diff options
Diffstat (limited to 'third_party/heimdal/kadmin/kadmin-commands.in')
-rw-r--r-- | third_party/heimdal/kadmin/kadmin-commands.in | 728 |
1 files changed, 728 insertions, 0 deletions
diff --git a/third_party/heimdal/kadmin/kadmin-commands.in b/third_party/heimdal/kadmin/kadmin-commands.in new file mode 100644 index 0000000..e8a1e8a --- /dev/null +++ b/third_party/heimdal/kadmin/kadmin-commands.in @@ -0,0 +1,728 @@ +/* + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +/* $Id$ */ + +command = { + name = "stash" + name = "kstash" + option = { + long = "enctype" + short = "e" + type = "string" + help = "encryption type" + default = "des3-cbc-sha1" + } + option = { + long = "key-file" + short = "k" + type = "string" + argument = "file" + help = "master key file" + } + option = { + long = "convert-file" + type = "flag" + help = "just convert keyfile to new format" + } + option = { + long = "random-password" + type = "flag" + help = "use a random password (and print the password to stdout)" + } + option = { + long = "master-key-fd" + type = "integer" + argument = "fd" + help = "filedescriptor to read passphrase from" + default = "-1" + } + help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only." +} +command = { + name = "dump" + option = { + long = "decrypt" + short = "d" + type = "flag" + help = "decrypt keys" + } + option = { + long = "format" + short = "f" + type = "string" + help = "dump format, mit or heimdal (default: heimdal)" + } + argument = "[dump-file]" + min_args = "0" + max_args = "1" + help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only." +} + +command = { + name = "init" + option = { + long = "realm-max-ticket-life" + type = "string" + help = "realm max ticket lifetime" + } + option = { + long = "realm-max-renewable-life" + type = "string" + help = "realm max renewable lifetime" + } + option = { + long = "bare" + type = "flag" + help = "only create krbtgt for realm" + } + argument = "realm..." + min_args = "1" + help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only." +} +command = { + name = "load" + argument = "file" + min_args = "1" + max_args = "1" + help = "Loads a previously dumped file. Local (-l) mode only." +} +command = { + name = "merge" + argument = "file" + min_args = "1" + max_args = "1" + help = "Merges the contents of a dump file into the database. Local (-l) mode only." +} +command = { + name = "add" + name = "ank" + name = "add_new_key" + function = "add_new_key" + option = { + long = "random-key" + short = "r" + type = "flag" + help = "set random key" + } + option = { + long = "random-password" + type = "flag" + help = "set random password" + } + option = { + long = "enctypes" + short = "e" + type = "string" + help = "encryption type(s)" + } + option = { + long = "password" + short = "p" + type = "string" + help = "principal's password" + } + option = { + long = "key" + type = "string" + help = "DES-key in hex" + } + option = { + long = "max-ticket-life" + type = "string" + argument ="lifetime" + help = "max ticket lifetime" + } + option = { + long = "max-renewable-life" + type = "string" + argument = "lifetime" + help = "max renewable life" + } + option = { + long = "attributes" + type = "string" + argument = "attributes" + help = "principal attributes" + } + option = { + long = "expiration-time" + type = "string" + argument = "time" + help = "principal expiration time" + } + option = { + long = "pw-expiration-time" + type = "string" + argument = "time" + help = "password expiration time" + } + option = { + long = "hist-kvno-diff-clnt" + type = "integer" + argument = "kvno diff" + help = "historic keys allowed for client" + default = "-1" + } + option = { + long = "hist-kvno-diff-svc" + type = "integer" + argument = "kvno diff" + help = "historic keys allowed for service" + default = "-1" + } + option = { + long = "use-defaults" + type = "flag" + help = "use default values" + } + option = { + long = "policy" + type = "string" + argument = "policy" + help = "policy name" + } + argument = "principal..." + min_args = "1" + help = "Adds a principal to the database." +} +command = { + name = "add_namespace" + name = "add_ns" + function = "add_new_namespace" + option = { + long = "enctypes" + short = "e" + type = "string" + help = "encryption type(s)" + } + option = { + long = "max-ticket-life" + type = "string" + argument ="lifetime" + help = "max ticket lifetime" + } + option = { + long = "max-renewable-life" + type = "string" + argument = "lifetime" + help = "max renewable life" + } + option = { + long = "key-rotation-epoch" + type = "string" + argument = "time" + help = "absolute start time (or +timespec for relative to now with default unit of month)" + } + option = { + long = "key-rotation-period" + type = "string" + argument = "time" + help = "automatic key rotation period" + } + option = { + long = "attributes" + type = "string" + argument = "attributes" + help = "principal attributes" + } + argument = "principal..." + min_args = "1" + help = "Adds a namespace of virtual principals with derived keys to the database." +} +command = { + name = "modify_namespace" + name = "mod_ns" + function = "modify_namespace" + option = { + long = "enctypes" + short = "e" + type = "strings" + help = "encryption type(s)" + } + option = { + long = "max-ticket-life" + type = "string" + argument ="lifetime" + help = "max ticket lifetime" + } + option = { + long = "max-renewable-life" + type = "string" + argument = "lifetime" + help = "max renewable life" + } + option = { + long = "attributes" + type = "string" + argument = "attributes" + help = "principal attributes" + } + option = { + long = "krb5-config-file" + short = "C" + type = "string" + help = "filename to save the principal's krb5.confg in" + } + argument = "principal..." + min_args = "1" + help = "Modifies a namespace of virtual principals with derived keys to the database." +} +command = { + name = "modify_namespace_key_rotation" + name = "mod_ns_kr" + function = "modify_ns_kr" + option = { + long = "force" + short = "f" + type = "flag" + help = "change schedule even if it would revoke some extant tickets" + } + option = { + long = "keep-base-key" + short = "k" + type = "flag" + help = "keep current base key for new key rotation schedule" + } + option = { + long = "revoke-old" + short = "r" + type = "string" + argument = "time" + help = "delete base keys older than this to revoke old tickets" + } + option = { + long = "new-key-rotation-epoch" + type = "string" + argument = "time" + help = "new start time relative to now" + } + option = { + long = "new-key-rotation-period" + type = "string" + argument = "time" + help = "new automatic key rotation period" + } + argument = "principal..." + min_args = "1" + max_args = "1" + help = "Adds or changes new key rotation schedule for the given namespace." +} +command = { + name = "passwd" + name = "cpw" + name = "change_password" + function = "cpw_entry" + option = { + long = "random-key" + short = "r" + type = "flag" + help = "set random key" + } + option = { + long = "random-password" + type = "flag" + help = "set random password" + } + option = { + long = "enctypes" + short = "e" + type = "string" + help = "encryption type(s)" + } + option = { + long = "password" + short = "p" + type = "string" + help = "principal's password" + } + option = { + long = "key" + type = "string" + help = "DES key in hex" + } + option = { + long = "keepold" + type = "flag" + help = "keep old keys/password needed to decrypt extant tickets (default)" + } + option = { + long = "keepallold" + type = "flag" + help = "keep all old keys/password" + } + option = { + long = "pruneall" + type = "flag" + help = "delete all old keys" + } + argument = "principal..." + min_args = "1" + help = "Changes the password of one or more principals matching the expressions." +} +command = { + name = "delete" + name = "del" + name = "del_entry" + function = "del_entry" + argument = "principal..." + min_args = "1" + help = "Deletes all principals matching the expressions." +} +command = { + name = "delete_namespace" + name = "del_ns" + function = "del_namespace" + argument = "principal..." + min_args = "1" + help = "Deletes the given virtual principal namespaces" +} +command = { + name = "del_enctype" + argument = "principal enctype..." + min_args = "2" + help = "Delete all the mentioned enctypes for principal." +} +command = { + name = "add_enctype" + option = { + long = "random-key" + short = "r" + type = "flag" + help = "set random key" + } + argument = "principal enctype..." + min_args = "2" + help = "Add new enctypes for principal." +} +command = { + name = "ext_keytab" + option = { + long = "keytab" + short = "k" + type = "string" + help = "keytab to use" + argument = "keytab" + } + option = { + long = "random-key" + short = "r" + type = "flag" + help = "set random key" + } + option = { + long = "enctypes" + short = "e" + type = "string" + help = "encryption type(s)" + } + option = { + long = "keepold" + type = "flag" + help = "keep old keys/password needed to decrypt extant tickets (default)" + } + option = { + long = "keepallold" + type = "flag" + help = "keep all old keys/password" + } + option = { + long = "pruneall" + type = "flag" + help = "delete all old keys" + } + argument = "principal..." + min_args = "1" + help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab." +} +command = { + name = "get" + name = "get_entry" + function = "get_entry" + /* Options added to list should be added here; not the reverse */ + option = { + long = "long" + short = "l" + type = "flag" + help = "long format" + default = "-1" + } + option = { + long = "short" + short = "s" + type = "flag" + help = "short format" + } + option = { + long = "terse" + short = "t" + type = "flag" + help = "terse format" + } + option = { + long = "column-info" + short = "o" + type = "string" + help = "columns to print for short output" + } + option = { + long = "krb5-config-file" + short = "C" + type = "string" + help = "filename to save the principal's krb5.confg in" + } + argument = "principal..." + min_args = "1" + help = "Shows information about principals matching the expressions." +} +command = { + name = "rename" + function = "rename_entry" + argument = "from to" + min_args = "2" + max_args = "2" + help = "Renames a principal." +} +command = { + name = "modify" + name = "mod" + function = "mod_entry" + option = { + long = "max-ticket-life" + type = "string" + argument ="lifetime" + help = "max ticket lifetime" + } + option = { + long = "max-renewable-life" + type = "string" + argument = "lifetime" + help = "max renewable life" + } + option = { + long = "attributes" + short = "a" + type = "string" + argument = "attributes" + help = "principal attributes" + } + option = { + long = "expiration-time" + type = "string" + argument = "time" + help = "principal expiration time" + } + option = { + long = "pw-expiration-time" + type = "string" + argument = "time" + help = "password expiration time" + } + option = { + long = "kvno" + type = "integer" + help = "key version number" + default = "-1" + } + option = { + long = "constrained-delegation" + type = "strings" + argument = "principal" + help = "allowed target principals" + } + option = { + long = "alias" + type = "strings" + argument = "principal" + help = "aliases" + } + option = { + long = "pkinit-acl" + type = "strings" + argument = "subject dn" + help = "aliases" + } + option = { + long = "policy" + type = "string" + argument = "policy" + help = "policy name" + } + option = { + long = "service-enctypes" + short = "e" + type = "strings" + argument = "enctype" + help = "set enctypes supported by service" + } + option = { + long = "hist-kvno-diff-clnt" + type = "integer" + argument = "kvno diff" + help = "historic keys allowed for client" + default = "-1" + } + option = { + long = "hist-kvno-diff-svc" + type = "integer" + argument = "kvno diff" + help = "historic keys allowed for service" + default = "-1" + } + option = { + long = "krb5-config-file" + short = "C" + type = "string" + help = "krb5.conf to save in principal record" + } + argument = "principal" + min_args = "1" + max_args = "1" + help = "Modifies some attributes of the specified principal." +} +command = { + name = "add_alias" + function = "add_alias" + argument = "principal" + min_args = "2" + help = "Add one or more aliases to the given principal." +} +command = { + name = "del_alias" + function = "del_alias" + argument = "principal" + min_args = "1" + help = "Delete one or more aliases without deleting their canonical principals." +} +command = { + name = "prune" + argument = "principal" + option = { + long = "kvno" + type = "integer" + help = "key version number" + default = "0" + } + min_args = "1" + max_args = "1" + help = "Delete keys from history by max-ticket-life or kvno." +} +command = { + name = "privileges" + name = "privs" + function = "get_privs" + help = "Shows which operations you are allowed to perform." +} +command = { + name = "list" + function = "list_princs" + /* XXX sync options with "get" */ + option = { + long = "long" + short = "l" + type = "flag" + help = "long format" + } + option = { + long = "short" + short = "s" + type = "flag" + help = "short format" + } + option = { + long = "terse" + short = "t" + type = "flag" + help = "terse format" + default = "-1" + } + option = { + long = "column-info" + short = "o" + type = "string" + help = "columns to print for short output" + } + option = { + long = "krb5-config-file" + type = "string" + } + argument = "principal..." + min_args = "1" + help = "Lists principals in a terse format. Equivalent to \"get -t\"." +} +command = { + name = "verify-password-quality" + name = "pwq" + function = "password_quality" + argument = "principal password" + min_args = "2" + max_args = "2" + help = "Try run the password quality function locally (not doing RPC out to server)." +} +command = { + name = "check" + function = "check" + argument = "[realm]" + min_args = "0" + max_args = "1" + help = "Check the realm (if not given, the default realm) for configuration errors." +} +command = { + name = "lock" + function = "lock" + argument = "" + min_args = "0" + max_args = "0" + help = "Lock the database for writing (use with care)." +} +command = { + name = "unlock" + function = "unlock" + argument = "" + min_args = "0" + max_args = "0" + help = "Unlock the database." +} +command = { + name = "help" + name = "?" + argument = "[command]" + min_args = "0" + max_args = "1" + help = "Help! I need somebody." +} +command = { + name = "exit" + name = "quit" + function = "exit_kadmin" + help = "Quits." +} |