From ba2999dd9c123f04b00b96850c1283363226d9f8 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 15 Apr 2009 20:06:41 +0000 Subject: [PATCH] pull up r22114 from trunk ------------------------------------------------------------------------ r22114 | wfiveash | 2009-03-25 17:12:58 -0400 (Wed, 25 Mar 2009) | 9 lines Changed paths: M /trunk/src/kadmin/dbutil/kdb5_util.M Ticket: 6432 Subject: Update kdb5_util man page for mkey migration project Version_Reported: 1.7 Target_Version: 1.7 Tags: pullup Updated the kdb5_util command man page to include documentation on new subcommands added as a result of the Master Key Migration project. ticket: 6432 version_fixed: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22234 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/dbutil/kdb5_util.M | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M index 294357fc9..1883ce282 100644 --- a/src/kadmin/dbutil/kdb5_util.M +++ b/src/kadmin/dbutil/kdb5_util.M @@ -216,20 +216,31 @@ default. \fBark\fP Adds a random key. .TP -\fBadd_mkey\fP ... -This option needs documentation. +\fBadd_mkey\fP [\fB\-e etype\fP] [\fB\-s\fP] +Adds a new master key to the K/M (master key) principal. Existing master keys will remain. +The +.B \-e etype +option allows specification of the enctype of the new master key. The +.B \-s +option stashes the new master key in a local stash file which will be created if it doesn't already exist. .TP -\fBuse_mkey\fP ... -This option needs documentation. +\fBuse_mkey\fP \fImkeyVNO [\fBtime\fP] +Sets the activation time of the master key specified by +.B mkeyVNO. +Once a master key is active (i.e. its activation time has been reached) it will then be used to encrypt principal keys either when the principal keys change, are newly created or when the update_princ_encryption command is run. If the +.B time +argument is provided then that will be the activation time otherwise the current time is used by default. The format of the optional +.B time +argument is that specified in the Time Formats section of the kadmin man page. .TP \fBlist_mkeys\fP -This option needs documentation. +List all master keys from most recent to earliest in K/M principal. The output will show the KVNO, enctype and salt for each mkey similar to kadmin getprinc output. A * following an mkey denotes the currently active master key. .TP \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP] Update all principal records (or only those matching the .B princ\-pattern -glob pattern) to re-encrypt the key data using the latest version of -the database master key, if they are encrypted using older versions, +glob pattern) to re-encrypt the key data using the active +database master key, if they are encrypted using older versions, and give a count at the end of the number of principals updated. If the .B \-f -- 2.26.2