| blob | 1faec5007cdc17c9d6862b0678ce28eb22d98e6e |
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "stash"
37 name = "kstash"
38 option = {
39 long = "enctype"
40 short = "e"
41 type = "string"
42 help = "encryption type"
43 default = "des3-cbc-sha1"
44 }
45 option = {
46 long = "key-file"
47 short = "k"
48 type = "string"
49 argument = "file"
50 help = "master key file"
51 }
52 option = {
53 long = "convert-file"
54 type = "flag"
55 help = "just convert keyfile to new format"
56 }
57 option = {
58 long = "random-password"
59 type = "flag"
60 help = "use a random password (and print the password to stdout)"
61 }
62 option = {
63 long = "master-key-fd"
64 type = "integer"
65 argument = "fd"
66 help = "filedescriptor to read passphrase from"
67 default = "-1"
68 }
69 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
70 }
71 command = {
72 name = "dump"
73 option = {
74 long = "decrypt"
75 short = "d"
76 type = "flag"
77 help = "decrypt keys"
78 }
79 option = {
80 long = "format"
81 short = "f"
82 type = "string"
83 help = "dump format, mit or heimdal (default: heimdal)"
84 }
85 argument = "[dump-file]"
86 min_args = "0"
87 max_args = "1"
88 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
89 }
91 command = {
92 name = "init"
93 option = {
94 long = "realm-max-ticket-life"
95 type = "string"
96 help = "realm max ticket lifetime"
97 }
98 option = {
99 long = "realm-max-renewable-life"
100 type = "string"
101 help = "realm max renewable lifetime"
102 }
103 option = {
104 long = "bare"
105 type = "flag"
106 help = "only create krbtgt for realm"
107 }
108 argument = "realm..."
109 min_args = "1"
110 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
111 }
112 command = {
113 name = "load"
114 argument = "file"
115 min_args = "1"
116 max_args = "1"
117 help = "Loads a previously dumped file. Local (-l) mode only."
118 }
119 command = {
120 name = "merge"
121 argument = "file"
122 min_args = "1"
123 max_args = "1"
124 help = "Merges the contents of a dump file into the database. Local (-l) mode only."
125 }
126 command = {
127 name = "add"
128 name = "ank"
129 name = "add_new_key"
130 function = "add_new_key"
131 option = {
132 long = "random-key"
133 short = "r"
134 type = "flag"
135 help = "set random key"
136 }
137 option = {
138 long = "random-password"
139 type = "flag"
140 help = "set random password"
141 }
142 option = {
143 long = "enctypes"
144 short = "e"
145 type = "string"
146 help = "encryption type(s)"
147 }
148 option = {
149 long = "password"
150 short = "p"
151 type = "string"
152 help = "principal's password"
153 }
154 option = {
155 long = "key"
156 type = "string"
157 help = "DES-key in hex"
158 }
159 option = {
160 long = "max-ticket-life"
161 type = "string"
162 argument ="lifetime"
163 help = "max ticket lifetime"
164 }
165 option = {
166 long = "max-renewable-life"
167 type = "string"
168 argument = "lifetime"
169 help = "max renewable life"
170 }
171 option = {
172 long = "attributes"
173 type = "string"
174 argument = "attributes"
175 help = "principal attributes"
176 }
177 option = {
178 long = "expiration-time"
179 type = "string"
180 argument = "time"
181 help = "principal expiration time"
182 }
183 option = {
184 long = "pw-expiration-time"
185 type = "string"
186 argument = "time"
187 help = "password expiration time"
188 }
189 option = {
190 long = "hist-kvno-diff-clnt"
191 type = "integer"
192 argument = "kvno diff"
193 help = "historic keys allowed for client"
194 default = "-1"
195 }
196 option = {
197 long = "hist-kvno-diff-svc"
198 type = "integer"
199 argument = "kvno diff"
200 help = "historic keys allowed for service"
201 default = "-1"
202 }
203 option = {
204 long = "use-defaults"
205 type = "flag"
206 help = "use default values"
207 }
208 option = {
209 long = "policy"
210 type = "string"
211 argument = "policy"
212 help = "policy name"
213 }
214 argument = "principal..."
