From d3d4b8732b7467b8448c5f9ba590b2785f1c8732 Mon Sep 17 00:00:00 2001 From: Jen Selby Date: Mon, 29 Jul 2002 18:13:29 +0000 Subject: [PATCH] * kdb5_util.M: added documentation for some options. * kvno.M: added documentation of the "-q" and "-h" options. * kadmin.M: corrected documenation of "-k/-t" options. Added documentation for some other options. Updated the lists of aliases for commands, some command options, and some of the sample output. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14671 dc483132-0cff-0310-8789-dd5450dbe970 --- src/clients/kvno/ChangeLog | 4 ++++ src/clients/kvno/kvno.M | 9 +++++++- src/kadmin/cli/ChangeLog | 7 ++++++ src/kadmin/cli/kadmin.M | 42 ++++++++++++++++++++++++++++------- src/kadmin/dbutil/ChangeLog | 4 ++++ src/kadmin/dbutil/kdb5_util.M | 26 ++++++++++++++++++++-- 6 files changed, 81 insertions(+), 11 deletions(-) diff --git a/src/clients/kvno/ChangeLog b/src/clients/kvno/ChangeLog index ab9081bf9..e87a80b32 100644 --- a/src/clients/kvno/ChangeLog +++ b/src/clients/kvno/ChangeLog @@ -1,3 +1,7 @@ +2002-07-29 Jen Selby + + * kvno.M: added documentation of the "-q" and "-h" options. + 2002-07-27 Ken Raeburn * kvno.c: Include stdlib.h. diff --git a/src/clients/kvno/kvno.M b/src/clients/kvno/kvno.M index e9f7942ad..e7c99f7c5 100644 --- a/src/clients/kvno/kvno.M +++ b/src/clients/kvno/kvno.M @@ -28,7 +28,8 @@ .SH NAME kvno \- print key version numbers of Kerberos principals .SH SYNOPSIS -\fBklist\fP [\fB\-e etype\fP] \fBservice1\fP \fBservice2\fP \fB...\fP +\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB\-4\fP] [\fB\-e etype\fP] +\fBservice1\fP \fBservice2\fP \fB...\fP .br .SH DESCRIPTION .I Kvno @@ -41,6 +42,12 @@ specifies the enctype which will be requested for the session key of all the services named on the command line. This is useful in certain backward compatibility situations. .TP +.B \-q +suppress printing +.TP +.B \-h +prints a usage statement and exits +.TP .B \-4 specifies that Kerberos version 4 tickets should be acquired and described. This option is only available if Kerberos 4 support was diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index c35bf26b7..9c1ae1d94 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,10 @@ +2002-07-29 Jen Selby + + * kadmin.M: corrected documenation of "-k/-t" options. + Added documentation for some other options. Updated the lists + of aliases for commands, some command options, and some of + the sample output. + 2002-06-06 Tom Yu * kadmin.M: Remove references to "rename_principal". diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index 08e02e5c9..1d5fb7020 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -83,11 +83,19 @@ principal name of the default ccache, the value of the environment variable, or the username as obtained with getpwuid, in order of preference. .TP -\fB\-k\fP \fIkeytab\fP +\fB\-k\fP +Use a keytab to decrypt the KDC response instead of prompting for a +password on the TTY. In this case, the default principal will be +host/\fIhostname\fP. If there is not a keytab specified with the +.B\-t +option, then the default keytab will be used. +.TP +\fB\-t\fP \fIkeytab\fP Use .I keytab -to decrypt the KDC response instead of prompting for a password on the -TTY. In this case, the default principal will be host/\fIhostname\fP. +to decrypt the KDC response. This can only be used with the +.B \-k +option. .TP \fB\-c\fP \fIcredentials_cache\fP Use @@ -118,6 +126,21 @@ directly to which will perform .I query and then exit. This can be useful for writing scripts. +.TP +\fB\-d\fP \fIdbname\fP +Specifies the name of the Kerberos database. +.TP +\fB\-s\fP \fIadmin_server[:port]\fP +Specifies the admin server which kadmin should contact. +.TP +\fB\-m\fP +Do not authenticate using a keytab. This option will cause kadmin +to prompt for the master database password. +.TP +\fB\-e\fP \fIenc:salt_list\fP +Sets the list of encryption types and salt types to be used for any new +keys created. + .SH DATE FORMAT Various commands in kadmin can take a variety of date formats, specifying durations or absolute times. Examples