KSRVUTIL(8)              UNIX System Manager's Manual              KSRVUTIL(8)

NAME

     ksrvutil host kerberos keyfile (srvtab) manipulation utility

SYNOPSIS

     ksrvutil [-f keyfile] [-i] [-k] [-p principal] [-r realm] operation

DESCRIPTION

     ksrvutil allows a system manager to list or change keys currently in his
     keyfile or to add new keys to the keyfile.

     Operation must be one of the following:

     list    lists the keys in a keyfile showing version number and principal
             name.  If the -k option is given, keys will also be shown.

     change  changes all the keys in the keyfile by using the regular admin
             protocol.  If the -i flag is given, ksrvutil will prompt for yes
             or no before changing each key.  If the -k option is used, the
             old and new keys will be displayed.

     add     allows the user to add a key.  add prompts for name, instance,
             realm, and key version number, asks for confirmation, and then
             asks for a password.  ksrvutil then converts the password to a
             key and appends the keyfile with the new information.  If the -k
             option is used, the key is displayed.

     get     gets a service from the Kerberos server, possibly creating the
             principal. Names, instances and realms for the service keys to
             get are prompted for. The default principal used in the kadmin
             transcation is your root instance. This can be changed with the
             -p option.

     In all cases, the default file used is KEY_FILE as defined in krb.h un-
     less this is overridden by the -f option.

     A good use for ksrvutil would be for adding keys to a keyfile.  A system
     manager could ask a kerberos administrator to create a new service key
     with kadmin(8) and could supply an initial password.  Then, he could use
     ksrvutil to add the key to the keyfile and then to change the key so that
     it will be random and unknown to either the system manager or the ker-
     beros administrator.

     ksrvutil always makes a backup copy of the keyfile before making any
     changes.

DIAGNOSTICS

     If ksrvutil should exit on an error condition at any time during a change
     or add, a copy of the original keyfile can be found in filename.old where
     filename is the name of the keyfile, and a copy of the file with all new
     keys changed or added so far can be found in filename.work. The original
     keyfile is left unmodified until the program exits at which point it is
     removed and replaced it with the workfile.  Appending the workfile to the
     backup copy and replacing the keyfile with the result should always give

AUTHOR

     Emanuel Jay Berkenbilt, MIT Project Athena

 KTH-KRB                          May 4, 1996                                2