unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 keytab(1m)		  Open Software Foundation		  keytab(1m)




 NAME
      keytab - A dcecp object that manages server passwords on DCE hosts

 SYNOPSIS
      keytab add keytab_name_list -member principal_name_list
      {-key plain_key -version key_version [-registry] |
      -random -registry [-version key_version] }
      [-ktname residual_keytab_name] [-noprivacy] [-local]

      keytab catalog [host_name_list] [-simplename] [-noprivacy]
      [-local]

      keytab create keytab_name_list
      {-attribute attribute_list | -attribute value}
      [-ktname residual_keytab_name] [-entry] [-noprivacy] [-local]

      keytab delete keytab_name_list [-entry] [-noprivacy]
      [-ktname residual_keytab_name] [-local]

      keytab help [operation | -verbose]

      keytab list keytab_name_list [-noprivacy]
      [-ktname residual_keytab_name] [-local]

      keytab operations

      keytab remove keytab_name_list -member principal_name_list
      [-version key_version_list] [-type key_type] [-noprivacy]
      [-ktname residual_keytab_name] [-local]

      keytab show keytab_name_list [-entry | -members]
      [-keys] [-ktname residual_keytab_name] [-noprivacy] [-local]


 ARGUMENTS
      host_name_list
		A list of one or more DCE host names specifying hosts for
		which to catalog key tables.  Host names can be in any of
		the following forms:

		/.:/hosts/hostname

		/.../cell_name/hosts/hostname

		hosts/hostname


		The name can also be a single string binding representing
		the host with which to communicate.  See keytab_name_list
		for more information.




 Hewlett-Packard Company	    - 1 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      keytab_name_list
		A list of one or more names of key tables to operate on.
		Key table names are similar to other dced objects with the
		following form:

		/.../cell/hosts/hostname/config/keytab/name

		The name can also be a single string binding representing
		the host with which to communicate. For example:

		{ncacn_ip_tcp 130.105.1.227}


		A string binding is useful when the name service is not
		operating and cannot translate the other forms of host
		names. If you supply a single string binding, you must use
		the -ktname option to specify the object's residual name.

      operation The name of the keytab operation for which to display help
		information.


 DESCRIPTION
      The keytab object represents key tables (usually files) that store
      server keys (and key version numbers) on hosts.  These key tables are
      manipulated remotely by using dced.  The keys are considered members
      of the key table container. The keytab names are in the form

      /.../cell_name/hosts/hostname/config/keytab/name

      A key table has a set of keys.  Each key contains a principal name,
      type, version, and value.	 The value can be created and changed, but
      is never shown on output.	 Removal of a key is based on the name,
      type, and version number.	 The syntax of a key is a list of
      principal_name, type (plain or des), version (a non-negative integer),
      and value.  The value of a des key is 64 bits long and can be
      represented in dcecp as an Extended Registry Attribute (ERA) of type
      byte (refer to the xattrschema attributes for details). The value is
      valid on input, but is not displayed on output so that keys are not
      shown on the screen.  For example:

      melman des 1 key1

      melman plain 3 key2


      Multiple keys for the same principal are displayed as separate keys.

 ATTRIBUTES
      uuid value
		A Universal Unique Identifier (UUID) that is the internal



 Hewlett-Packard Company	    - 2 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




		identifier for the key table's configuration information
		kept by dced.  If the UUID is not specified when the key
		table is created, one is generated automatically. This
		attribute cannot be modified after it is created.

      annotation string
		A human-readable comment field in Portable Character Set
		(PCS) format.  This attribute cannot be modified after
		creation. It defaults to a null string (that is, blank).

      storage string
		The name of the key table (usually a filename).	 It is
		required and may not be modified after creation.

      data key_list
		The contents of the key table.	Represented as a list of
		keys.


      See the OSF DCE Administration Guide for more information about keytab
      attributes.

 OPERATIONS
    keytab add
      Adds members to a key table.  The syntax is as follows:

      keytab add keytab_name_list -member principal_name_list
      {-key plain_key -version key_version [-registry] |
      -random -registry [-version key_version] }
      [-ktname residual_keytab_name] [-noprivacy] [-local]


      Options


      -member principal_name_list
		List of principal names to be added to each key table in the
		argument.

      -registry Updates the principal's key in the registry as well as on
		the host. Required if the -random option is used.

      -random	Generates a random des key.  Cannot be used with the -key
		option.

      -key plain_key
		Specifies a key explicitly.  Cannot be used with the -random
		option.

      -version key_version
		Specifies a version number for the key. Required if the



 Hewlett-Packard Company	    - 3 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




		-registry option is not used.

