|
System Administration Commands | kdb5_util(1M) |
| kdb5_util - Kerberos Database maintenance utility |
SYNOPSIS
| /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] cmd |
|
kdb5_util enables
you to create, dump, load, and destroy the Kerberos V5 database. You can also use kdb5_util to create a stash file containing the Kerberos database master key.
|
|
The following options are supported:
- -d dbname
- Specify the database name. .db is appended to whatever name is specified. You can specify an absolute path. If you do not specify the -d option, the default database name is /var/krb5/principal, which becomes /var/krb5/principal.db.
- -f stashfile_name
- Specify the stash file name. You can specify an absolute path.
- -k mkeytype
- Specify the master key type. Valid values are des-cbc-crc, des-cbc-md5, and des-cbc-raw.
- -m
- Enter the master key manually.
- -M mkeyname
- Specify the master key name.
- -P password
- Use the specified password instead of the stash file.
- -r realm
- Use realm as the default database realm.
|
|
The following operands are supported:
-
cmd
- Specifies whether to create, destroy, dump, or load the database, or to create a stash file.
You can specify the following commands:
-
create -s
- Creates the database specified by the -d option. You will be prompted for the database master password. If you specify -s, a stash file is created as specified by the -f
option. If you did not specify -f, the default stash file name is /var/krb5/.k5.realm. If you use the -f, -k, or -M options when you create a database, then you must use the same options when modifying or destroying the
database.
-
destroy
- Destroys the database specified by the -d option.
-
stash
- Creates a stash file. If -f was not specified, the default stash file name is /var/krb5/.k5.realm. You will be prompted for the master database password. This command is useful when you want to generate
the stash file from the password.
-
dump [-verbose] [filename] [principals]
- Dumps the Kerberos database to a flat file that can be used for loading or propagating to a slave KDC. See kprop(1M). Specify file name for a location to dump the Kerberos database. If filename is not specified, the principal data is printed to standard
error. Specify -verbose to print out the principal names to standard error in addition to being dumping into the file. Use principals to specify the list of principals that should be dumped.
-
load [-verbose] [-update] filename
- Loads the database specified by dbname (see -d option, above) with data from the file specified by filename, which must be a file created by the dump command. Use -update to specify that the existing database should be updated; otherwise, a new database is created. Specify -verbose to print out the principal names to standard error, in
addition to being loaded.
|
| Example 1. Creating File that Contains Information about Two Principals
|
The following example creates a file named slavedata that contains the information about two principals, jdb@ACME.COM and pak@ACME.COM.
|
# /usr/krb5/bin/kdb5_util dump -verbose slavedata
jdb@ACME.COM pak@ACME.COM
|
|
|
|
-
/var/krb5/principal.db
- Kerberos principal database.
-
/var/krb5/principal.kadm5
- Kerberos administrative database. Contains policy information.
-
/var/krb5/principal.kadm5.lock
- Lock file for the Kerberos administrative database. This file works backwards from most other lock files (that is, kadmin exits with an error if this file does not exist).
|
|
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWkdcu |
|
| |