% Librarian I01-33p &@'5^ 6CREATE!DELETE%VEXIT%HELPLIST\MODIFY%QUIT SHOW41 LISTD The LIST commands are used to display general information about! Kerberos users or databases. 2 KEYTABC The LIST KEYTAB command is used to display general information6 about the default or specified key table entries. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)? Specifies the output destination of the textual listing.3 /FILE /FILE=[(key table file)]E Specifies t he key table file to use if the default keytab file is not desired. 3 Examples KerberosAdmin> List KeytabF Requests that all the entries in the default key table be listed.) KerberosAdmin> List Keytab "*/admin"C Requests all the entries in the default key table that containF "/admin" be displayed. Regular expression support has been addedF to the LIST KEYTAB command. Use quoted strings to preserve case,9 otherwise, DCL will uppercase all c ommand arguments. 2 POLICYC The LIST POLICY command is used to display general information1 about the policies in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples KerberosAdmin> List Policy: Requests that all policies in the database be listed. 2 PRINCIPALF The LIST PRINCIPAL command is used to display general information3 about the principals in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples" KerberosAdmin> List Principal= Requests that all the entries in the database be listed.- KerberosAdmin> List Principal "*/admin*"C Requests that all the administrator entries in the database be listed.ww41 SHOW E The SHOW commands are used  to display detailed information about# the Kerberos user or database. 2 POLICY  policy_nameH The SHOW POLICY command is used to display detail information about' a policy in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples* KerberosAdmin> Show Policy TestPolicy? Requests the detail information for the policy TestPolicy. 2 PRINCIPAL  principal_nameG The SHOW PRINCIPAL command is used to display detailed information0 about a principal in the Kerberos database. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples0 KerberosAdmin> Show Principal TestPrincipalG Requests the detailed information for the principal TestPrincipal. 2 PRIVILEGEE The SHOW PRIVILEGE command is used to display the current user's! enabled Kerberos privileges. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 Examples" KerberosAdmin> Show Privilege7 Requests the current user's privilege information.ww4 1 CREATEC The CREATE command is used to create the key table, policy, or principal data. 2 KEYTAB service_nameH The CREATE KEYTAB command is used to create a key table entry for a given service. 3 Qualifiers3 /FILE& /FILE=[(output key table file)]+ Specifies the output key table file. 3 /QUIET /QUIET= Specifies that the command should not echo any output. 3 Examples- KerberosAdmin> Create Keytab "HOST/node"E Requests that the HOST entry for "node" be entered in the keytab file. 2 POLICY policy_nameB The CREATE POLICY command is used to create a password policy entry. 3 Qualifiers 3 /LIFETIME /LIFETIME=(field [,...])? Specifies the password lifetimes for the created policy. 4 Fields MIN:delta-time F Specifies the minimum password lifetime for the created policy. MAX:delta-time F Specifies the maximum password lifetime for the created policy. 3 /LENGTH /LENGTH=(field [,...])< Specifies the password length for the created policy. 4 Fields MIN:n D Specifies the minimum password length for the created policy. 3 /CLASSES /CLASSES=(field [,...])= Specifies the password classes for the created policy. 4 Fields MIN:n E Specifies the minimum password classes for the created policy. 3 /HISTORY /HISTORY=(field [,...])= Specifies the password history for the created policy. 4 Fields MIN:n E Specifies the minimum password history for the created policy. 3 Examples, KerberosAdmin> Create Policy TestPolicy4 Requests the creation of the TestPolicy policy. 