      -ktname residual_keytab_name
		Specifies the keytab object to add members to.	If you use
		this option, you must specify keytab_name_list as a string
		binding.  See ARGUMENTS for more information about
		specifying a string binding for keytab_name_list.

      -local	Specifies that the add operation operates on local files
		only.

      -noprivacy
		Specifies that keytables are sent over the network
		unencrypted.


      The add operation adds members to key tables.  The argument is a list
      of names of key tables to which members should be added. The required
      -member option lists principal names to be added to each key table in
      the keytab_name_list argument. If the principals named do not exist,
      the command will return an error.	 The operation adds each principal
      name and its key to the key table.

      Use either the -random option to have dcecp generate a random des key
      or the -key option to specify a plain key explicitly.  The same key
      (whether specified or randomly generated) is used for all principals
      being added to all key tables.  The -registry option updates the
      principal's key in the key table and in the registry.  The  -registry
      option is required if -random is used.  The -version option specifies
      the version number of the key.  You must specify either -registry or
      -version or both on any keytab add command.  The -ktname option is
      used to identify the specific key table to operation on, but only when
      the argument is a string binding representing a host, not the fully
      qualified key table name. This operation returns an empty string on
      success.

      Privileges Required

      You must have a (auth_info) permission to the keytab object.

      Examples

      dcecp>&gt&gt> keytab add /.:/hosts/medusa/config/keytab/radiology \
      >&gt&gt> -member melman -random -registry
      dcecp>&gt&gt>

      dcecp>&gt&gt> keytab add /.:/hosts/medusa/config/keytab/radiology \
      >&gt&gt> -member melman -key yrrebnesor
      dcecp>&gt&gt>

      dcecp>&gt&gt> keytab add ncacn_ip_tcp:15.22.24.145 -ktname radiology \



 Hewlett-Packard Company	    - 4 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      >&gt&gt> -member melman -random -registry
      dcecp>&gt&gt>


    keytab catalog
      Returns a list of the names of all key tables on the specified host.
      The syntax is as follows:

      keytab catalog [host_name_list] [-simplename] [-noprivacy]
      [-local]


      Options


      -simplename
		Returns key table names without prepending the cell name.

      -noprivacy
		Specifies the key tables sent over the network are not
		encrypted.

      -local	Specifies that the catalog operation operates on local files
		only.


      The catalog operation returns a list of the names of all key tables on
      the host specified in the argument.  The argument can be a list of one
      or more host names or a single string binding that identifies a host.
      If a host name is not specified, the current host is used.  If the
      argument is a list, the output is concatenated.  The return order is
      arbitrary.

      Privileges Required

      You must have r (read) permission to the keytab object on the host.

      Examples

      dcecp> keytab catalog
      /.../pokey/hosts/jimbo/config/keytab/self
      dcecp>


    keytab create
      Creates a key table.  The syntax is as follows:

      keytab create keytab_name_list
      {-attribute attribute_list | -attribute value}
      [-ktname residual_keytab_name] [-entry] [-noprivacy] [-local]




 Hewlett-Packard Company	    - 5 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      Options


      -attribute value
		As an alternative to using the -attribute option with an
		attribute list, you can specify individual attribute options
		by prepending a hyphen (-) to any attributes listed in the
		ATTRIBUTES section of this reference page.

      -attribute attribute_list
		Allows you to specify attributes by using an attribute list
		rather than individual attribute options. The format of an
		attribute list is as follows:

		{{attribute value}...{attribute value}}


      -ktname residual_keytab_name
		Specifies the keytab object to create.	If you use this
		option, you must specify keytab_name_list as a string
		binding.  See ARGUMENTS for more information about
		specifying a string binding for keytab_name_list.

      -local	Specifies that the create operation operates on local files
		only.

      -noprivacy
		Specifies that key tables are sent over the network
		unencrypted.


      The create operation creates a key table.	 The argument is a list of
      names of key tables to be created.  The command takes an -attribute
      option to specify configuration information for dced. The -ktname
      option is used to identify the specific key table to operation on, but
      only when the argument is a string binding representing a host, not
      the fully qualified key table name. The contents of the key table can
      be specified via the data attribute.  The value of the option is
      applied to all elements of the argument list.  This operation returns
      an empty string on success.

      The value of the data attribute, if specified, is a list of keys.
      Each key must have a principal name and key type.	 The version is
      optional; if it is not present, the system generates a version of 1.
      If the key type is plain, a key value must be specified.	If the key
      type is des and a key value is not specified, one will be randomly
      generated.

      Privileges Required





 Hewlett-Packard Company	    - 6 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      You must have i (insert) permission to the keytab object on the host.

