kdb5_util(1M)
NAME
kdb5_util - Kerberos Database maintenance utility
SYNOPSIS
/usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] [-k
mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] cmd
DESCRIPTION
kdb5_util enables you to create, dump, load, and destroy the
Kerberos V5 database. You can also use kdb5_util to create a
stash file containing the Kerberos database master key.
OPTIONS
The following options are supported:
-d dbname
Specify the database name. .db is appended to whatever
name is specified. You can specify an absolute path.
If you do not specify the -d option, the default data-
base name is /var/krb5/principal, which becomes
/var/krb5/principal.db.
-f stashfile_name
Specify the stash file name. You can specify an abso-
lute path.
-k mkeytype
Specify the master key type. Valid values are des-
cbc-crc, des-cbc-md5, and des-cbc-raw.
-m Enter the master key manually.
-M mkeyname
Specify the master key name.
-P password
Use the specified password instead of the stash file.
-r realm
Use realm as the default database realm.
OPERANDS
The following operands are supported:
cmd Specifies whether to create, destroy, dump, or load
the database, or to create a stash file.
You can specify the following commands:
create -s
Creates the database specified by the -d option.
You will be prompted for the database master
password. If you specify -s, a stash file is
created as specified by the -f option. If you
did not specify -f, the default stash file name
is /var/krb5/.k5.realm. If you use the -f, -k,
or -M options when you create a database, then
you must use the same options when modifying or
destroying the database.
destroy
Destroys the database specified by the -d
option.
stash Creates a stash file. If -f was not specified,
the default stash file name is
/var/krb5/.k5.realm. You will be prompted for
the master database password. This command is
useful when you want to generate the stash file
from the password.
dump [-verbose] [filename] [principals]
Dumps the Kerberos database to a flat file that
can be used for loading or propagating to a
slave KDC. See kprop(1M). Specify file name for
a location to dump the Kerberos database. If
filename is not specified, the principal data is
printed to standard error. Specify -verbose to
print out the principal names to standard error
in addition to being dumping into the file. Use
principals to specify the list of principals
that should be dumped.
load [-verbose] [-update] filename
Loads the database specified by dbname (see -d
option, above) with data from the file specified
by filename, which must be a file created by the
dump command. Use -update to specify that the
existing database should be updated; otherwise,
a new database is created. Specify -verbose to
print out the principal names to standard error,
in addition to being loaded.
EXAMPLES
Example 1: Creating File that Contains Information about Two
Principals
The following example creates a file named slavedata that
contains the information about two principals, jdb@ACME.COM
and pak@ACME.COM.
# /usr/krb5/bin/kdb5_util dump -verbose slavedata
jdb@ACME.COM pak@ACME.COM
FILES
/var/krb5/principal.db
Kerberos principal database.
/var/krb5/principal.kadm5
Kerberos administrative database. Contains policy
information.
/var/krb5/principal.kadm5.lock
Lock file for the Kerberos administrative database.
This file works backwards from most other lock files
(that is, kadmin exits with an error if this file does
not exist).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWkdcu |
|_____________________________|_____________________________|
SEE ALSO
kpasswd(1), gkadmin(1M), kadmin(1M), kadmind(1M),
kadmin.local(1M), kadm5.acl(4), kdc.conf(4), attributes(5),
SEAM(5)
Man(1) output converted with
man2html