| blob | b79882498308458e82bb2aebd1f37aae59ecf4a4 |
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "stash"
37 name = "kstash"
38 option = {
39 long = "enctype"
40 short = "e"
41 type = "string"
42 help = "encryption type"
43 default = "des3-cbc-sha1"
44 }
45 option = {
46 long = "key-file"
47 short = "k"
48 type = "string"
49 argument = "file"
50 help = "master key file"
51 }
52 option = {
53 long = "convert-file"
54 type = "flag"
55 help = "just convert keyfile to new format"
56 }
57 option = {
58 long = "random-password"
59 type = "flag"
60 help = "use a random password (and print the password to stdout)"
61 }
62 option = {
63 long = "master-key-fd"
64 type = "integer"
65 argument = "fd"
66 help = "filedescriptor to read passphrase from"
67 default = "-1"
68 }
69 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
70 }
71 command = {
72 name = "dump"
73 option = {
74 long = "decrypt"
75 short = "d"
76 type = "flag"
77 help = "decrypt keys"
78 }
79 argument = "[dump-file]"
80 min_args = "0"
81 max_args = "1"
82 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
83 }
85 command = {
86 name = "init"
87 option = {
88 long = "realm-max-ticket-life"
89 type = "string"
90 help = "realm max ticket lifetime"
91 }
92 option = {
93 long = "realm-max-renewable-life"
94 type = "string"
95 help = "realm max renewable lifetime"
96 }
97 option = {
98 long = "bare"
99 type = "flag"
100 help = "only create krbtgt for realm"
101 }
102 argument = "realm..."
103 min_args = "1"
104 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
105 }
106 command = {
107 name = "load"
108 argument = "file"
109 min_args = "1"
110 max_args = "1"
111 help = "Loads a previously dumped file. Local (-l) mode only."
112 }
113 command = {
114 name = "merge"
115 argument = "file"
116 min_args = "1"
117 max_args = "1"
118 help = "Merges the contents of a dump file into the database. Local (-l) mode only."
119 }
120 command = {
121 name = "add"
122 name = "ank"
123 name = "add_new_key"
124 function = "add_new_key"
125 option = {
126 long = "random-key"
127 short = "r"
128 type = "flag"
129 help = "set random key"
130 }
131 option = {
132 long = "random-password"
133 type = "flag"
134 help = "set random password"
135 }
136 option = {
137 long = "password"
138 short = "p"
139 type = "string"
140 help = "principal's password"
141 }
142 option = {
143 long = "key"
144 type = "string"
145 help = "DES-key in hex"
146 }
147 option = {
148 long = "max-ticket-life"
149 type = "string"
150 argument ="lifetime"
151 help = "max ticket lifetime"
152 }
153 option = {
154 long = "max-renewable-life"
155 type = "string"
156 argument = "lifetime"
157 help = "max renewable life"
158 }
159 option = {
160 long = "attributes"
161 type = "string"
162 argument = "attributes"
163 help = "principal attributes"
164 }
165 option = {
166 long = "expiration-time"
167 type = "string"
168 argument = "time"
169 help = "principal expiration time"
170 }
171 option = {
172 long = "pw-expiration-time"
173 type = "string"
174 argument = "time"
175 help = "password expiration time"
176 }
177 option = {
178 long = "hist-kvno-diff-clnt"
179 type = "integer"
180 argument = "kvno diff"
181 help = "historic keys allowed for client"
182 default = "-1"
183 }
184 option = {
185 long = "hist-kvno-diff-svc"
186 type = "integer"
187 argument = "kvno diff"
188 help = "historic keys allowed for service"
189 default = "-1"
190 }
191 option = {
192 long = "use-defaults"
193 type = "flag"
194 help = "use default values"
195 }
196 option = {
197 long = "policy"
198 type = "string"
199 argument = "policy"
200 help = "policy name"
201 }
202 argument = "principal..."
203 min_args = "1"
204 help = "Adds a principal to the database."
205 }
206 command = {
207 name = "passwd"
208 name = "cpw"
209 name = "change_password"
210 function = "cpw_entry"
211 option = {
212 long = "random-key"
213 short = "r"
214 type = "flag"
215 help = "set random key"
216 }
217 option = {
218 long = "random-password"
219 type = "flag"
220 help = "set random password"
221 }
222 option = {
223 long = "password"
224 short = "p"
225 type = "string"
226 help = "princial's password"
227 }
228 option = {
229 long = "key"
230 type = "string"
231 help = "DES key in hex"
232 }
233 option = {
234 long = "keepold"
235 type = "flag"
236 help = "keep old keys/password"
237 }
238 argument = "principal..."
239 min_args = "1"
240 help = "Changes the password of one or more principals matching the expressions."
241 }
242 command = {
243 name = "delete"
244 name = "del"
245 name = "del_entry"
246 function = "del_entry"
247 argument = "principal..."
248 min_args = "1"
249 help = "Deletes all principals matching the expressions."
250 }
251 command = {
252 name = "del_enctype"
253 argument = "principal enctype..."
254 min_args = "2"
255 help = "Delete all the mentioned enctypes for principal."
256 }
257 command = {
258 name = "add_enctype"
259 option = {
260 long = "random-key"
261 short = "r"
262 type = "flag"
263 help = "set random key"
264 }
265 argument = "principal enctype..."
