MOON
Server: Apache
System: Linux cl1170g 4.19.62-mod-std-ipv6-64-rescue #828825 SMP Tue Jul 30 13:54:49 UTC 2019 x86_64
User: wh0f20bb (1057)
PHP: 5.6.40
Disabled: NONE
$ pwd: /usr/java/latest/man/man1/
Upload Files
File: //usr/java/latest/man/man1/ktab.1
.\" Automatically generated by Pandoc 2.3.1
.\"
.TH "KTAB" "1" "2024" "JDK 17.0.12" "JDK Commands"
.hy
.SH NAME
.PP
ktab \- manage the principal names and service keys stored in a local
key table
.SH SYNOPSIS
.PP
\f[CB]ktab\f[R] [\f[I]commands\f[R]] [\f[I]options\f[R]]
.TP
.B [\f[I]commands\f[R]] [\f[I]options\f[R]]
Lists the keytab name and entries, adds new key entries to the keytab,
deletes existing key entries, and displays instructions.
See \f[B]Commands and Options\f[R].
.RS
.RE
.SH DESCRIPTION
.PP
The \f[CB]ktab\f[R] enables the user to manage the principal names and
service keys stored in a local key table.
Principal and key pairs listed in the keytab enable services running on
a host to authenticate themselves to the Key Distribution Center (KDC).
.PP
Before configuring a server to use Kerberos, you must set up a keytab on
the host running the server.
Note that any updates made to the keytab using the \f[CB]ktab\f[R] tool
don\[aq]t affect the Kerberos database.
.PP
A \f[I]keytab\f[R] is a host\[aq]s copy of its own keylist, which is
analogous to a user\[aq]s password.
An application server that needs to authenticate itself to the Key
Distribution Center (KDC) must have a keytab which contains its own
principal and key.
If you change the keys in the keytab, you must also make the
corresponding changes to the Kerberos database.
The \f[CB]ktab\f[R] tool enables you to list, add, update or delete
principal names and key pairs in the key table.
None of these operations affect the Kerberos database.
.SH SECURITY ALERT
.PP
Don\[aq]t specify your password on the command line.
Doing so can be a security risk.
For example, an attacker could discover your password while running the
UNIX \f[CB]ps\f[R] command.
.PP
Just as it is important for users to protect their passwords, it is
equally important for hosts to protect their keytabs.
You should always store keytab files on the local disk and make them
readable only by root.
You should never send a keytab file over a network in the clear.
.SH COMMANDS AND OPTIONS
.TP
.B \f[CB]\-l\f[R] [\f[CB]\-e\f[R]] [\f[CB]\-t\f[R]]
Lists the keytab name and entries.
When \f[CB]\-e\f[R] is specified, the encryption type for each entry is
displayed.
When \f[CB]\-t\f[R] is specified, the timestamp for each entry is
displayed.
.RS
.RE
.TP
.B \f[CB]\-a\f[R] \f[I]principal_name\f[R] [\f[I]password\f[R]] [\f[CB]\-n\f[R] \f[I]kvno\f[R]] [\f[CB]\-append\f[R]]
Adds new key entries to the keytab for the given principal name with an
optional \f[I]password\f[R].
If a \f[I]kvno\f[R] is specified, new keys\[aq] Key Version Numbers equal
to the value, otherwise, automatically incrementing the Key Version
Numbers.
If \f[CB]\-append\f[R] is specified, new keys are appended to the keytab,
otherwise, old keys for the same principal are removed.
.RS
.PP
No changes are made to the Kerberos database.
\f[B]Don\[aq]t specify the password on the command line or in a
script.\f[R] This tool will prompt for a password if it isn\[aq]t
specified.
.RE
.TP
.B \f[CB]\-d\f[R] \f[I]principal_name\f[R] [\f[CB]\-f\f[R]] [\f[CB]\-e\f[R] \f[I]etype\f[R]] [\f[I]kvno\f[R] | \f[CB]all\f[R]| \f[CB]old\f[R]]
Deletes key entries from the keytab for the specified principal.
No changes are made to the Kerberos database.
.RS
.IP \[bu] 2
If \f[I]kvno\f[R] is specified, the tool deletes keys whose Key Version
Numbers match kvno.
If \f[CB]all\f[R] is specified, delete all keys.
.IP \[bu] 2
If \f[CB]old\f[R] is specified, the tool deletes all keys except those
with the highest \f[I]kvno\f[R].
The default action is \f[CB]all\f[R].
.IP \[bu] 2
If \f[I]etype\f[R] is specified, the tool only deletes keys of this
encryption type.
\f[I]etype\f[R] should be specified as the numberic value \f[I]etype\f[R]
defined in RFC 3961, section 8.
A prompt to confirm the deletion is displayed unless \f[CB]\-f\f[R] is
specified.
.PP
When \f[I]etype\f[R] is provided, only the entry matching this encryption
type is deleted.
Otherwise, all entries are deleted.
.RE
.TP
.B \f[CB]\-help\f[R]
Displays instructions.
.RS
.RE
.SH COMMON OPTIONS
.PP
This option can be used with the \f[CB]\-l\f[R], \f[CB]\-a\f[R] or
\f[CB]\-d\f[R] commands.
.TP
.B \f[CB]\-k\f[R] \f[I]keytab name\f[R]
Specifies the keytab name and path with the \f[CB]FILE:\f[R] prefix.
.RS
.RE
.SH EXAMPLES
.IP \[bu] 2
Lists all the entries in the default keytable
.RS 2
.RS
.PP
\f[CB]ktab\ \-l\f[R]
.RE
.RE
.IP \[bu] 2
Adds a new principal to the key table (note that you will be prompted
for your password)
.RS 2
.RS
.PP
\f[CB]ktab\ \-a\ duke\@example.com\f[R]
.RE
.RE
.IP \[bu] 2
Deletes a principal from the key table
.RS 2
.RS
.PP
\f[CB]ktab\ \-d\ duke\@example.com\f[R]
.RE
.RE
@ Telegram