VMS Help  —  DCE  DCE_SECURITY, Admin Intro, rgy_edit, key_management_commands
 KEY MANAGEMENT SUBCOMMANDS

 The key management subcommands must be run in command-line mode.

1  –  ktadd 

 kta[dd] -p principal_name [-pw password] [-a[uto]] [-r[egistry]]
                           [-f key-file]

 Creates a password for a server or machine in the keytab file on
 the local node.

 The -p option specifies the name of the server or machine principal
 for which you are creating a password.

 The -pw option lets you supply the password on the command line. If
 you do not enter this option or the -auto option, ktadd prompts for
 the password.

 The -a option generates the password randomly.  If you use this
 option, you must also use the -r option.  If you do not specify
 the -auto or the -pw option, you are prompted for a password.

 The -r option updates the principal's password in the registry to
 match the string you enter (or automatically generate) for the
 password in the keytab file.  Use it to ensure that the principal's
 password in the registry and the keytab file are in synch when you
 change a principal's password in the keytab file.  To use this
 option, a password for the principal must exist in the default
 keytab file or the keytab file named by the -f option.

 The -f option specifies the name of the server keytab file on the
 local node to which you are adding the password. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.
 Note that you must be privileged to add entries in the default
 keytab file.

2  –  ktlist 

 ktl[ist] [-p principal_name] [-f keyfile]

 Displays principal names and password version numbers in the local
 keytab file.

 The -p option specifies the name of the server or machine principal
 for which you are displaying passwords.

 The -f option specifies the name of the server keytab file on the
 local node for which you want to display entries. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.

3  –  ktdelete 

 ktd[elete] -p principal_name -v version_number [-f keyfile]

 Deletes a sever or machine principal's password entry from a keytab
 file.

 The -p option specifies the name of the server or machine principal
 for whom you are deleting a password entry.

 The -v option specifies the version number of the password you want
 to delete.  Version numbers are assigned to a principal's password
 whenever the principal's password is changed.  This allows any
 servers or machines still using tickets granted under the old pass-
 word to run without interruption until the ticket expires naturally.

 The -f option specifies the name of the server keytab file on the
 local node from which you want to delete passwords. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.
 Note that you must be privileged to delete entries in the default
 keytab file.  You must have the appropriate access rights to
 delete entries in other keytab files.
Close Help