%ģ Librarian A09-23”’ŒŚ`…¦–$ŽŚ`…¦&@'5^ 6CREATE!āDELETE%VEXIT%ŅHELPLIST\MODIFY%ÄQUIT ¾SHOW­ՁŚ`…¦1 LISTD The LIST commands are used to display general information about! Kerberos users or databases. 2 KEYTABC The LIST KEYTAB command is used to display general information6 about the default or specified key table entries. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)? Specifies the output destination of the textual listing.3 /FILE /FILE=[(key table file)]E Specifies t he key table file to use if the default keytab file is not desired. 3 Examples KerberosAdmin> List KeytabF Requests that all the entries in the default key table be listed.) KerberosAdmin> List Keytab "*/admin"C Requests all the entries in the default key table that containF "/admin" be displayed. Regular expression support has been addedF to the LIST KEYTAB command. Use quoted strings to preserve case,9 otherwise, DCL will uppercase all c ommand arguments. 2 POLICYC The LIST POLICY command is used to display general information1 about the policies in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples KerberosAdmin> List Policy: Requests that all policies in the database be listed. 2 PRINCIPALF The LIST PRINCIPAL command is used to display general information3 about the principals in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples" KerberosAdmin> List Principal= Requests that all the entries in the database be listed.- KerberosAdmin> List Principal "*/admin*"C Requests that all the administrator entries in the database be listed.ww­b¢Ś`…¦1 SHOW E The SHOW commands are used  to display detailed information about# the Kerberos user or database. 2 POLICY  policy_nameH The SHOW POLICY command is used to display detail information about' a policy in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples* KerberosAdmin> Show Policy TestPolicy? Requests the detail information for the policy TestPolicy. 2 PRINCIPAL  principal_nameG The SHOW PRINCIPAL command is used to display detailed information0 about a principal in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples0 KerberosAdmin> Show Principal TestPrincipalG Requests the detailed information for the principal TestPrincipal. 2 PRIVILEGEE The SHOW PRIVILEGE command is used to display the current user's! enabled Kerberos privileges. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples" KerberosAdmin> Show Privilege7 Requests the current user's privilege information.ww­ļĀŚ`…¦ 1 CREATEC The CREATE command is used to create the key table, policy, or principal data. 2 KEYTAB service_nameH The CREATE KEYTAB command is used to create a key table entry for a given service. 3 Qualifiers3 /FILE& /FILE=[(output key table file)]+ Specifies the output key table file. 3 /QUIET /QUIET= Specifies that the command should not echo any output. 3 Examples- KerberosAdmin> Create Keytab "HOST/node"E Requests that the HOST entry for "node" be entered in the keytab file. 2 POLICY policy_nameB The CREATE POLICY command is used to create a password policy entry. 3 Qualifiers 3 /LIFETIME /LIFETIME=(field [,...])? Specifies the password lifetimes for the created policy. 4 Fields MIN:delta-time F Specifies the minimum password lifetime for the created policy. MAX:delta-time F Specifies the maximum password lifetime for the created policy. 3 /LENGTH /LENGTH=(field [,...])< Specifies the password length for the created policy. 4 Fields MIN:n D Specifies the minimum password length for the created policy. 3 /CLASSES /CLASSES=(field [,...])= Specifies the password classes for the created policy. 4 Fields MIN:n E Specifies the minimum password classes for the created policy. 3 /HISTORY /HISTORY=(field [,...])= Specifies the password history for the created policy. 4 Fields MIN:n E Specifies the minimum password history for the created policy. 3 Examples, KerberosAdmin> Create Policy TestPolicy4 Requests the creation of the TestPolicy policy. 