Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | bos_removekey - Removes a server encryption key from the KeyFile file | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<bos removekey> S<<< B<-server> <I<machine name>> >>> | |
11 | S<<< B<-kvno> <I<key version number>>+ >>> S<<< [B<-cell> <I<cell name>>] >>> | |
12 | [B<-noauth>] [B<-localauth>] [B<-help>] | |
13 | ||
14 | B<bos removek> S<<< B<-s> <I<machine name>> >>> S<<< B<-k> <I<key version number>>+ >>> | |
15 | S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-h>] | |
16 | ||
17 | =for html | |
18 | </div> | |
19 | ||
20 | =head1 DESCRIPTION | |
21 | ||
22 | The B<bos removekey> command removes each specified encryption key from | |
23 | the F</usr/afs/etc/KeyFile> file on the machine named by the B<-server> | |
24 | argument. Use the B<-kvno> argument to identify each key by its key | |
25 | version number; use the B<bos listkeys> command to display the key version | |
26 | numbers. | |
27 | ||
28 | =head1 CAUTIONS | |
29 | ||
30 | Before removing a obsolete key, verify that the cell's maximum ticket | |
31 | lifetime has passed since the current key was defined using the B<kas | |
32 | setpassword> and B<bos addkey> commands. This ensures that no clients | |
33 | still possess tickets encrypted with the obsolete key. | |
34 | ||
35 | This command can only remove keys from the F</usr/afs/etc/KeyFile> file; | |
36 | the F</usr/afs/etc/KeyFileExt> cannot be modified by this command. | |
37 | ||
38 | =head1 OPTIONS | |
39 | ||
40 | =over 4 | |
41 | ||
42 | =item B<-server> <I<machine name>> | |
43 | ||
44 | Indicates the server machine on which to change the | |
45 | F</usr/afs/etc/KeyFile> file. Identify the machine by IP address or its | |
46 | host name (either fully-qualified or abbreviated unambiguously). For | |
47 | details, see L<bos(8)>. | |
48 | ||
49 | In cells that use the Update Server to distribute the contents of the | |
50 | F</usr/afs/etc> directory, it is conventional to specify only the system | |
51 | control machine as a value for the B<-server> argument. Otherwise, repeat | |
52 | the command for each file server machine. For further discussion, see | |
53 | L<bos(8)>. | |
54 | ||
55 | =item B<-kvno> <I<key version number>>+ | |
56 | ||
57 | Specifies the key version number of each key to remove. | |
58 | ||
59 | =item B<-cell> <I<cell name>> | |
60 | ||
61 | Names the cell in which to run the command. Do not combine this argument | |
62 | with the B<-localauth> flag. For more details, see L<bos(8)>. | |
63 | ||
64 | =item B<-noauth> | |
65 | ||
66 | Assigns the unprivileged identity C<anonymous> to the issuer. Do not | |
67 | combine this flag with the B<-localauth> flag. For more details, see | |
68 | L<bos(8)>. | |
69 | ||
70 | =item B<-localauth> | |
71 | ||
72 | Constructs a server ticket using a key from the local | |
73 | F</usr/afs/etc/KeyFile> or F</usr/afs/etc/KeyFileExt> file. | |
74 | The B<bos> command interpreter presents the | |
75 | ticket to the BOS Server during mutual authentication. Do not combine this | |
76 | flag with the B<-cell> or B<-noauth> options. For more details, see | |
77 | L<bos(8)>. | |
78 | ||
79 | =item B<-help> | |
80 | ||
81 | Prints the online help for this command. All other valid options are | |
82 | ignored. | |
83 | ||
84 | =back | |
85 | ||
86 | =head1 EXAMPLES | |
87 | ||
88 | The following command removes the keys with key version numbers 5 and 6 | |
89 | from the F<KeyFile> file on the system control machine C<fs1.example.com>. | |
90 | ||
91 | % bos removekey -server fs1.example.com -kvno 5 6 | |
92 | ||
93 | =head1 PRIVILEGE REQUIRED | |
94 | ||
95 | The issuer must be listed in the F</usr/afs/etc/UserList> file on the | |
96 | machine named by the B<-server> argument, or must be logged onto a server | |
97 | machine as the local superuser C<root> if the B<-localauth> flag is | |
98 | included. | |
99 | ||
100 | =head1 SEE ALSO | |
101 | ||
102 | L<KeyFile(5)>, | |
103 | L<KeyFileExt(5)>, | |
104 | L<UserList(5)>, | |
105 | L<bos(8)>, | |
106 | L<bos_addkey(8)>, | |
107 | L<bos_listkeys(8)> | |
108 | ||
109 | =head1 COPYRIGHT | |
110 | ||
111 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
112 | ||
113 | This documentation is covered by the IBM Public License Version 1.0. It was | |
114 | converted from HTML to POD by software written by Chas Williams and Russ | |
115 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |