ktutil(8) manual page

ktutil is a program for managing keytabs. Supported options:

-v -, -verbose
	Verbose output.

command can be one of the following:

add [-p principal ][-principal= principal ]

Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the get command, which talks to the kadmin server.

change [-r realm ][-realm= realm ]

Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options.
If no principals are given, all the ones in the keytab are updated.

copy keytab-src keytab-dest

Copies all the entries from keytab-src to keytab-dest.

get [-p admin principal ]

Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... For each principal, generate a new key for it (creating it if it doesn't already exist), and put that key in the keytab.
If no realm is specified, the realm to operate on is taken from the first principal.

list [-keys ][-timestamp]

List the keys stored in the keytab.

remove [-p principal ][-principal= principal ]

Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc Oo Fl Fl enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a kvno removes keys with any version number. Not specifying an enctype removes keys of any type.

rename from-principal to-principal

Renames all entries in the keytab that match the from-principal to to-principal.

purge [-age= age]

Removes all old versions of a key for which there is a newer version that is at least age (default one week) old.

Manual Pages — KTUTIL

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

SEE ALSO

add [-p principal ][-principal= principal ]
	Oo Fl V Ar kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc Oo Fl Fl enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc Oo Fl Fl password= Ns Ar password Oc Oo Fl r Oc Oo Fl Fl random Oc Oo Fl s Oc Oo Fl Fl no-salt Oc Oo Fl H Oc Op Fl Fl hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the get command, which talks to the kadmin server.
change [-r realm ][-realm= realm ]
	Oo Fl Fl a Ar host Oc Oo Fl Fl admin-server= Ns Ar host Oc Oo Fl Fl s Ar port Oc Op Fl Fl server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options. If no principals are given, all the ones in the keytab are updated.
copy keytab-src keytab-dest
	Copies all the entries from keytab-src to keytab-dest.
get [-p admin principal ]
	Oo Fl Fl principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc Oo Fl Fl enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc Oo Fl Fl realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc Oo Fl Fl admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc Oo Fl Fl server-port= Ns Ar server port Oc Ar principal ... For each principal, generate a new key for it (creating it if it doesn't already exist), and put that key in the keytab. If no realm is specified, the realm to operate on is taken from the first principal.
list [-keys ][-timestamp]
	List the keys stored in the keytab.
remove [-p principal ][-principal= principal ]
	Oo Fl V kvno Oc Oo Fl Fl kvno= Ns Ar kvno Oc Oo Fl e enctype Oc Oo Fl Fl enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a kvno removes keys with any version number. Not specifying an enctype removes keys of any type.
rename from-principal to-principal
	Renames all entries in the keytab that match the from-principal to to-principal.
purge [-age= age]
	Removes all old versions of a key for which there is a newer version that is at least age (default one week) old.