      Examples

      The following example creates two keys for user melman and one key for
      danahy on host medusa.  One of melman's keys is an automatically
      generated Data Encryption Standard (DES) key. Both melman's second key
      and danahy's key are manually entered keys.

      dcecp>&gt&gt> keytab create /.:/hosts/medusa/config/keytab/radiology -attribute { \
      >&gt&gt> {{storage /opt/dcelocal/keys/radiology} {data {{melman des} \
      >&gt&gt> {melman plain 3 key2} {danahy des 2 key3}}}}
      dcecp>

      dcecp> keytab create ncacn_ip_tcp:15.22.24.145 -ktname radiology \
      > -storage /tmp/keys/radiology -data {melman plain 3 key2}
      dcecp>


    keytab delete
      Deletes a key table entry and its data.  The syntax is as follows:

      keytab delete keytab_name_list [-entry] [-noprivacy]
      [-ktname residual_keytab_name] [-local]


      Options


      -entry	Specifies that only the configuration information that dced
		keeps is deleted, not the actual key table.

      -ktname residual_keytab_name
		Specifies the keytab object to delete.	If you use this
		option, you must specify keytab_name_list as a string
		binding.  See ARGUMENTS for more information about
		specifying a string binding for keytab_name_list.

      -noprivacy
		Specifies that key tables are sent over the network
		unencrypted.

      -local	Specifies that the delete operation operates on local files
		only.


      The delete operation deletes a key table entry and its data.  The
      argument is a list of names of key table entries to be deleted in the
      order specified.	If the -entry option is present, only the
      configuration information that dced keeps is deleted, not the actual
      key table. The -ktname option is used to identify the specific key



 Hewlett-Packard Company	    - 7 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      table to operation on, but only when the argument is a string binding
      representing a host, not the fully qualified key table name. This
      operation returns an empty string on success.

      Privileges Required

      You must have d (delete) permission to the keytab object. If you are
      removing the key table, you must have D (Delete_object) permission to
      the keytab object as well.

      Examples

      dcecp> keytab delete /.:/hosts/medusa/config/keytab/radiology
      dcecp>

      dcecp> keytab delete ncacn_ip_tcp:15.22.24.145 -ktname radiology
      dcecp>


    keytab help
      Returns help information about the keytab object and its operations.
      The syntax is as follows:

      keytab help [operation | -verbose]


      Options


      -verbose	Displays information about the keytab object.


      Used without an argument or option, the keytab help command returns
      brief information about each keytab operation. The optional operation
      argument is the name of an operation about which you want detailed
      information. Alternatively, you can use the -verbose option for more
      detailed information about the keytab object itself.

      Privileges Required

      No special privileges are needed to use the keytab help command.

      Examples

      dcecp> keytab help
      add		  Adds keys into a key table.
      catalog		  Returns the list of key table names.
      create		  Creates a new key table entry and its keys.
      delete		  Deletes a key table and its associated data.
      list		  Lists all principals in a specified key table.
      remove		  Removes keys from a key table.



 Hewlett-Packard Company	    - 8 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      show		  Returns the list of keys of a key table.
      help		  Prints a summary of command-line options.
      operations	  Returns a list of the valid operations for this command.
      dcecp>


    keytab list
      Returns a list of all the principals in the specified key table.	The
      syntax is as follows:

      keytab list keytab_name_list [-noprivacy]
      [-ktname residual_keytab_name] [-local]


      Options

      -ktname residual_keytab_name
		Specifies the keytab object to list.  If you use this
		option, you must specify keytab_name_list as a string
		binding.  See ARGUMENTS for more information about
		specifying a string binding for keytab_name_list.

      -noprivacy
		Specifies that key tables are sent over the network
		unencrypted.

      -local	Specifies that the list operation operates on local files
		only.


      The list operation returns a list of all the principals in the
      specified key table.  If the argument is a list of key table names,
      the output is concatenated and a blank line inserted between key
      tables. The -ktname option is used to identify the specific key table
      to operation on, but only when the argument is a string binding
      representing a host, not the fully qualified key table name.

      Privileges Required

      You must have r (read) permission to the keytab object on the host.

      Examples

      dcecp> keytab list /.:/hosts/medusa/config/keytab/self
      /.../mycell/hosts/medusa/self
      /.../mycell/hosts/medusa/cds-server
      /.../mycell/hosts/medusa/cds-server
      dcecp>

      dcecp> keytab list ncacn_ip_tcp:15.22.24.145 -ktname self
      /.../mycell/hosts/medusa/self



 Hewlett-Packard Company	    - 9 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      /.../mycell/hosts/medusa/cds-server
      /.../mycell/hosts/medusa/cds-server
      dcecp>


    keytab operations
      Returns a list of the operations supported by the keytab object. The
      syntax is as follows:

      keytab operations


      The list of available operations is in alphabetical order except for
      help and operations, which are listed last.