2 PRINCIPAL principal_nameF The CREATE PRINCIPAL command is used to create a principal entry. 3 Qualifiers 3 /PASSWORD /PASSWORD=password8 Specifies the password for the created principal. 3 /POLICY /POLICY[=policy] /[NO]POLICY (default)6 Specifies the policy for the created principal.3 /EXPIRATION /EXPIRATION=date-time: Specifies the expiration for the created principal.3 /PWD_EXPIRATION /PWD_EXPIRATION=date-timeE Specifies the expiration for the created principal's password.3 /TICKET_LIFETIME& /TICKET_LIFETIME=(field [,...])? Specifies the ticket lifetime for the created principal. 4 Fields MAX:delta-time G Specifies the maximum ticket lifetime for the created principal.3 /RENEWAL_LIFETIME' /RENEWAL_LIFETIME=(field [,...])G Specifies the ticket renewal lifetime for the created principal. 4 Fields MAX:delta-time D Specifies the maximum ticket renewal lifetime for the created principal.3 /KEY_VERSION /KEY_VERSION=numberC Specifies the key version number associated with the createdD principal. This value must be in the range of 0 through 255. 3 /RANDOM /RANDOME Specifies the random key generation for the created principal.3 /ATTRIBUTES' /ATTRIBUTES=([NO]attrname[,...])G Specifies the attributes associtated with the created principal.( Keyword DescriptionA DISALLOW_POSTDATED Disallows postdated tickets for this' principal.C DISALLOW_FORWARDABLE Disallows forwardable tickets for this' principal.D DISALLOW_TG T_BASED Disallows Ticket-Granting-Service based7 issuances for this server.A DISALLOW_RENEWABLE Disallows renewable tickets for this' principal.A DISALLOW_PROXIABLE Disallows proxiable tickets for this' principal.> DISALLOW_DUP_SKEY Disallows duplicate SKEY for this' principal.F DISALLOW_ALL_TIX Disallows all tickets for this principal. @ The client or server is locked out.D REQUIRES_PRE_AUTH Pre-Authentication is required for this' principal.H REQUIRES_HW_AUTH Hardware Pre-Authentication is required for, this principal.A REQUIRES_PWCHANGE Password change is required for this' principal.> DISALLOW_SVR Disallows service on this server.B PWCHANGE_SERVICE The server provides password changing% service.F SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by, this principal. 3 ExamplesH KerberosAdmin> Create Principal TestPrincipal /Password=NewPassword. Requests the creation of a new principal.ww­|捦`…¦ 1 MODIFYH The MODIFY command is used to modify password, policy, or principal data. 2 PASSWORD principal_name@  The MODIFY PASSWORD command is used to modify a principal's password. 3 Qualifiers 3 /PASSWORD /PASSWORD=password: Specifies the password for the specified principal. 3 /RANDOM /RANDOMG Specifies the random key generation for the specified principal. 3 ExamplesE KerberosAdmin> Modify Password TestAccount /Password=NewPasswordF Requests that the TestAccount password be changed to NewPassword. 2 POLICY policy_nameB The MODIFY POLICY command is used to modify a password policy entry. 3 Qualifiers 3 /LIFETIME /LIFETIME=(field [,...])? Specifies the password lifetime for the modified policy. 4 Fields MAX:delta-time G Specifies the maximum password lifetime for the modified policy. MIN:delta-time G Specifies the minimum password lifetime for the modified policy. 3 /LENGTH /LENGTH=(field [,...])= Specifies the password length for the modified policy. 4 Fields MIN:n E Specifies the minimum password length for the modified policy. 3 /CLASSES /CLASSES=(field [,...])F Specifies the minimum password classes for the modified policy. 4 Fields MIN:n E Specifies the minimum password length for the modified policy. 3 /HISTORY /HISTORY=(field [,...])> Specifies the password history for the modified policy. 4 Fields MIN:n F Specifies the minimum password history for the modified policy. 3 ExamplesJ KerberosAdmin> Modify Policy TestPolicy /Max_Pwd_Lifetime=30-00:00:00H Requests that the maximum password lifetime of TestPolicy be set to 30 days. 2 PRINCIPAL principal_nameF The MODIFY PRINCIPAL command is used to modify a principal entry. 