getnewkeys - Download pending Kerberos key updates
getnewkeys [-q] [-k keytab] [-r realm] [-s server] [-P serverprinc] [-a] [-p principalname]
getnewkeys is used to download new Kerberos keys from rekeysrv(8), store them into the specified keytab, and send a "commit" message, informing the server that the new keys have been received and safely stored. When the last host in a rekey cycle commits the new keys, the server automatically adds them to the Kerberos database.
- -q
-
Avoid printing an error message when the server does not have any keys to send.
- -k keytab
-
Specifies the keytab into which downloaded keys should be stored, instead of the Kerberos default keytab.
- -r realm
-
Specifies the realm in which rekeying is done. This is currently used only to determine the default server name when -s is not given.
- -s server
-
Specifies the hostname of the rekey server. The default is to form a hostname by prepending "rekey." to the realm name specified via the -r option, or to the default realm if -r is not given.
- -P serverprinc
-
Specifies the Kerberos service principal name of the rekey server. If '
-
' is given, the rekey server's host principal is used. The default is @def_rekey_service@ - -a
-
Download all keys the server has for this host, instead of only those for principals already listed in the keytab.
- -p principalname
-
Download only keys for the specified principalname.
Because the server stores and compares principal names as strings, the principal name argument to -p usually must be in canonical form, including the realm. Failing to follow this rule will generally result in confusing errors.
rekeymgr(1), age_keytab(8), rekeysrv(8)
The rekey tools were written by Chaskiel Grundman.
Copyright (c) 2008-2021 Carnegie Mellon University.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The name "Carnegie Mellon University" must not be used to
endorse or promote products derived from this software without
prior written permission. For permission or any other legal
details, please contact
Office of Technology Transfer
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213-3890
(412) 268-4387, fax: (412) 268-7395
tech-transfer@andrew.cmu.edu
4. Redistributions of any form whatsoever must retain the following
acknowledgment:
"This product includes software developed by Computing Services
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.