215 min_args = "1"
216 help = "Adds a principal to the database."
217 }
218 command = {
219 name = "passwd"
220 name = "cpw"
221 name = "change_password"
222 function = "cpw_entry"
223 option = {
224 long = "random-key"
225 short = "r"
226 type = "flag"
227 help = "set random key"
228 }
229 option = {
230 long = "random-password"
231 type = "flag"
232 help = "set random password"
233 }
234 option = {
235 long = "enctypes"
236 short = "e"
237 type = "string"
238 help = "encryption type(s)"
239 }
240 option = {
241 long = "password"
242 short = "p"
243 type = "string"
244 help = "principal's password"
245 }
246 option = {
247 long = "key"
248 type = "string"
249 help = "DES key in hex"
250 }
251 option = {
252 long = "keepold"
253 type = "flag"
254 help = "keep old keys/password needed to decrypt extant tickets (default)"
255 }
256 option = {
257 long = "keepallold"
258 type = "flag"
259 help = "keep all old keys/password"
260 }
261 option = {
262 long = "pruneall"
263 type = "flag"
264 help = "delete all old keys"
265 }
266 argument = "principal..."
267 min_args = "1"
268 help = "Changes the password of one or more principals matching the expressions."
269 }
270 command = {
271 name = "delete"
272 name = "del"
273 name = "del_entry"
274 function = "del_entry"
275 argument = "principal..."
276 min_args = "1"
277 help = "Deletes all principals matching the expressions."
278 }
279 command = {
280 name = "del_enctype"
281 argument = "principal enctype..."
282 min_args = "2"
283 help = "Delete all the mentioned enctypes for principal."
284 }
285 command = {
286 name = "add_enctype"
287 option = {
288 long = "random-key"
289 short = "r"
290 type = "flag"
291 help = "set random key"
292 }
293 argument = "principal enctype..."
294 min_args = "2"
295 help = "Add new enctypes for principal."
296 }
297 command = {
298 name = "ext_keytab"
299 option = {
300 long = "keytab"
301 short = "k"
302 type = "string"
303 help = "keytab to use"
304 argument = "keytab"
305 }
306 option = {
307 long = "random-key"
308 short = "r"
309 type = "flag"
310 help = "set random key"
311 }
312 option = {
313 long = "enctypes"
314 short = "e"
315 type = "string"
316 help = "encryption type(s)"
317 }
318 option = {
319 long = "keepold"
320 type = "flag"
321 help = "keep old keys/password needed to decrypt extant tickets (default)"
322 }
323 option = {
324 long = "keepallold"
325 type = "flag"
326 help = "keep all old keys/password"
327 }
328 option = {
329 long = "pruneall"
330 type = "flag"
331 help = "delete all old keys"
332 }
333 argument = "principal..."
334 min_args = "1"
335 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
336 }
337 command = {
338 name = "get"
339 name = "get_entry"
340 function = "get_entry"
341 /* Options added to list should be added here; not the reverse */
342 option = {
343 long = "long"
344 short = "l"
345 type = "flag"
346 help = "long format"
347 default = "-1"
348 }
349 option = {
350 long = "short"
351 short = "s"
352 type = "flag"
353 help = "short format"
354 }
355 option = {
356 long = "terse"
357 short = "t"
358 type = "flag"
359 help = "terse format"
360 }
361 option = {
362 long = "column-info"
363 short = "o"
364 type = "string"
365 help = "columns to print for short output"
366 }
367 argument = "principal..."
368 min_args = "1"
369 help = "Shows information about principals matching the expressions."
370 }
371 command = {
372 name = "rename"
373 function = "rename_entry"
374 argument = "from to"
375 min_args = "2"
376 max_args = "2"
377 help = "Renames a principal."
