| blob | 5760a52d841cbcff3619409982f3c30423fbd2f4 |
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Id$ */
35 command = {
36 name = "stash"
37 name = "kstash"
38 option = {
39 long = "enctype"
40 short = "e"
41 type = "string"
42 help = "encryption type"
43 default = "des3-cbc-sha1"
44 }
45 option = {
46 long = "key-file"
47 short = "k"
48 type = "string"
49 argument = "file"
50 help = "master key file"
51 }
52 option = {
53 long = "convert-file"
54 type = "flag"
55 help = "just convert keyfile to new format"
56 }
57 option = {
58 long = "master-key-fd"
59 type = "integer"
60 argument = "fd"
61 help = "filedescriptor to read passphrase from"
62 default = "-1"
63 }
64 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
65 }
66 command = {
67 name = "dump"
68 option = {
69 long = "decrypt"
70 short = "d"
71 type = "flag"
72 help = "decrypt keys"
73 }
74 argument = "[dump-file]"
75 min_args = "0"
76 max_args = "1"
77 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
78 }
80 command = {
81 name = "init"
82 option = {
83 long = "realm-max-ticket-life"
84 type = "string"
85 help = "realm max ticket lifetime"
86 }
87 option = {
88 long = "realm-max-renewable-life"
89 type = "string"
90 help = "realm max renewable lifetime"
91 }
92 argument = "realm..."
93 min_args = "1"
94 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
95 }
96 command = {
97 name = "load"
98 argument = "file"
99 min_args = "1"
100 max_args = "1"
101 help = "Loads a previously dumped file. Local (-l) mode only."
102 }
103 command = {
104 name = "merge"
105 argument = "file"
106 min_args = "1"
107 max_args = "1"
108 help = "Merges the contents of a dump file into the database. Local (-l) mode only."
109 }
110 command = {
111 name = "add"
112 name = "ank"
113 name = "add_new_key"
114 function = "add_new_key"
115 option = {
116 long = "random-key"
117 short = "r"
118 type = "flag"
119 help = "set random key"
120 }
121 option = {
122 long = "random-password"
123 type = "flag"
124 help = "set random password"
125 }
126 option = {
127 long = "password"
128 short = "p"
129 type = "string"
130 help = "principal's password"
131 }
132 option = {
133 long = "key"
134 type = "string"
135 help = "DES-key in hex"
136 }
137 option = {
138 long = "max-ticket-life"
139 type = "string"
140 argument ="lifetime"
141 help = "max ticket lifetime"
142 }
143 option = {
144 long = "max-renewable-life"
145 type = "string"
146 argument = "lifetime"
147 help = "max renewable life"
148 }
149 option = {
150 long = "attributes"
151 type = "string"
152 argument = "attributes"
153 help = "principal attributes"
154 }
155 option = {
156 long = "expiration-time"
157 type = "string"
158 argument = "time"
159 help = "principal expiration time"
160 }
161 option = {
162 long = "pw-expiration-time"
163 type = "string"
164 argument = "time"
165 help = "password expiration time"
166 }
167 option = {
168 long = "use-defaults"
169 type = "flag"
170 help = "use default values"
171 }
172 argument = "principal..."
173 min_args = "1"
174 help = "Adds a principal to the database."
175 }
176 command = {
177 name = "passwd"
178 name = "cpw"
179 name = "change_password"
180 function = "cpw_entry"
181 option = {
182 long = "random-key"
183 short = "r"
184 type = "flag"
185 help = "set random key"
186 }
187 option = {
188 long = "random-password"
189 type = "flag"
190 help = "set random password"
191 }
192 option = {
193 long = "password"
194 short = "p"
195 type = "string"
196 help = "princial's password"
197 }
198 option = {
199 long = "key"
200 type = "string"
201 help = "DES key in hex"
202 }
203 argument = "principal..."
204 min_args = "1"
205 help = "Changes the password of one or more principals matching the expressions."
206 }
207 command = {
208 name = "delete"
209 name = "del"
210 name = "del_entry"
211 function = "del_entry"
212 argument = "principal..."
213 min_args = "1"
214 help = "Deletes all principals matching the expressions."
215 }
216 command = {
217 name = "del_enctype"
218 argument = "principal enctype..."
219 min_args = "2"
220 help = "Delete all the mentioned enctypes for principal."
221 }
222 command = {
223 name = "add_enctype"
224 option = {
225 long = "random-key"
226 short = "r"
227 type = "flag"
228 help = "set random key"
229 }
230 argument = "principal enctype..."
