| 
        ktutil - Manages entries in service key table file
        /krb5/sbin/ktutil [-D] [-l] [-t [TYPE:] keytable] [-d | -p
       -X -x] [-c keytable] [principal]
       Appends the specified service key table file to  the  service
  key table file specified by the -t option.  Destroys
       the entire service key table file  by  first  zeroing  out
       each  entry and then deleting the file.  Prints each entry
       in the service key table file and prompts you to delete or
       retain the entry. Type yes to delete an entry. The default
       is no, so pressing the return key retains  the  entry  and
       advances  to  the  next  entry.  To stop at any time, type
       quit, exit, or done. All answers can be abbreviated to  as
       few as one character.
              Use  the  optional principal argument to identify a
              specific principal ID, which  indicates  that  only
              entries  for  that principal should be deleted from
              the service key table file. The command deletes the
              entries  without prompting you.  Lists the contents
              of a service key table file. This  is  the  default
              action  if you execute ktutil with no options other
              than the -t option.
              You must  specify  the  file  type  WFILE  for  all
              options  other  than the -l option. That is, ktutil
              requires WFILE if the service key table  file  must
              be  modified  or  destroyed.   Purges older entries
              from the service key table file, which  means  that
              all  entries  but  the  most  recent entry for each
              principal are deleted.  The  relative  age  of  the
              entries  is  determined  by comparing the entry key
              version numbers.
              Use the optional principal argument to  identify  a
              specific  principal  ID,  which indicates that only
              the older keys for that principal should be deleted
              from  the  key table file.  Specifies the name of a
              service key  table  file  other  than  the  default
              /krb5/v5srvtab,  unless the CSFC5KTNAME environment
              variable is set to an alternate key table  type  or
              file name.
              The  supported  types  are FILE and WFILE (writable
              file). The default key table type is FILE. You  can
              specify  both  the  type and service key table file
              name, or you can accept the default type  and  only
              specify the service key table name.
              You  must  specify  the  file  type  WFILE  for all
              options other than the -l option. That  is,  ktutil
              requires  WFILE  if the service key table file must
              be modified or destroyed.  Extracts from the  security
  server  a  key for the host service principal
              (the account for the computer where the administrator
  is  logged in) and adds the key to the service
              key table file designated by the -t option. Use the
              optional  principal argument to identify a specific
              principal ID, which indicates that the key for that
              principal  should  be  extracted  from the security
              server and added to the service key table file.
              Use the -x and -p options together to first add the
              extracted  key and then purge all older entries for
              the designated principal from the service key table
              file.
              If  the  principal argument is not used with the -x
              -p combination, the older keys for  only  the  host
              principal  are  purged  from the file after the new
              key is added.  Requests that  the  security  server
              generate  a  new  random  key  for the host service
              principal (the account for the computer  where  the
              administrator  is  logged  in).  The  command  then
              extracts that key from the security server and adds
              it  to the service key table file designated by the
              -t option.
              Use the optional principal argument to  identify  a
              specific principal ID, which indicates that the key
              for  that  principal  should  be  regenerated   and
              extracted from the security server and added to the
              service key table file.
              Use the -X and -p options together to first add the
              extracted  key and then purge all older entries for
              the designated principal from the service key table
              file.
              If the [principal] argument is not used with the -X
              -p combination, the older keys for  only  the  host
              principal  are  purged  from the file after the new
              key is added.
       The ktutil command manages entries in  service  key  table
       files.  Note  that  the service key table file is owned by
       root, so you must log on as root to access it.
       All options other than the -l option attempt to modify the
       service  key table file. Therefore, when you execute those
       commands, you must include the  -t  TYPE:WFILE  option  to
       specify  that  the  service  key  table file is a writable
       file. To specify that the service key  table  file  should
       not  be  modified,  use  the  default  -t TYPE:FILE option
       instead.
       Before you can extract a key from the  service  key  table
       file  using  the  -x  or -X options, you must authenticate
       yourself to the Kerberos server and have  the  appropriate
       permissions.
       To view all entries in the default service key table file,
       enter:
              # ktutil
              or # ktutil -t keytable -l To destroy  the  service
              key table file called /krb5/mytable, enter:
              #  ktutil  -D -t WFILE:/krb5/mytable To add all the
              entries   in   a   service   key    table    called
              /krb5/srvtable  to  the  default  service key table
              file, enter:
              # ktutil -c /krb5/srvtable -t WFILE:/krb5/v5srvtab
              If the -t option is not used to specify  the  WFILE
              type,  this  operation  fails;  the  type  must  be
              defined as WFILE rather than the default FILE:  for
              this  operation  to succeed.  To add a new entry to
              the default service key table file for the  principal
  host/ftpd.biz.com@BIZ.COM  and  then purge all
              older entries from  the  service  key  table  file,
              enter:
              #    ktutil    -t    WFILE:/krb5/v5srvtab   -x   -p
              host/ftpd.biz.com@BIZ.COM
ENVIRONMENT VARIABLES    [Toc]    [Back]       CSFC5KTNAME
       Controls the service key table file.
       /krb5/v5svrtab
       Default service key table file.
       Commands: kdestroy(1), kinit(1) klist(1)
                                                        ktutil(1)
[ Back ] |