svn rev #22234: branches/krb5-1-7/src/kadmin/dbutil/

tlyu@MIT.EDU tlyu at MIT.EDU
Wed Apr 15 16:06:41 EDT 2009 

http://src.mit.edu/fisheye/changelog/krb5/?cs=22234
Commit By: tlyu
Log Message:
ticket: 6432
version_fixed: 1.7

pull up r22114 from trunk

 ------------------------------------------------------------------------
 r22114 | wfiveash | 2009-03-25 17:12:58 -0400 (Wed, 25 Mar 2009) | 9 lines
 Changed paths:
    M /trunk/src/kadmin/dbutil/kdb5_util.M

 Ticket: 6432
 Subject: Update kdb5_util man page for mkey migration project
 Version_Reported: 1.7
 Target_Version: 1.7
 Tags: pullup

 Updated the kdb5_util command man page to include documentation on new
 subcommands added as a result of the Master Key Migration project.


Changed Files:
U   branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M
Modified: branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M
===================================================================
--- branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M	2009-04-15 20:06:38 UTC (rev 22233)
+++ branches/krb5-1-7/src/kadmin/dbutil/kdb5_util.M	2009-04-15 20:06:41 UTC (rev 22234)
@@ -216,20 +216,31 @@
 \fBark\fP
 Adds a random key.
 .TP
-\fBadd_mkey\fP ...
-This option needs documentation.
+\fBadd_mkey\fP [\fB\-e etype\fP] [\fB\-s\fP] 
+Adds a new master key to the K/M (master key) principal.  Existing master keys will remain.
+The
+.B \-e etype
+option allows specification of the enctype of the new master key.  The
+.B \-s
+option stashes the new master key in a local stash file which will be created if it doesn't already exist.
 .TP
-\fBuse_mkey\fP ...
-This option needs documentation.
+\fBuse_mkey\fP \fImkeyVNO [\fBtime\fP]
+Sets the activation time of the master key specified by 
+.B mkeyVNO.
+Once a master key is active (i.e. its activation time has been reached) it will then be used to encrypt principal keys either when the principal keys change, are newly created or when the update_princ_encryption command is run.  If the
+.B time 
+argument is provided then that will be the activation time otherwise the current time is used by default.  The format of the optional
+.B time 
+argument is that specified in the Time Formats section of the kadmin man page.
 .TP
 \fBlist_mkeys\fP
-This option needs documentation.
+List all master keys from most recent to earliest in K/M principal. The output will show the KVNO, enctype and salt for each mkey similar to kadmin getprinc output.  A * following an mkey denotes the currently active master key. 
 .TP
 \fBupdate_princ_encryption\fP [\fB\-f\fP] [\fB\-n\fP] [\fB\-v\fP] [\fBprinc\-pattern\fP]
 Update all principal records (or only those matching the
 .B princ\-pattern
-glob pattern) to re-encrypt the key data using the latest version of
-the database master key, if they are encrypted using older versions,
+glob pattern) to re-encrypt the key data using the active
+database master key, if they are encrypted using older versions,
 and give a count at the end of the number of principals updated.
 If the
 .B \-f

More information about the cvs-krb5 mailing list