Permalink
Cannot retrieve contributors at this time
GENERAL INFORMATION | |
turnadmin is a TURN administration tool. This tool can be used to manage | |
the user accounts (add/remove users, generate | |
TURN keys for the users). For security reasons, we do not recommend | |
storing passwords openly. The better option is to use pre-processed "keys" | |
which are then used for authentication. These keys are generated by turnadmin. | |
Turnadmin is a link to turnserver binary, but turnadmin performs different | |
functions. | |
Options note: turnadmin has long and short option names, for most options. | |
Some options have only long form, some options have only short form. Their syntax | |
somewhat different, if an argument is required: | |
The short form must be used as this (for example): | |
$ turnadmin -u <username> ... | |
The long form equivalent must use the "=" character: | |
$ turnadmin --user=<username> ... | |
If this is a flag option (no argument required) then their usage are the same, for example: | |
$ turnadmin -k ... | |
is equivalent to: | |
$ turnadmin --key ... | |
You have always the use the -r <realm> option with commands for long term credentials - | |
because data for multiple realms can be stored in the same database. | |
===================================== | |
NAME | |
turnadmin - a TURN relay administration tool. | |
SYNOPSIS | |
$ turnadmin [command] [options] | |
$ turnadmin [ -h | --help] | |
DESCRIPTION | |
Commands: | |
-P, --generate-encrypted-password Generate and print to the standard | |
output an encrypted form of a password (for web admin user or CLI). | |
The value then can be used as a safe key for the password | |
storage on disk or in the database. Every invocation for the same password | |
produces a different result. The format of the encrypted password is: | |
$5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters, | |
the sha256 output is 64 characters. Character 5 is the algorithm id (sha256). | |
Only sha256 is supported as the hash function. | |
-k, --key Generate key for a long-term credentials mechanism user. | |
-a, --add Add or update a long-term user. | |
-A, --add-admin Add or update an admin user. | |
-d, --delete Delete a long-term user. | |
-D, --delete-admin Delete an admin user. | |
-l, --list List long-term users in the database. | |
-L, --list-admin List admin users in the database. | |
-s, --set-secret=<value> Add shared secret for TURN REST API | |
-S, --show-secret Show stored shared secrets for TURN REST API | |
-X, --delete-secret=<value> Delete a shared secret. | |
--delete-all_secrets Delete all shared secrets for REST API. | |
-O, --add-origin Add origin-to-realm relation. | |
-R, --del-origin Delete origin-to-realm relation. | |
-I, --list-origins List origin-to-realm relations. | |
-g, --set-realm-option Set realm params: max-bps, total-quota, user-quota. | |
-G, --list-realm-options List realm params. | |
-E, --generate-encrypted-password-aes Generate and print to the standard output | |
an encrypted form of password with AES-128 | |
Options with required values: | |
-b, --db, --userdb SQLite user database file name (default - /var/db/turndb or | |
/usr/local/var/db/turndb or /var/lib/turn/turndb). | |
See the same option in the turnserver section. | |
-e, --psql-userdb PostgreSQL user database connection string. | |
See the --psql-userdb option in the turnserver section. | |
-M, --mysql-userdb MySQL user database connection string. | |
See the --mysql-userdb option in the turnserver section. | |
-J, --mongo-userdb MongoDB user database connection string. | |
See the --mysql-mongo option in the turnserver section. | |
-N, --redis-userdb Redis user database connection string. | |
See the --redis-userdb option in the turnserver section. | |
-u, --user User name. | |
-r, --realm Realm. | |
-p, --password Password. | |
-x, --key-path Generates a 128 bit key into the given path. | |
-f, --file-key-path Contains a 128 bit key in the given path. | |
-v, --verify Verify a given base64 encrypted type password. | |
-o, --origin Origin | |
--max-bps Set value of realm's max-bps parameter. | |
--total-quota Set value of realm's total-quota parameter. | |
--user-quota Set value of realm's user-quota parameter. | |
-h, --help Help. | |
Command examples: | |
Generate an encrypted form of a password: | |
$ turnadmin -P -p <password> | |
Generate a key: | |
$ turnadmin -k -u <username> -r <realm> -p <password> | |
Add/update a user in the in the database: | |
$ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password> | |
Delete a user from the database: | |
$ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> | |
List all long-term users in MySQL database: | |
$ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm> | |
List all admin users in Redis database: | |
$ turnadmin -L --redis-userdb="<db-connection-string>" | |
Set secret in MySQL database: | |
$ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm> | |
Show secret stored in PostgreSQL database: | |
$ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm> | |
Set origin-to-realm relation in MySQL database: | |
$ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin> | |
Delete origin-to-realm relation from Redis DB: | |
$ turnadmin --redis-userdb="<db-connection-string>" -o <origin> | |
List all origin-to-realm relations in Redis DB: | |
$ turnadmin --redis-userdb="<db-connection-string>" -I | |
List the origin-to-realm relations in PostgreSQL DB for a single realm: | |
$ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm> | |
Create new key file for mysql password encryption: | |
$ turnadmin -E --key-path <key-file> | |
Create encrypted mysql password: | |
$ turnadmin -E --file-key-path <key-file> -p <secret> | |
Verify/decrypt encrypted password: | |
$ turnadmin --file-key-path <key-file> -v <encrypted> | |
Help: | |
$ turnadmin -h | |
======================================= | |
DOCS | |
After installation, run the command: | |
$ man turnadmin | |
or in the project root directory: | |
$ man -M man turnadmin | |
to see the man page. | |
===================================== | |
FILES | |
/etc/turnserver.conf | |
/var/db/turndb | |
/usr/local/var/db/turndb | |
/var/lib/turn/turndb | |
/usr/local/etc/turnserver.conf | |
===================================== | |
DIRECTORIES | |
/usr/local/share/turnserver | |
/usr/local/share/doc/turnserver | |
/usr/local/share/examples/turnserver | |
====================================== | |
SEE ALSO | |
turnserver, turnutils | |
====================================== | |
WEB RESOURCES | |
project page: | |
https://github.com/coturn/coturn/ | |
Wiki page: | |
https://github.com/coturn/coturn/wiki | |
forum: | |
https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/ | |
====================================== | |
AUTHORS | |
Oleg Moskalenko <mom040267@gmail.com> | |
Gabor Kovesdan http://kovesdan.org/ | |
Daniel Pocock http://danielpocock.com/ | |
John Selbie (jselbie@gmail.com) | |
Lee Sylvester <lee@designrealm.co.uk> | |
Erik Johnston <erikj@openmarket.com> | |
Roman Lisagor <roman@demonware.net> | |
Vladimir Tsanev <tsachev@gmail.com> | |
Po-sheng Lin <personlin118@gmail.com> | |
Peter Dunkley <peter.dunkley@acision.com> | |
Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp> | |
Federico Pinna <fpinna@vivocha.com> | |
Bradley T. Hughes <bradleythughes@fastmail.fm> | |
Mihály Mészáros <misi@majd.eu> | |
ACTIVE MAINTAINERS | |
Mihály Mészáros <misi@majd.eu> |