      Privileges Required

      No special privileges are needed to use the keytab operations command.

      Examples

      dcecp> keytab operations
      add catalog create delete list remove show help operations
      dcecp>


    keytab remove
      Removes a member from a key table.  The syntax is as follows:

      keytab remove keytab_name_list -member principal_name_list
      [-version key_version_list] [-type key_type] [-noprivacy]
      [-ktname residual_keytab_name] [-local]


      Options


      -member principal_name_list
		Specifies a list of one or more principal names of members
		to be removed from the key table.

      -version key_version_list
		Specifies a version number for the key.

      -type key_type
		Specifies whether the key is a des (data encryption
		standard) key or a plain key.

      -ktname residual_keytab_name
		Specifies the keytab object to use during the remove
		operation.  If you use this option, you must specify



 Hewlett-Packard Company	   - 10 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




		keytab_name_list as a string binding.  See ARGUMENTS for
		more information about specifying a string binding for
		keytab_name_list.

      -noprivacy
		Specifies that key tables are sent over the network
		unencrypted.

      -local	Specifies that the remove operation operates on local files
		only.


      The remove operation removes members from a key table.  The argument
      is a list of names of key tables from which to remove members. The
      value of the required -member option is a list of names of principals
      to be removed from the key tables listed in the argument.	 The -
      version and -type options can be used to limit the keys removed.	If
      either or both of these options is present, then only keys matching
      the values of these options are removed.	The value of the -version
      option can be a list of version numbers.	The -ktname option is used
      to identify the specific key table to operation on, but only when the
      argument is a string binding representing a host, not the fully
      qualified key table name. This operation returns an empty string on
      success.

      Privileges Required

      You must have x (execute) permission to the keytab object on the host.

      Examples

      The following examples remove all des keys for principal D_Britt:

      dcecp>&gt&gt> keytab remove /.:/hosts/jimbo/config/keytab/self -member D_Britt -type des
      dcecp>&gt&gt>

      dcecp>&gt&gt> keytab remove ncacn_ip_tcp:15.22.24.145 -ktname self -member D_Britt -type des
      dcecp>&gt&gt>


    keytab show
      Returns an attribute list of the key table entries specified in the
      argument.	 The syntax is as follows:

      keytab show keytab_name_list [-entry | -members]
      [-keys] [-ktname residual_keytab_name] [-noprivacy] [-local]

      Options






 Hewlett-Packard Company	   - 11 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




      -entry	Returns only the configuration information that dced keeps,
		not the actual key table data.

      -members	Specifies that only the data attribute of each entry be
		returned.

      -keys	Returns the actual values of keys.

      -noprivacy
		Specifies that key tables are sent over the network
		unencrypted.

      -ktname residual_keytab_name
		Specifies the keytab object for which to show information.
		If you use this option, you must specify keytab_name_list as
		a string binding.  See ARGUMENTS for more information about
		specifying a string binding for	 keytab_name_list.

      -local	Specifies that the show operation operates on local files
		only.


      The show operation returns an attribute list of the key tables
      specified in the argument.  The argument is a list of names of key
      tables. If the operation is called without the -entry option, the data
      attribute is not returned. If the optional -members option is given,
      only the value of the data attribute is returned (a list of keys).
      Keys are not normally returned unless the -keys option is used.  If
      the argument is a list, the output is concatenated and a blank line
      inserted between key tables. The -ktname option is used to identify
      the specific key table to operation on, but only when the argument is
      a string binding representing a host, not the fully qualified key
      table name.

      Privileges Required

      You must have r (read) permission to the keytab object on the host.

      Examples

      dcecp>&gt&gt> keytab show /.:/hosts/medusa/config/keytab/radiology -members
      {melman des 1}
      {melman plain 3}
      {danahy des 2}
      dcecp>&gt&gt>

      dcecp>&gt&gt> keytab show ncacn_ip_tcp:15.22.24.145 -ktname radiology -members
      {melman des 1}
      {melman plain 3}
      {danahy des 2}
      dcecp>&gt&gt>



 Hewlett-Packard Company	   - 12 -	      OSF DCE 1.1/HP DCE 1.8






 keytab(1m)		  Open Software Foundation		  keytab(1m)




 RELATED INFORMATION
      Commands: dcecp(1m), dcecp_xattrschema(1m), dced(1m).




















































 Hewlett-Packard Company	   - 13 -	      OSF DCE 1.1/HP DCE 1.8