PreviousNext

keytab add

Adds members to a key table. The syntax is:

keytab add keytab_name_list -member principal_name_list
{-key plain_key -version key_version [-registry] |
-random -registry [-version key_version] }
[-ktname residual_keytab_name] [-noprivacy] [-local]

Options

-member principal_name_list
List of principal names to be added to each key table in the argument.

-registry
Updates the principal's key in the registry as well as on the host. Required if the -random option is used.

-random
Generates a random des key. Cannot be used with the -key option.

-key plain_key
Specifies a key explicitly. Cannot be used with the -random option.

-version key_version
Specifies a version number for the key. Required if the -registry option is not used.

-ktname residual_keytab_name
Specifies the keytab object to add members to. If you use this option, you must specify keytab_name_list as a string binding. See Arguments for more information about specifying a string binding for keytab_name_list.

-local
Specifies that the add operation operates on local files only.

-noprivacy
Specifies that keytables are sent over the network unencrypted.

Description
The keytab add operation adds members to key tables. The argument is a list of names of key tables to which members should be added. The required -member option lists principal names to be added to each key table in the keytab_name_list argument. If the principals named do not exist, the command will return an error. The operation adds each principal name and its key to the key table.

Use either the -random option to have dcecp generate a random des key or the -key option to specify a plain key explicitly. The same key (whether specified or randomly generated) is used for all principals being added to all key tables. The -registry option updates the principal's key in the key table and in the registry. The -registry option is required if -random is used. The -version option specifies the version number of the key. You must specify either -registry or -version or both on any keytab add command. The -ktname option is used to identify the specific key table to operate on, but only when the argument is a string binding representing a key table, not the fully qualified key table name. The operation returns an empty string on success.

Privileges Required
You must have a (auth_info) permission to the keytab object.

Examples
The following example returns a list of the names of all objects on the specified host in arbitrary order. The argument is a list of host names. If more than one is specified, the output is concatenated. If no argument is given the local host is assumed.

dcecp> keytab add /.:/hosts/medusa/config/keytab/radiology \
> -member melman -random -registry
dcecp>
dcecp> keytab add /.:/hosts/medusa/config/keytab/radiology \
> -member melman -key yrrebnesor
dcecp>