| blob | 4d3d09cba40c71c52fe3e2619a9f7954e533548a |
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33 /* $Heimdal: kadmin-commands.in 21969 2007-10-18 18:51:11Z lha $
34 $NetBSD$ */
36 command = {
37 name = "stash"
38 name = "kstash"
39 option = {
40 long = "enctype"
41 short = "e"
42 type = "string"
43 help = "encryption type"
44 default = "des3-cbc-sha1"
45 }
46 option = {
47 long = "key-file"
48 short = "k"
49 type = "string"
50 argument = "file"
51 help = "master key file"
52 }
53 option = {
54 long = "convert-file"
55 type = "flag"
56 help = "just convert keyfile to new format"
57 }
58 option = {
59 long = "master-key-fd"
60 type = "integer"
61 argument = "fd"
62 help = "filedescriptor to read passphrase from"
63 default = "-1"
64 }
65 help = "Writes the Kerberos master key to a file used by the KDC. \nLocal (-l) mode only."
66 }
67 command = {
68 name = "dump"
69 option = {
70 long = "decrypt"
71 short = "d"
72 type = "flag"
73 help = "decrypt keys"
74 }
75 argument = "[dump-file]"
76 min_args = "0"
77 max_args = "1"
78 help = "Dumps the database in a human readable format to the specified file, \nor the standard out. Local (-l) mode only."
79 }
81 command = {
82 name = "init"
83 option = {
84 long = "realm-max-ticket-life"
85 type = "string"
86 help = "realm max ticket lifetime"
87 }
88 option = {
89 long = "realm-max-renewable-life"
90 type = "string"
91 help = "realm max renewable lifetime"
92 }
93 argument = "realm..."
94 min_args = "1"
95 help = "Initializes the default principals for a realm. Creates the database\nif necessary. Local (-l) mode only."
96 }
97 command = {
98 name = "load"
99 argument = "file"
100 min_args = "1"
101 max_args = "1"
102 help = "Loads a previously dumped file. Local (-l) mode only."
103 }
104 command = {
105 name = "merge"
106 argument = "file"
107 min_args = "1"
108 max_args = "1"
109 help = "Merges the contents of a dump file into the database. Local (-l) mode only."
110 }
111 command = {
112 name = "add"
113 name = "ank"
114 name = "add_new_key"
115 function = "add_new_key"
116 option = {
117 long = "random-key"
118 short = "r"
119 type = "flag"
120 help = "set random key"
121 }
122 option = {
123 long = "random-password"
124 type = "flag"
125 help = "set random password"
126 }
127 option = {
128 long = "password"
129 short = "p"
130 type = "string"
131 help = "principal's password"
132 }
133 option = {
134 long = "key"
135 type = "string"
136 help = "DES-key in hex"
137 }
138 option = {
139 long = "max-ticket-life"
140 type = "string"
141 argument ="lifetime"
142 help = "max ticket lifetime"
143 }
144 option = {
145 long = "max-renewable-life"
146 type = "string"
147 argument = "lifetime"
148 help = "max renewable life"
149 }
150 option = {
151 long = "attributes"
152 type = "string"
153 argument = "attributes"
154 help = "principal attributes"
155 }
156 option = {
157 long = "expiration-time"
158 type = "string"
159 argument = "time"
160 help = "principal expiration time"
161 }
162 option = {
163 long = "pw-expiration-time"
164 type = "string"
165 argument = "time"
166 help = "password expiration time"
167 }
168 option = {
169 long = "use-defaults"
170 type = "flag"
171 help = "use default values"
172 }
173 argument = "principal..."
174 min_args = "1"
175 help = "Adds a principal to the database."
176 }
177 command = {
178 name = "passwd"
179 name = "cpw"
180 name = "change_password"
181 function = "cpw_entry"
182 option = {
183 long = "random-key"
184 short = "r"
185 type = "flag"
186 help = "set random key"
187 }
188 option = {
189 long = "random-password"
190 type = "flag"
191 help = "set random password"
192 }
193 option = {
194 long = "password"
195 short = "p"
196 type = "string"
197 help = "princial's password"
198 }
199 option = {
200 long = "key"
201 type = "string"
202 help = "DES key in hex"
203 }
204 argument = "principal..."
205 min_args = "1"
206 help = "Changes the password of one or more principals matching the expressions."
207 }
208 command = {
209 name = "delete"
210 name = "del"
211 name = "del_entry"
212 function = "del_entry"
213 argument = "principal..."
214 min_args = "1"
215 help = "Deletes all principals matching the expressions."
216 }
217 command = {
218 name = "del_enctype"
219 argument = "principal enctype..."
