mirror of
https://git.openafs.org/openafs.git
synced 2025-01-19 15:30:14 +00:00
52557c982e
needs more massaging to make it fit the tree, but, get it here first
139 lines
6.6 KiB
XML
139 lines
6.6 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<refentry id="bos_removekey8">
|
|
<refmeta>
|
|
<refentrytitle>bos removekey</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
<refnamediv>
|
|
<refname>bos removekey</refname>
|
|
<refpurpose>Removes a server encryption key from the KeyFile file</refpurpose>
|
|
</refnamediv>
|
|
<refsect1>
|
|
<title>Synopsis</title>
|
|
<para><emphasis role="bold">bos removekey</emphasis> <emphasis role="bold">-server</emphasis> <<emphasis>machine name</emphasis>>
|
|
<emphasis role="bold">-kvno</emphasis> <<emphasis>key version number</emphasis>>+ [<emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>>]
|
|
[<emphasis role="bold">-noauth</emphasis>] [<emphasis role="bold">-localauth</emphasis>] [<emphasis role="bold">-help</emphasis>]</para>
|
|
|
|
<para><emphasis role="bold">bos removek</emphasis> <emphasis role="bold">-s</emphasis> <<emphasis>machine name</emphasis>> <emphasis role="bold">-k</emphasis> <<emphasis>key version number</emphasis>>+
|
|
[<emphasis role="bold">-c</emphasis> <<emphasis>cell name</emphasis>>] [<emphasis role="bold">-n</emphasis>] [<emphasis role="bold">-l</emphasis>] [<emphasis role="bold">-h</emphasis>]</para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Description</title>
|
|
<para>The <emphasis role="bold">bos removekey</emphasis> command removes each specified encryption key from
|
|
the <replaceable>/usr/afs/etc/KeyFile</replaceable> file on the machine named by the <emphasis role="bold">-server</emphasis>
|
|
argument. Use the <emphasis role="bold">-kvno</emphasis> argument to identify each key by its key
|
|
version number; use the <emphasis role="bold">bos listkeys</emphasis> command to display the key version
|
|
numbers.</para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Cautions</title>
|
|
<para>Before removing a obsolete key, verify that the cell's maximum ticket
|
|
lifetime has passed since the current key was defined using the <emphasis role="bold">kas
|
|
setpassword</emphasis> and <emphasis role="bold">bos addkey</emphasis> commands. This ensures that no clients
|
|
still possess tickets encrypted with the obsolete key.</para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Options</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-server</emphasis> <<emphasis>machine name</emphasis>></term>
|
|
<listitem>
|
|
<para>Indicates the server machine on which to change the
|
|
<replaceable>/usr/afs/etc/KeyFile</replaceable> file. Identify the machine by IP address or its
|
|
host name (either fully-qualified or abbreviated unambiguously). For
|
|
details, see <link linkend="bos8">bos(8)</link>.</para>
|
|
|
|
<para>In cells that use the Update Server to distribute the contents of the
|
|
<replaceable>/usr/afs/etc</replaceable> directory, it is conventional to specify only the system
|
|
control machine as a value for the <emphasis role="bold">-server</emphasis> argument. Otherwise, repeat
|
|
the command for each file server machine. For further discussion, see
|
|
<link linkend="bos8">bos(8)</link>.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-kvno</emphasis> <<emphasis>key version number</emphasis>>+</term>
|
|
<listitem>
|
|
<para>Specifies the key version number of each key to remove.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-cell</emphasis> <<emphasis>cell name</emphasis>></term>
|
|
<listitem>
|
|
<para>Names the cell in which to run the command. Do not combine this argument
|
|
with the <emphasis role="bold">-localauth</emphasis> flag. For more details, see <link linkend="bos8">bos(8)</link>.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-noauth</emphasis></term>
|
|
<listitem>
|
|
<para>Assigns the unprivileged identity <computeroutput>anonymous</computeroutput> to the issuer. Do not
|
|
combine this flag with the <emphasis role="bold">-localauth</emphasis> flag. For more details, see
|
|
<link linkend="bos8">bos(8)</link>.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-localauth</emphasis></term>
|
|
<listitem>
|
|
<para>Constructs a server ticket using a key from the local
|
|
<replaceable>/usr/afs/etc/KeyFile</replaceable> file. The <emphasis role="bold">bos</emphasis> command interpreter presents the
|
|
ticket to the BOS Server during mutual authentication. Do not combine this
|
|
flag with the <emphasis role="bold">-cell</emphasis> or <emphasis role="bold">-noauth</emphasis> options. For more details, see
|
|
<link linkend="bos8">bos(8)</link>.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><emphasis role="bold">-help</emphasis></term>
|
|
<listitem>
|
|
<para>Prints the online help for this command. All other valid options are
|
|
ignored.</para>
|
|
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
<para>The following command removes the keys with key version numbers 5 and 6
|
|
from the <replaceable>KeyFile</replaceable> file on the system control machine <computeroutput>fs1.abc.com</computeroutput>.</para>
|
|
|
|
<programlisting>
|
|
% bos removekey -server fs1.abc.com -kvno 5 6
|
|
|
|
</programlisting>
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Privilege Required</title>
|
|
<para>The issuer must be listed in the <replaceable>/usr/afs/etc/UserList</replaceable> file on the
|
|
machine named by the <emphasis role="bold">-server</emphasis> argument, or must be logged onto a server
|
|
machine as the local superuser <computeroutput>root</computeroutput> if the <emphasis role="bold">-localauth</emphasis> flag is
|
|
included.</para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para><link linkend="KeyFile5">KeyFile(5)</link>,
|
|
<link linkend="UserList5">UserList(5)</link>,
|
|
<link linkend="bos8">bos(8)</link>,
|
|
<link linkend="bos_addkey8">bos_addkey(8)</link>,
|
|
<link linkend="bos_listkeys8">bos_listkeys(8)</link></para>
|
|
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Copyright</title>
|
|
<para>IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.</para>
|
|
|
|
<para>This documentation is covered by the IBM Public License Version 1.0. It was
|
|
converted from HTML to POD by software written by Chas Williams and Russ
|
|
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.</para>
|
|
|
|
</refsect1>
|
|
</refentry>
|