of valid formats are: @@ -458,7 +481,7 @@ privilege, or that the principal that is running the the program to be the same as the one being listed. With the .B \-terse option, outputs fields as quoted tab-separated strings. Alias -.BR listprincs . +.BR getprinc . .sp .nf .RS @@ -503,7 +526,9 @@ an "@" character followed by the local realm is appended to the expression. Requires the .I list priviledge. Alias -.BR listprincs . +.BR listprincs , +.BR get_principals , +.BR get_princs . .nf .RS .TP @@ -548,7 +573,7 @@ KADM5_DUP (policy already exists) .fi .RE .TP -\fBdelete_policy\fP \fIpolicy\fB +\fBdelete_policy [\-force]\fP \fIpolicy\fB deletes the named policy. Prompts for confirmation before deletion. The command will fail if the policy is in use by any principals. Requires the @@ -563,7 +588,6 @@ EXAMPLE: kadmin: del_policy guests Are you sure you want to delete the policy "guests"? (yes/no): yes -Policy "guests" deleted. kadmin: .TP ERRORS: @@ -628,7 +652,9 @@ are printed. If no expression is provided, all existing policy names are printed. Requires the .I list priviledge. Alias -.BR listpols . +.BR listpols , +.BR get_policies , +.BR getpols . .sp .nf .RS diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index 550d91a44..fc369c86c 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,7 @@ +2002-07-29 Jen Selby + + * kdb5_util.M: added documentation for some options. + 2002-07-15 Ezra Peisach * dump.c (dump_ov_princ): Remove variable set but unused. diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M index c6f126b28..8a6c00a2c 100644 --- a/src/kadmin/dbutil/kdb5_util.M +++ b/src/kadmin/dbutil/kdb5_util.M @@ -61,6 +61,12 @@ that given in .B \-m specifies that the master database password should be read from the TTY rather than fetched from a file on disk. +.TP +\fB\-sf\fP \fIstash_file\fP +specifies the stash file of the master database password. +.TP +\fB\-P\fP \fIpassword\fP +specifies the master database password. This option is not recommended. .SH COMMANDS .TP \fBcreate\fP [\fB\-s\fP] @@ -112,7 +118,7 @@ causes the name of each principal and policy to be printed as it is dumped. .RE .TP -\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-ov\fP] +\fBload\fP [\fB\-old\fP] [\fB\-b6\fP] [\fB\-b7\fP] [\fB\-ov\fP] [\fB\-hash\fP] [\fB\-verbose\fP] [\fB\-update\fP] \fIfilename dbname\fP [\fIadmin_dbname\fP] .br Loads a database dump from the named file into the named database. @@ -148,6 +154,12 @@ format. Must be used with the .B \-update option. .TP +.B \-hash +requires the database to be stored as a hash. If this option is not +specified, the database will be stored as a binary tree. This option +is not recommended, as databases stored in hash format are known to +corrupt data and lose principals. +.TP .B \-verbose causes the name of each principal and policy to be printed as it is dumped. @@ -171,7 +183,9 @@ if not specified. Dumps the current database into the Kerberos 4 database dump format. The \-S option specifies the short lifetime algorithm. .TP -\fBload_v4\fP [\fB\-S\fP] [\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\ \fIstashfile\fP] \fIinputfile\fP +\fBload_v4\fP [\fB\-T\fP] [\fB\-v\fP] [\fB\-h\fP] [\fB\-S\fP] +[\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\ \fIstashfile\fP] +\fIinputfile\fP Loads a Kerberos 4 database dump file. Options: .RS .TP @@ -198,6 +212,11 @@ the keys to the current database. .TP .B \-S Uses the short lifetime algorithm for conversion. +.TP +.B \-h +Stores the database as a hash instead of a binary tree. This option is +not recommended, as databases stored in hash format are known to +corrupt data and lose principals. .PP Note: if the Kerberos 4 database had a default expiration date of 12/31/1999 or 12/31/2009 (the compiled in defaults for older or newer Kerberos @@ -210,5 +229,8 @@ record; Version 5 stores a seperate modification time and last password change time. In practice, Version 4 "modifications" were always password changes. \fIload_v4\fP copies the value into both fields. +.TP +\fBark\fP +Adds a random key. .SH SEE ALSO kadmin(8) -- 2.26.2