Skip to content

Latest commit

 

History

History
115 lines (79 loc) · 3.63 KB

getnewkeys.pod

File metadata and controls

115 lines (79 loc) · 3.63 KB

NAME

getnewkeys - Download pending Kerberos key updates

SYNOPSIS

getnewkeys [-q] [-k keytab] [-r realm] [-s server] [-P serverprinc] [-a] [-p principalname]

DESCRIPTION

getnewkeys is used to download new Kerberos keys from rekeysrv(8), store them into the specified keytab, and send a "commit" message, informing the server that the new keys have been received and safely stored. When the last host in a rekey cycle commits the new keys, the server automatically adds them to the Kerberos database.

OPTIONS

-q

Avoid printing an error message when the server does not have any keys to send.

-k keytab

Specifies the keytab into which downloaded keys should be stored, instead of the Kerberos default keytab.

-r realm

Specifies the realm in which rekeying is done. This is currently used only to determine the default server name when -s is not given.

-s server

Specifies the hostname of the rekey server. The default is to form a hostname by prepending "rekey." to the realm name specified via the -r option, or to the default realm if -r is not given.

-P serverprinc

Specifies the Kerberos service principal name of the rekey server. If '-' is given, the rekey server's host principal is used. The default is @def_rekey_service@

-a

Download all keys the server has for this host, instead of only those for principals already listed in the keytab.

-p principalname

Download only keys for the specified principalname.

CAVEATS

Because the server stores and compares principal names as strings, the principal name argument to -p usually must be in canonical form, including the realm. Failing to follow this rule will generally result in confusing errors.

SEE ALSO

rekeymgr(1), age_keytab(8), rekeysrv(8)

AUTHOR

The rekey tools were written by Chaskiel Grundman.

COPYRIGHT

Copyright (c) 2008-2021 Carnegie Mellon University.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer. 

2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in
   the documentation and/or other materials provided with the
   distribution.

3. The name "Carnegie Mellon University" must not be used to
   endorse or promote products derived from this software without
   prior written permission. For permission or any other legal
   details, please contact  
     Office of Technology Transfer
     Carnegie Mellon University
     5000 Forbes Avenue
     Pittsburgh, PA  15213-3890
     (412) 268-4387, fax: (412) 268-7395
     tech-transfer@andrew.cmu.edu

4. Redistributions of any form whatsoever must retain the following
   acknowledgment:
   "This product includes software developed by Computing Services
    at Carnegie Mellon University (http://www.cmu.edu/computing/)."

CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.