3 Qualifiers 3 /POLICY /POLICY[=policy] /[NO]POLICYG Specifies the policy for the modified principal. If the negatedE for of this qualifier is used then the modified principal will* have any associated policy removed.3 /EXPIRATION /EXPIRATION=date-time; Specifies the expiration for the modified principal.3 /PWD_EXPIRATION /PWD_EXPIRATION=date-timeF Specifies the expiration for the modified principal's password.3 /TICKET_LIFETIME& /TICKET_LIFETIME=(field [,...])@ Specifies the ticket lifetime for the modified principal. 4 Fields MAX:delta-time H Specifies the maximum ticket lifetime for the modified principal.3 /RENEWAL_LIFETIME' /RENEWAL_LIFETIME=(field [,...])H Specifies the ticket renewal lifetime for the modified principal. 4 Fields MAX:delta-time E Specifies the maximum ticket renewal lifetime for the modified principal.3 /KEY_VERSION /KEY_VERSION=numberD Specifies the key version number associated with the modifiedD principal. This value must be in the range of 0 through 255.3 /ATTRIBUTES' /ATTRIBUTES=([NO]attrname[,...])G Specifies the attributes associated with the modified principal.( Keyword DescriptionA DISALLOW_POSTDATED Disallows postdated tickets for this' principal.C DISALLOW_FORWARDABLE Disallows forwardable tickets for this' principal.D DISALLOW_TGT_BASED Disallows Ticket-Granting-Service based7 issuances for this server.A DISALLOW_RENEWABLE Disallows renewable tickets for this' principal.A DISALLOW_PROXIABLE Disallows proxiable tickets for this' principal.> DISALLOW_DUP_SKEY Disallows duplicate SKEY for this' principal.F DISALLOW_ALL_TIX ! Disallows all tickets for this principal.@ The client or server is locked out.D REQUIRES_PRE_AUTH Pre-Authentication is required for this' principal.H REQUIRES_HW_AUTH Hardware Pre-Authentication is required for, this principal.A REQUIRES_PWCHANGE Password change is required for this' principal.> DISALLOW_SVR Disallows service on "this server.B PWCHANGE_SERVICE The server provides password changing% service.F SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by, this principal. 3 Examples4 KerberosAdmin> Modify Principal TestPrincipal -4 _KerberosAdmin> /Attribute=DISALLOW_FORWARDABLEF Requests that the TestPrincipal be modified such that forwardable tickets are disallowed.ww­–$ŽŚ`…¦ 1 DELETE#? The DELETE command is used to delete key table, policy, or principal data. 2 KEYTAB service_nameC The DELETE KEYTAB command is used to delete a key table entry. 3 Qualifiers 3 /QUIET /QUIET /[NO]QUIET (default)0 Specifies whether the delete should echo.3 /FILE /FILE=[(keytab file)]: Specifies the keytab file from entries are deleted.3 /KEY_VERSION /KEY_VERSION=numberG Specifies t$he keytab entry for the specified service key versionD number be deleted. This qualifier is mutually exclusive withG /OLD or /ALL. This value must be in the range of 0 through 255.3 /OLD /OLDG Specifies that "old" keytab entries for the specified service beG deleted. This qualifier is mutually exclusive with /KEY_VERSION or /ALL.3 /ALL /ALLD Specifies that "all" keytab entries for the specified service= be %deleted. This qualifier is mutually exclusive with /KEY_VERSION or /OLD. 2 POLICY policy_name@ The DELETE POLICY command is used to delete a policy entry. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 /CONFIRM /CONFIRM /[NO]CONFIRM (default)8 Specifies whether the delete should be confirmed. 2 PRINCIPAL principal_nameF The DELETE PRIN&CIPAL command is used to delete a principal entry. 3 Qualifiers 3 /CONFIRM /CONFIRM /[NO]CONFIRM (default)8 Specifies whether the delete should be confirmed.ww­–$ŽŚ`…¦1 HELPF The HELP command is used to gather help regarding the interactive admin facility.ww­–$ŽŚ`…¦1 EXITE The EXIT command is used to exit the interactive admin facility.ww­–$ŽŚ`…¦1 QUIT? The QUIT command can be used to exit the interactive admin facility.ww