diff options
author | Tom Yu <tlyu@mit.edu> | 2009-04-15 21:00:28 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2009-04-15 21:00:28 +0000 |
commit | f520d4d9bb7f859a6fc4c2b356d878d4e1802281 (patch) | |
tree | 076380ef2f7c7688e4e23090a93513eb3b3fce06 | |
parent | 1915f27b7d730fe540ac5d2ed8c4b00b20d217fc (diff) | |
download | krb5-f520d4d9bb7f859a6fc4c2b356d878d4e1802281.zip krb5-f520d4d9bb7f859a6fc4c2b356d878d4e1802281.tar.gz krb5-f520d4d9bb7f859a6fc4c2b356d878d4e1802281.tar.bz2 |
pull up r22208 from trunk
------------------------------------------------------------------------
r22208 | wfiveash | 2009-04-13 18:15:05 -0400 (Mon, 13 Apr 2009) | 11 lines
Changed paths:
M /trunk/src/kadmin/dbutil/kdb5_util.M
Ticket: 6459
Subject: Update kdb5_util man page with missing purge_mkeys command
Version_Reported: 1.7
Target_Version: 1.7
Tags: pullup
While previously updating the kdb5_util command man page to include
documentation on new subcommands added as a result of the Master Key
Migration project I missed the purge_mkeys command. I've added that
with this commit.
ticket: 6459
version_fixed: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22260 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/kadmin/dbutil/kdb5_util.M | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M index 1883ce2..f566781 100644 --- a/src/kadmin/dbutil/kdb5_util.M +++ b/src/kadmin/dbutil/kdb5_util.M @@ -236,6 +236,18 @@ argument is that specified in the Time Formats section of the kadmin man page. \fBlist_mkeys\fP List all master keys from most recent to earliest in K/M principal. The output will show the KVNO, enctype and salt for each mkey similar to kadmin getprinc output. A * following an mkey denotes the currently active master key. .TP +\fBpurge_mkeys\fP [\fB-f\fP] [\fB-n\fP] [\fB-v\fP] +Delete master keys from the K/M principal that are not used to protect any principals. This command can be used to remove old master keys from a K/M principal once all principal keys are protected by a newer master key. +.TP +.B \-f +does not prompt user. +.TP +.B \-n +do a dry run, shows master keys that would be purged, does not actually purge any keys. +.TP +.B \-v +verbose output. +.TP \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP] Update all principal records (or only those matching the .B princ\-pattern |