378 }
379 command = {
380 name = "modify"
381 function = "mod_entry"
382 option = {
383 long = "max-ticket-life"
384 type = "string"
385 argument ="lifetime"
386 help = "max ticket lifetime"
387 }
388 option = {
389 long = "max-renewable-life"
390 type = "string"
391 argument = "lifetime"
392 help = "max renewable life"
393 }
394 option = {
395 long = "attributes"
396 short = "a"
397 type = "string"
398 argument = "attributes"
399 help = "principal attributes"
400 }
401 option = {
402 long = "expiration-time"
403 type = "string"
404 argument = "time"
405 help = "principal expiration time"
406 }
407 option = {
408 long = "pw-expiration-time"
409 type = "string"
410 argument = "time"
411 help = "password expiration time"
412 }
413 option = {
414 long = "kvno"
415 type = "integer"
416 help = "key version number"
417 default = "-1"
418 }
419 option = {
420 long = "constrained-delegation"
421 type = "strings"
422 argument = "principal"
423 help = "allowed target principals"
424 }
425 option = {
426 long = "alias"
427 type = "strings"
428 argument = "principal"
429 help = "aliases"
430 }
431 option = {
432 long = "pkinit-acl"
433 type = "strings"
434 argument = "subject dn"
435 help = "aliases"
436 }
437 option = {
438 long = "policy"
439 type = "string"
440 argument = "policy"
441 help = "policy name"
442 }
443 option = {
444 long = "hist-kvno-diff-clnt"
445 type = "integer"
446 argument = "kvno diff"
447 help = "historic keys allowed for client"
448 default = "-1"
449 }
450 option = {
451 long = "hist-kvno-diff-svc"
452 type = "integer"
453 argument = "kvno diff"
454 help = "historic keys allowed for service"
455 default = "-1"
456 }
457 argument = "principal"
458 min_args = "1"
459 max_args = "1"
460 help = "Modifies some attributes of the specified principal."
461 }
462 command = {
463 name = "prune"
464 argument = "principal"
465 option = {
466 long = "kvno"
467 type = "integer"
468 help = "key version number"
469 default = "0"
470 }
471 min_args = "1"
472 max_args = "1"
473 help = "Delete keys from history by max-ticket-life or kvno."
474 }
475 command = {
476 name = "privileges"
477 name = "privs"
478 function = "get_privs"
479 help = "Shows which operations you are allowed to perform."
480 }
481 command = {
482 name = "list"
483 function = "list_princs"
484 /* XXX sync options with "get" */
485 option = {
486 long = "long"
487 short = "l"
488 type = "flag"
489 help = "long format"
490 }
491 option = {
492 long = "short"
493 short = "s"
494 type = "flag"
495 help = "short format"
496 }
497 option = {
498 long = "terse"
499 short = "t"
500 type = "flag"
501 help = "terse format"
502 default = "-1"
503 }
504 option = {
505 long = "column-info"
506 short = "o"
507 type = "string"
508 help = "columns to print for short output"
509 }
510 argument = "principal..."
511 min_args = "1"
512 help = "Lists principals in a terse format. Equivalent to \"get -t\"."
513 }
514 command = {
515 name = "verify-password-quality"
516 name = "pwq"
517 function = "password_quality"
518 argument = "principal password"
519 min_args = "2"
520 max_args = "2"
521 help = "Try run the password quality function locally (not doing RPC out to server)."
522 }
523 command = {
524 name = "check"
525 function = "check"
526 argument = "[realm]"
527 min_args = "0"
528 max_args = "1"
529 help = "Check the realm (if not given, the default realm) for configuration errors."
530 }
531 command = {
532 name = "lock"
533 function = "lock"
534 argument = ""
535 min_args = "0"
536 max_args = "0"
537 help = "Lock the database for writing (use with care)."
538 }
539 command = {
540 name = "unlock"
541 function = "unlock"
542 argument = ""
543 min_args = "0"
544 max_args = "0"
545 help = "Unlock the database."
546 }
547 command = {
548 name = "help"
549 name = "?"
550 argument = "[command]"
551 min_args = "0"
552 max_args = "1"
553 help = "Help! I need somebody."
554 }
555 command = {
556 name = "exit"
557 name = "quit"
558 function = "exit_kadmin"
559 help = "Quits."
560 }