprop
-is used to propagate a Kerberos version 5 principal database from the
+is used to propagate a Kerberos V5 database dump file from the
master Kerberos server to a slave Kerberos server, which is specfieid
by
-.I slave_host
-. This is done by
-transmitting the dumped database file to the slave server over an
-encrypted, secure channel.
+.I slave_host.
+This is done by transmitting the dumped database file to the slave
+server over an encrypted, secure channel. The dump file must be
+created by kdb5_edit, and is normally KPROP_DEFAULT_FILE
+(/krb5/slave_datatrans). The location of the file can be overriden by
+the -f option.
+
.PP
The
.B \-r