Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
411412413414415416417418419420
OSF DCE Administration Guide—Core Components
31.6.2.2 Adding Entries to a Keytab File
Use the keytab add command to add entries to an existing keytab file. When you use
this command, you must supply the name of the keytab file’s dced object and any of the
options described in Table 31-2.
The following command adds a key to the keytab file named kfile_3 for the server
principal svr_3. The key is generated automatically, and the registry is updated to be
synchronized with the keytab file.
dcecp> keytab add /.:/hosts/foo/config/keytab/kfile_3 \
-member svr_3 -random -registry
You can remove entires from a keytab file by using the dcecp keytab remove command.
When you use this command, you must supply the name of the keytab file’s dced object.
When you use the keytab remove command, you must supply the name of the keytab
file and the name of the principal (or a list of principals) for which to delete keys.
You can also supply the -version option to specify the version number of the key or keys
to be deleted and the -type option to specify the type of keys to be deleted (plain for
plain text keys or des for DES encrypted keys). If you use the -version or -type options,
only keys of the specified version or type will be deleted.
The following command removes all DES keys for the principal svr_2 in the keytab file
/.:/hosts/foo/config/keytab/kfile_3:
dcecp> keytab remove /.:/hosts/foo/config/keytab/kfile_3 \
-members svr_2 -type des
You can remove local and keytab files and their associated dced objects by using the
dcecp keytab delete command.
To delete the local keytab file and the dced object, supply the local filename to the
command. You can delete multiple keytab files with one command by enclosing the
names in braces and separating them with spaces. For example, the following deletes the
keytab files and the dced objects /.:/hosts/foo/config/keytab/kfile_2 and
/.:/hosts/foo/config/keytab/kfile_3.
dcecp> keytab delete {/.:/hosts/foo/config/keytab/kfile_2 \
/.:/hosts/foo/config/keytab/kfile_3 }
To delete only the dced object, use the -entry option.
For example, the following command removes the dced object named
/.:/hosts/foo/config/keytab/kfile_3, but leaves the local file /opt/dcelocal/keys/kfile_3
untouched.
dcecp> keytab delete -entry /.:/hosts/foo/config/keytab/kfile_3
31 18 Tandem Computers Incorporated 124243