2 PRINCIPAL principal_nameF The CREATE PRINCIPAL command is used to create a principal entry. 3 Qualifiers 3 /PASSWORD /PASSWORD=password8 Specifies the password for the created principal. 3 /POLICY /POLICY[=policy] /[NO]POLICY (default)6 Specifies the policy for the created principal.3 /EXPIRATION /EXPIRATION=date-time: Specifies the expiration for the created principal.3 /PWD_EXPIRATION /PWD_EXPIRATION=date-timeE Specifies the expiration for the created principal's password.3 /TICKET_LIFETIME& /TICKET_LIFETIME=(field [,...])? Specifies the ticket lifetime for the created principal. 4 Fields MAX:delta-time G Specifies the maximum ticket lifetime for the created principal.3 /RENEWAL_LIFETIME' /RENEWAL_LIFETIME=(field [,...])G Specifies the ticket renewal lifetime for the created principal. 4 Fields MAX:delta-time D Specifies the maximum ticket renewal lifetime for the created principal.3 /KEY_VERSION /KEY_VERSION=numberC Specifies the key version number associated with the createdD principal. This value must be in the range of 0 through 255. 3 /RANDOM /RANDOME Specifies the random key generation for the created principal.3 /ATTRIBUTES' /ATTRIBUTES=([NO]attrname[,...])G Specifies the attributes associtated with the created principal.( Keyword DescriptionA DISALLOW_POSTDATED Disallows postdated tickets for this' principal.C DISALLOW_FORWARDABLE Disallows forwardable tickets for this' principal.D DISALLOW_TG T_BASED Disallows Ticket-Granting-Service based7 issuances for this server.A DISALLOW_RENEWABLE Disallows renewable tickets for this' principal.A DISALLOW_PROXIABLE Disallows proxiable tickets for this' principal.> DISALLOW_DUP_SKEY Disallows duplicate SKEY for this' principal.F DISALLOW_ALL_TIX Disallows all tickets for this principal. @ The client or server is locked out.D REQUIRES_PRE_AUTH Pre-Authentication is required for this' principal.H REQUIRES_HW_AUTH Hardware Pre-Authentication is required for, this principal.A REQUIRES_PWCHANGE Password change is required for this' principal.> DISALLOW_SVR Disallows service on this server.B PWCHANGE_SERVICE The server provides password changing% service.F SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by, this principal. 3 ExamplesH KerberosAdmin> Create Principal TestPrincipal /Password=NewPassword. Requests the creation of a new principal.ww[ 1 MODIFYH The MODIFY command is used to modify password, policy, or principal data. 2 PASSWORD principal_name@  The MODIFY PASSWORD command is used to modify a principal's password. 3 Qualifiers 3 /PASSWORD /PASSWORD=password: Specifies the password for the specified principal. 3 /RANDOM /RANDOMG Specifies the random key generation for the specified principal. 3 ExamplesE KerberosAdmin> Modify Password TestAccount /Password=NewPasswordF Requests that the TestAccount password be changed to NewPassword. 2 POLICY policy_nameB The MODIFY POLICY command is used to modify a password policy entry. 3 Qualifiers 3 /LIFETIME /LIFETIME=(field [,...])? Specifies the password lifetime for the modified policy. 4 Fields MAX:delta-time G Specifies the maximum password lifetime for the modified policy. MIN:delta-time G Specifies the minimum password lifetime for the modified policy. 3 /LENGTH /LENGTH=(field [,...])= Specifies the password length for the modified policy. 4 Fields MIN:n E Specifies the minimum password length for the modified policy. 3 /CLASSES /CLASSES=(field [,...])F Specifies the minimum password classes for the modified policy. 4 Fields MIN:n E Specifies the minimum password length for the modified policy. 3 /HISTORY /HISTORY=(field [,...])> Specifies the password history for the modified policy. 4 Fields MIN:n F Specifies the minimum password history for the modified policy. 3 ExamplesJ KerberosAdmin> Modify Policy TestPolicy /Max_Pwd_Lifetime=30-00:00:00H Requests that the maximum password lifetime of TestPolicy be set to 30 days. 2 PRINCIPAL principal_nameF The MODIFY PRINCIPAL command is used to modify a principal entry. 