shisa(1) [debian man page]
SHISA(1) User Commands SHISA(1) NAME
shisa - Shishi database interface SYNOPSIS
shisa [OPTIONS]... [REALM [PRINCIPAL]]... DESCRIPTION
shisa 1.0.1 Manipulate information stored in the Shisa user database. -h, --help Print help and exit -V, --version Print version and exit Operations: -a, --add Add realm or principal to database. -d, --dump Dump entries in database. -n, --key-add Add new key to a principal in database. --key-remove Remove a key from a principal in database. -l, --list List entries in database. -m, --modify Modify principal entry in database. -r, --remove Remove realm or principal from database. Parameters: -f, --force Allow removal of non-empty realms. (default=off) --enabled Only dump or list enabled principals. (default=off) --disabled Only dump or list disabled principals. (default=off) --keys Print cryptographic key and password in hostkey format. (default=off) Values: -E, --encryption-type=STRING Override default key encryption type. Valid values include 'aes128', 'aes256', 'aes' (same as 'aes256'), '3des', 'des-md5', 'des-md4', 'des-crc', 'des' (same as 'des-md5'), and 'arcfour'. --key-version=NUMBER Version of key. --password[=STRING] Derive key from this password. --priority=NUMBER Specify key priority, used to differentiate between keys when multiple keys are eligible for use. Higher value means higher prior- ity. (default is 0, which mean a random key of the best etype is chosen) --random Use a random key. (default) --salt=STRING Use specified salt for deriving key. Defaults to concatenation of realm and (unwrapped) principal name. --string-to-key-parameter=HEX Encryption algorithm specific parameter for password derivation. Currently only the AES algorithm can utilize this, where it is interpreted as the iteration count of the PKCS#5 PBKDF2 key deriver. Other options: -c, --configuration-file=FILE Use specified configuration file. -o, --library-options=STRING Parse string as configuration file statement. -v, --verbose Produce verbose output. (default=off) -q, --quiet Don't produce any diagnostic output. (default=off) Mandatory arguments to long options are mandatory for short options too. AUTHOR
Written by Simon Josefsson. REPORTING BUGS
Report bugs to: bug-shishi@gnu.org GNU Shishi home page: <http://www.gnu.org/software/shishi/> General help using GNU software: <http://www.gnu.org/gethelp/> COPYRIGHT
Copyright (C) 2012 Simon Josefsson. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. SEE ALSO
The full documentation for shisa is maintained as a Texinfo manual. If the info and shisa programs are properly installed at your site, the command info shishi should give you access to the complete manual. shisa 1.0.1 March 2012 SHISA(1)
Check Out this Related Man Page
kdb5_util(1M) kdb5_util(1M) NAME
kdb5_util - Kerberos Database maintenance utility SYNOPSIS
/usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] cmd The kdb5_util utility enables you to create, dump, load, and destroy the Kerberos V5 database. You can also use kdb5_util to create a stash file containing the Kerberos database master key. The following options are supported: -d dbname Specify the database name. .db is appended to whatever name is specified. You can specify an absolute path. If you do not specify the -d option, the default database name is /var/krb5/principal. -f stashfile_name Specify the stash file name. You can specify an absolute path. -k mkeytype Specify the master key type. Valid values are des3-cbc-sha1, des-cbc-crc, des-cbc-md5, des-cbc-raw, arcfour-hmac-md5, arcfour-hmac- md5-exp, aes128-cts-hmac-sha1-96, and aes256-cts-hmac-sha1-96. -m Enter the master key manually. -M mkeyname Specify the master key name. -P password Use the specified password instead of the stash file. -r realm Use realm as the default database realm. The following operands are supported: cmd Specifies whether to create, destroy, dump, or load the database, or to create a stash file. You can specify the following commands: create -s Creates the database specified by the -d option. You will be prompted for the database master password. If you specify -s, a stash file is created as specified by the -f option. If you did not specify -f, the default stash file name is /var/krb5/.k5.realm. If you use the -f, -k, or -M options when you create a database, then you must use the same options when modifying or destroying the database. destroy Destroys the database specified by the -d option. stash Creates a stash file. If -f was not specified, the default stash file name is /var/krb5/.k5.realm. You will be prompted for the master database password. This command is useful when you want to generate the stash file from the password. dump [-verbose] [filename] [principals] Dumps the Kerberos database to a flat file that can be used for loading or propagating to a slave KDC. See kprop(1M). Specify file name for a location to dump the Kerberos database. If filename is not specified, the principal data is printed to stan- dard error. Specify -verbose to print out the principal names to standard error in addition to being dumping into the file. Use principals to specify the list of principals that should be dumped. load [-verbose] [-update] filename Loads the database specified by dbname (see -d option, above) with data from the file specified by filename, which must be a file created by the dump command. Use -update to specify that the existing database should be updated; otherwise, a new data- base is created. Specify -verbose to print out the principal names to standard error, in addition to being loaded. Example 1: Creating File that Contains Information about Two Principals The following example creates a file named slavedata that contains the information about two principals, jdb@ACME.COM and pak@ACME.COM. # /usr/krb5/bin/kdb5_util dump -verbose slavedata jdb@ACME.COM pak@ACME.COM /var/krb5/principal Kerberos principal database. /var/krb5/principal.kadm5 Kerberos administrative database. Contains policy information. /var/krb5/principal.kadm5.lock Lock file for the Kerberos administrative database. This file works backwards from most other lock files (that is, kadmin exits with an error if this file does not exist). /var/krb5/principal.ulog The update log file for incremental propagation. See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkdcu | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ kpasswd(1), gkadmin(1M), kadmin(1M), kadmind(1M), kadmin.local(1M), kproplog(1M), kadm5.acl(4), kdc.conf(4), attributes(5), SEAM(5) 30 Mar 2005 kdb5_util(1M)