Sun Microsystems, Inc.
spacerspacer
spacer   www.sun.com docs.sun.com | | |  
spacer
black dot
   
A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z
    
 
System Administration Commandskdb5_util(1M)


NAME

 kdb5_util - Kerberos Database maintenance utility

SYNOPSIS

 /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] cmd

DESCRIPTION

 

kdb5_util enables you to create, dump, load, and destroy the Kerberos V5 database. You can also use kdb5_util to create a stash file containing the Kerberos database master key.

OPTIONS

 

The following options are supported:

-d dbname
Specify the database name. .db is appended to whatever name is specified. You can specify an absolute path. If you do not specify the -d option, the default database name is /var/krb5/principal, which becomes /var/krb5/principal.db.
-f stashfile_name
Specify the stash file name. You can specify an absolute path.
-k mkeytype
Specify the master key type. Valid values are des-cbc-crc, des-cbc-md5, and des-cbc-raw.
-m
Enter the master key manually.
-M mkeyname
Specify the master key name.
-P password
Use the specified password instead of the stash file.
-r realm
Use realm as the default database realm.

OPERANDS

 

The following operands are supported:

cmd
Specifies whether to create, destroy, dump, or load the database, or to create a stash file.

You can specify the following commands:

create -s
Creates the database specified by the -d option. You will be prompted for the database master password. If you specify -s, a stash file is created as specified by the -f option. If you did not specify -f, the default stash file name is /var/krb5/.k5.realm. If you use the -f, -k, or -M options when you create a database, then you must use the same options when modifying or destroying the database.
destroy
Destroys the database specified by the -d option.
stash
Creates a stash file. If -f was not specified, the default stash file name is /var/krb5/.k5.realm. You will be prompted for the master database password. This command is useful when you want to generate the stash file from the password.
dump [-verbose] [filename] [principals]
Dumps the Kerberos database to a flat file that can be used for loading or propagating to a slave KDC. See kprop(1M). Specify file name for a location to dump the Kerberos database. If filename is not specified, the principal data is printed to standard error. Specify -verbose to print out the principal names to standard error in addition to being dumping into the file. Use principals to specify the list of principals that should be dumped.
load [-verbose] [-update] filename
Loads the database specified by dbname (see -d option, above) with data from the file specified by filename, which must be a file created by the dump command. Use -update to specify that the existing database should be updated; otherwise, a new database is created. Specify -verbose to print out the principal names to standard error, in addition to being loaded.

EXAMPLES

 Example 1. Creating File that Contains Information about Two Principals
 

The following example creates a file named slavedata that contains the information about two principals, jdb@ACME.COM and pak@ACME.COM.
 
# /usr/krb5/bin/kdb5_util dump -verbose slavedata
jdb@ACME.COM pak@ACME.COM

FILES

 
/var/krb5/principal.db
Kerberos principal database.
/var/krb5/principal.kadm5
Kerberos administrative database. Contains policy information.
/var/krb5/principal.kadm5.lock
Lock file for the Kerberos administrative database. This file works backwards from most other lock files (that is, kadmin exits with an error if this file does not exist).

ATTRIBUTES

 

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPEATTRIBUTE VALUE
AvailabilitySUNWkdcu

SEE ALSO

 

kpasswd(1), gkadmin(1M), kadmin(1M), kadmind(1M), kadmin.local(1M), kadm5.acl(4), kdc.conf(4), attributes(5), SEAM(5)


SunOS 5.9Go To TopLast Changed 21 Jul 2001

 
      
      
Copyright 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.