231 min_args = "2"
232 help = "Add new enctypes for principal."
233 }
234 command = {
235 name = "ext_keytab"
236 option = {
237 long = "keytab"
238 short = "k"
239 type = "string"
240 help = "keytab to use"
241 }
242 argument = "principal..."
243 min_args = "1"
244 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
245 }
246 command = {
247 name = "get"
248 name = "get_entry"
249 function = "get_entry"
250 /* XXX sync options with "list" */
251 option = {
252 long = "long"
253 short = "l"
254 type = "flag"
255 help = "long format"
256 default = "-1"
257 }
258 option = {
259 long = "short"
260 short = "s"
261 type = "flag"
262 help = "short format"
263 }
264 option = {
265 long = "terse"
266 short = "t"
267 type = "flag"
268 help = "terse format"
269 }
270 option = {
271 long = "column-info"
272 short = "o"
273 type = "string"
274 help = "columns to print for short output"
275 }
276 argument = "principal..."
277 min_args = "1"
278 help = "Shows information about principals matching the expressions."
279 }
280 command = {
281 name = "rename"
282 function = "rename_entry"
283 argument = "from to"
284 min_args = "2"
285 max_args = "2"
286 help = "Renames a principal."
287 }
288 command = {
289 name = "modify"
290 function = "mod_entry"
291 option = {
292 long = "max-ticket-life"
293 type = "string"
294 argument ="lifetime"
295 help = "max ticket lifetime"
296 }
297 option = {
298 long = "max-renewable-life"
299 type = "string"
300 argument = "lifetime"
301 help = "max renewable life"
302 }
303 option = {
304 long = "attributes"
305 short = "a"
306 type = "string"
307 argument = "attributes"
308 help = "principal attributes"
309 }
310 option = {
311 long = "expiration-time"
312 type = "string"
313 argument = "time"
314 help = "principal expiration time"
315 }
316 option = {
317 long = "pw-expiration-time"
318 type = "string"
319 argument = "time"
320 help = "password expiration time"
321 }
322 option = {
323 long = "kvno"
324 type = "integer"
325 help = "key version number"
326 default = "-1"
327 }
328 option = {
329 long = "constrained-delegation"
330 type = "strings"
331 argument = "principal"
332 help = "allowed target principals"
333 }
334 option = {
335 long = "alias"
336 type = "strings"
337 argument = "principal"
338 help = "aliases"
339 }
340 option = {
341 long = "pkinit-acl"
342 type = "strings"
343 argument = "subject dn"
344 help = "aliases"
345 }
346 argument = "principal"
347 min_args = "1"
348 max_args = "1"
349 help = "Modifies some attributes of the specified principal."
350 }
351 command = {
352 name = "privileges"
353 name = "privs"
354 function = "get_privs"
355 help = "Shows which operations you are allowed to perform."
356 }
357 command = {
358 name = "list"
359 function = "list_princs"
360 /* XXX sync options with "get" */
361 option = {
362 long = "long"
363 short = "l"
364 type = "flag"
365 help = "long format"
366 }
367 option = {
368 long = "short"
369 short = "s"
370 type = "flag"
371 help = "short format"
372 }
373 option = {
374 long = "terse"
375 short = "t"
376 type = "flag"
377 help = "terse format"
378 default = "-1"
379 }
380 option = {
381 long = "column-info"
382 short = "o"
383 type = "string"
384 help = "columns to print for short output"
385 }
386 argument = "principal..."
387 min_args = "1"
388 help = "Lists principals in a terse format. Equivalent to \"get -t\"."
389 }
390 command = {
391 name = "verify-password-quality"
392 name = "pwq"
393 function = "password_quality"
394 argument = "principal password"
395 min_args = "2"
396 max_args = "2"
397 help = "Try run the password quality function locally (not doing RPC out to server)."
398 }
399 command = {
400 name = "check"
401 function = "check"
402 argument = "[realm]"
403 min_args = "0"
404 max_args = "1"
405 help = "Check the realm (if not given, the default realm) for configuration errors."
406 }
407 command = {
408 name = "help"
409 name = "?"
410 argument = "[command]"
411 min_args = "0"
412 max_args = "1"
413 help = "Help! I need somebody."
414 }
415 command = {
416 name = "exit"
417 name = "quit"
418 function = "exit_kadmin"
419 help = "Quits."
420 }