266 min_args = "2"
267 help = "Add new enctypes for principal."
268 }
269 command = {
270 name = "ext_keytab"
271 option = {
272 long = "keytab"
273 short = "k"
274 type = "string"
275 help = "keytab to use"
276 }
277 argument = "principal..."
278 min_args = "1"
279 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
280 }
281 command = {
282 name = "get"
283 name = "get_entry"
284 function = "get_entry"
285 /* XXX sync options with "list" */
286 option = {
287 long = "long"
288 short = "l"
289 type = "flag"
290 help = "long format"
291 default = "-1"
292 }
293 option = {
294 long = "short"
295 short = "s"
296 type = "flag"
297 help = "short format"
298 }
299 option = {
300 long = "terse"
301 short = "t"
302 type = "flag"
303 help = "terse format"
304 }
305 option = {
306 long = "column-info"
307 short = "o"
308 type = "string"
309 help = "columns to print for short output"
310 }
311 argument = "principal..."
312 min_args = "1"
313 help = "Shows information about principals matching the expressions."
314 }
315 command = {
316 name = "rename"
317 function = "rename_entry"
318 argument = "from to"
319 min_args = "2"
320 max_args = "2"
321 help = "Renames a principal."
322 }
323 command = {
324 name = "modify"
325 function = "mod_entry"
326 option = {
327 long = "max-ticket-life"
328 type = "string"
329 argument ="lifetime"
330 help = "max ticket lifetime"
331 }
332 option = {
333 long = "max-renewable-life"
334 type = "string"
335 argument = "lifetime"
336 help = "max renewable life"
337 }
338 option = {
339 long = "attributes"
340 short = "a"
341 type = "string"
342 argument = "attributes"
343 help = "principal attributes"
344 }
345 option = {
346 long = "expiration-time"
347 type = "string"
348 argument = "time"
349 help = "principal expiration time"
350 }
351 option = {
352 long = "pw-expiration-time"
353 type = "string"
354 argument = "time"
355 help = "password expiration time"
356 }
357 option = {
358 long = "kvno"
359 type = "integer"
360 help = "key version number"
361 default = "-1"
362 }
363 option = {
364 long = "constrained-delegation"
365 type = "strings"
366 argument = "principal"
367 help = "allowed target principals"
368 }
369 option = {
370 long = "alias"
371 type = "strings"
372 argument = "principal"
373 help = "aliases"
374 }
375 option = {
376 long = "pkinit-acl"
377 type = "strings"
378 argument = "subject dn"
379 help = "aliases"
380 }
381 option = {
382 long = "policy"
383 type = "string"
384 argument = "policy"
385 help = "policy name"
386 }
387 option = {
388 long = "hist-kvno-diff-clnt"
389 type = "integer"
390 argument = "kvno diff"
391 help = "historic keys allowed for client"
392 default = "-1"
393 }
394 option = {
395 long = "hist-kvno-diff-svc"
396 type = "integer"
397 argument = "kvno diff"
398 help = "historic keys allowed for service"
399 default = "-1"
400 }
401 argument = "principal"
402 min_args = "1"
403 max_args = "1"
404 help = "Modifies some attributes of the specified principal."
405 }
406 command = {
407 name = "privileges"
408 name = "privs"
409 function = "get_privs"
410 help = "Shows which operations you are allowed to perform."
411 }
412 command = {
413 name = "list"
414 function = "list_princs"
415 /* XXX sync options with "get" */
416 option = {
417 long = "long"
418 short = "l"
419 type = "flag"
420 help = "long format"
421 }
422 option = {
423 long = "short"
424 short = "s"
425 type = "flag"
426 help = "short format"
427 }
428 option = {
429 long = "terse"
430 short = "t"
431 type = "flag"
432 help = "terse format"
433 default = "-1"
434 }
435 option = {
436 long = "column-info"
437 short = "o"
438 type = "string"
439 help = "columns to print for short output"
440 }
441 argument = "principal..."
442 min_args = "1"
443 help = "Lists principals in a terse format. Equivalent to \"get -t\"."
444 }
445 command = {
446 name = "verify-password-quality"
447 name = "pwq"
448 function = "password_quality"
449 argument = "principal password"
450 min_args = "2"
451 max_args = "2"
452 help = "Try run the password quality function locally (not doing RPC out to server)."
453 }
454 command = {
455 name = "check"
456 function = "check"
457 argument = "[realm]"
458 min_args = "0"
459 max_args = "1"
460 help = "Check the realm (if not given, the default realm) for configuration errors."
461 }
462 command = {
463 name = "lock"
464 function = "lock"
465 argument = ""
466 min_args = "0"
467 max_args = "0"
468 help = "Lock the database for writing (use with care)."
469 }
470 command = {
471 name = "unlock"
472 function = "unlock"
473 argument = ""
474 min_args = "0"
475 max_args = "0"
476 help = "Unlock the database."
477 }
478 command = {
479 name = "help"
480 name = "?"
481 argument = "[command]"
482 min_args = "0"
483 max_args = "1"
484 help = "Help! I need somebody."
485 }
486 command = {
487 name = "exit"
488 name = "quit"
489 function = "exit_kadmin"
490 help = "Quits."
491 }