220 min_args = "2"
221 help = "Delete all the mentioned enctypes for principal."
222 }
223 command = {
224 name = "add_enctype"
225 option = {
226 long = "random-key"
227 short = "r"
228 type = "flag"
229 help = "set random key"
230 }
231 argument = "principal enctype..."
232 min_args = "2"
233 help = "Add new enctypes for principal."
234 }
235 command = {
236 name = "ext_keytab"
237 option = {
238 long = "keytab"
239 short = "k"
240 type = "string"
241 help = "keytab to use"
242 }
243 argument = "principal..."
244 min_args = "1"
245 help = "Extracts the keys of all principals matching the expressions, and stores them in a keytab."
246 }
247 command = {
248 name = "get"
249 name = "get_entry"
250 function = "get_entry"
251 /* XXX sync options with "list" */
252 option = {
253 long = "long"
254 short = "l"
255 type = "flag"
256 help = "long format"
257 default = "-1"
258 }
259 option = {
260 long = "short"
261 short = "s"
262 type = "flag"
263 help = "short format"
264 }
265 option = {
266 long = "terse"
267 short = "t"
268 type = "flag"
269 help = "terse format"
270 }
271 option = {
272 long = "column-info"
273 short = "o"
274 type = "string"
275 help = "columns to print for short output"
276 }
277 argument = "principal..."
278 min_args = "1"
279 help = "Shows information about principals matching the expressions."
280 }
281 command = {
282 name = "rename"
283 function = "rename_entry"
284 argument = "from to"
285 min_args = "2"
286 max_args = "2"
287 help = "Renames a principal."
288 }
289 command = {
290 name = "modify"
291 function = "mod_entry"
292 option = {
293 long = "max-ticket-life"
294 type = "string"
295 argument ="lifetime"
296 help = "max ticket lifetime"
297 }
298 option = {
299 long = "max-renewable-life"
300 type = "string"
301 argument = "lifetime"
302 help = "max renewable life"
303 }
304 option = {
305 long = "attributes"
306 short = "a"
307 type = "string"
308 argument = "attributes"
309 help = "principal attributes"
310 }
311 option = {
312 long = "expiration-time"
313 type = "string"
314 argument = "time"
315 help = "principal expiration time"
316 }
317 option = {
318 long = "pw-expiration-time"
319 type = "string"
320 argument = "time"
321 help = "password expiration time"
322 }
323 option = {
324 long = "kvno"
325 type = "integer"
326 help = "key version number"
327 default = "-1"
328 }
329 option = {
330 long = "constrained-delegation"
331 type = "strings"
332 argument = "principal"
333 help = "allowed target principals"
334 }
335 option = {
336 long = "alias"
337 type = "strings"
338 argument = "principal"
339 help = "aliases"
340 }
341 option = {
342 long = "pkinit-acl"
343 type = "strings"
344 argument = "subject dn"
345 help = "aliases"
346 }
347 argument = "principal"
348 min_args = "1"
349 max_args = "1"
350 help = "Modifies some attributes of the specified principal."
351 }
352 command = {
353 name = "privileges"
354 name = "privs"
355 function = "get_privs"
356 help = "Shows which operations you are allowed to perform."
357 }
358 command = {
359 name = "list"
360 function = "list_princs"
361 /* XXX sync options with "get" */
362 option = {
363 long = "long"
364 short = "l"
365 type = "flag"
366 help = "long format"
367 }
368 option = {
369 long = "short"
370 short = "s"
371 type = "flag"
372 help = "short format"
373 }
374 option = {
375 long = "terse"
376 short = "t"
377 type = "flag"
378 help = "terse format"
379 default = "-1"
380 }
381 option = {
382 long = "column-info"
383 short = "o"
384 type = "string"
385 help = "columns to print for short output"
386 }
387 argument = "principal..."
388 min_args = "1"
389 help = "Lists principals in a terse format. Equivalent to \"get -t\"."
390 }
391 command = {
392 name = "verify-password-quality"
393 name = "pwq"
394 function = "password_quality"
395 argument = "principal password"
396 min_args = "2"
397 max_args = "2"
398 help = "Try run the password quality function locally (not doing RPC out to server)."
399 }
400 command = {
401 name = "check"
402 function = "check"
403 argument = "[realm]"
404 min_args = "0"
405 max_args = "1"
406 help = "Check the realm (if not given, the default realm) for configuration errors."
407 }
408 command = {
409 name = "help"
410 name = "?"
411 argument = "[command]"
412 min_args = "0"
413 max_args = "1"
414 help = "Help! I need somebody."
415 }
416 command = {
417 name = "exit"
418 name = "quit"
419 function = "exit_kadmin"
420 help = "Quits."
421 }