3 Qualifiers 3 /POLICY /POLICY[=policy] /[NO]POLICYG Specifies the policy for the modified principal. If the negatedE for of this qualifier is used then the modified principal will* have any associated policy removed.3 /EXPIRATION /EXPIRATION=date-time; Specifies the expiration for the modified principal.3 /PWD_EXPIRATION /PWD_EXPIRATION=date-timeF Specifies the expiration for the modified principal's password.3 /TICKET_LIFETIME& /TICKET_LIFETIME=(field [,...])@ Specifies the ticket lifetime for the modified principal. 4 Fields MAX:delta-time H Specifies the maximum ticket lifetime for the modified principal.3 /RENEWAL_LIFETIME' /RENEWAL_LIFETIME=(field [,...])H Specifies the ticket renewal lifetime for the modified principal. 4 Fields MAX:delta-time E Specifies the maximum ticket renewal lifetime for the modified principal.3 /KEY_VERSION /KEY_VERSION=numberD Specifies the key version number associated with the modifiedD principal. This value must be in the range of 0 through 255.3 /ATTRIBUTES' /ATTRIBUTES=([NO]attrname[,...])G Specifies the attributes associated with the modified principal.( Keyword DescriptionA DISALLOW_POSTDATED Disallows postdated tickets for this' principal.C DISALLOW_FORWARDABLE Disallows forwardable tickets for this' principal.D DISALLOW_TGT_BASED Disallows Ticket-Granting-Service based7 issuances for this server.A DISALLOW_RENEWABLE Disallows renewable tickets for this' principal.A DISALLOW_PROXIABLE Disallows proxiable tickets for this' principal.> DISALLOW_DUP_SKEY Disallows duplicate SKEY for this' principal.F DISALLOW_ALL_TIX ! Disallows all tickets for this principal.@ The client or server is locked out.D REQUIRES_PRE_AUTH Pre-Authentication is required for this' principal.H REQUIRES_HW_AUTH Hardware Pre-Authentication is required for, this principal.A REQUIRES_PWCHANGE Password change is required for this' principal.> DISALLOW_SVR Disallows service on "this server.B PWCHANGE_SERVICE The server provides password changing% service.F SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by, this principal. 3 Examples4 KerberosAdmin> Modify Principal TestPrincipal -4 _KerberosAdmin> /Attribute=DISALLOW_FORWARDABLEF Requests that the TestPrincipal be modified such that forwardable tickets are disallowed.ww 1 DELETE#? The DELETE command is used to delete key table, policy, or principal data. 2 KEYTAB service_nameC The DELETE KEYTAB command is used to delete a key table entry. 3 Qualifiers 3 /QUIET /QUIET /[NO]QUIET (default)0 Specifies whether the delete should echo.3 /FILE /FILE=[(keytab file)]: Specifies the keytab file from entries are deleted.3 /KEY_VERSION /KEY_VERSION=numberG Specifies t$he keytab entry for the specified service key versionD number be deleted. This qualifier is mutually exclusive withG /OLD or /ALL. This value must be in the range of 0 through 255.3 /OLD /OLDG Specifies that "old" keytab entries for the specified service beG deleted. This qualifier is mutually exclusive with /KEY_VERSION or /ALL.3 /ALL /ALLD Specifies that "all" keytab entries for the specified service= be %deleted. This qualifier is mutually exclusive with /KEY_VERSION or /OLD. 2 POLICY policy_name@ The DELETE POLICY command is used to delete a policy entry. 3 Qualifiers 3 /OUTPUT6 /OUTPUT=[(output file)] (default is SYS$OUTPUT)( Specifies the output file to use. 3 /CONFIRM /CONFIRM /[NO]CONFIRM (default)8 Specifies whether the delete should be confirmed. 2 PRINCIPAL principal_nameF The DELETE PRIN&CIPAL command is used to delete a principal entry. 3 Qualifiers 3 /CONFIRM /CONFIRM /[NO]CONFIRM (default)8 Specifies whether the delete should be confirmed.ww1 HELPF The HELP command is used to gather help regarding the interactive admin facility.ww1 EXITE The EXIT command is used to exit the interactive admin facility.ww1 QUIT? The QUIT command can be used to exit the interactive admin facility.ww