turnadmin man page

General Information

turnadmin is a TURN administration tool. This tool can be used to manage  the user accounts (add/remove users, generate  TURN keys for the users). For security reasons, we do not recommend  storing passwords openly. The better option is to use pre-processed "keys"  which are then used for authentication. These keys are generated by turnadmin.  Turnadmin is a link to turnserver binary, but turnadmin performs different  functions.

Options note: turnadmin has long and short option names, for most options. Some options have only long form, some options have only short form. Their syntax  somewhat different, if an argument is required:

The short form must be used as this (for example):

  $ turnadmin -u <username> ...

The long form equivalent must use the "=" character:

  $ turnadmin --user=<username> ...

If this is a flag option (no argument required) then their usage are the same, for example:

 $ turnadmin -k ...

is equivalent to:

 $ turnadmin --key ...

You have always the use the -r <realm> option with commands for long term credentials -  because data for multiple realms can be stored in the same database.

=====================================

Name

turnadmin - a TURN relay administration tool.

Synopsis

$ turnadmin [command] [options]

$ turnadmin [ -h | --help]

Description

Commands:
-P, --generate-encrypted-password

Generate and print to the standard output an encrypted form of a password (for web admin user or CLI). The value then can be used as a safe key for the password storage on disk or in the database. Every invocation for the same password produces a different result. The for mat of the encrypted password is: $5$<...salt...>$<...sha256(salt+password)...>. Salt is 16 characters, the sha256 output is 64 characters. Character 5 is the algorithm id (sha256). Only sha256 is supported as the hash function.

-k, --key

Generate key for a long-term credentials mechanism user.

-a, --add

Add or update a long-term user.

-A, --add-admin

Add or update an admin user.

-d, --delete

Delete a long-term user.

-D, --delete-admin

Delete an admin user.

-l, --list

List long-term users in the database.

-L, --list-admin

List admin users in the database.

-s, --set-secret=<value> Add shared secret for TURN RESP API

-S, --show-secret

Show stored shared secrets for TURN REST API

-X, --delete-secret=<value> Delete a shared secret.

--delete-all_secrets

Delete all shared secrets for REST API.

-O, --add-origin

Add origin-to-realm relation.

-R, --del-origin

Delete origin-to-realm relation.

-I, --list-origins

List origin-to-realm relations.

-g, --set-realm-option

Set realm params: max-bps, total-quota, user-quota.

-G, --list-realm-options

List realm params.

-E, --generate-encrypted-password-aes

Generate and print to the standard output an encrypted form of password with AES-128

Options with required values:
-b, --db, --userdb

SQLite user database file name (default - /var/db/turndb or /usr/local/var/db/turndb or /var/lib/turn/turndb). See the same option in the turnserver section.

-e, --psql-userdb

PostgreSQL user database connection string. See the --psql-userdb option in the turnserver section.

-M, --mysql-userdb

MySQL user database connection string. See the --mysql-userdb option in the turnserver section.

-J, --mongo-userdb

MongoDB user database connection string. See the --mysql-mongo option in the turnserver section.

-N, --redis-userdb

Redis user database connection string. See the --redis-userdb option in the turnserver section.

-u, --user

User name.

-r, --realm

Realm.

-p, --password

Password.

-x, --key-path

Generates a 128 bit key into the given path.

-f, --file-key-path

Contains a 128 bit key in the given path.

-v, --verify

Verify a given base64 encrypted type password.

-o, --origin

Origin

--max-bps

Set value of realm's max-bps parameter.

--total-quota

Set value of realm's total-quota parameter.

--user-quota

Set value of realm's user-quota parameter.

-h, --help

Help.

Command examples:

Generate an encrypted form of a password:

$ turnadmin -P -p <password>

Generate a key:

$ turnadmin -k -u <username> -r <realm> -p <password>

Add/update a user in the in the database:

$ turnadmin -a [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm> -p <password>

Delete a user from the database:

$ turnadmin -d [-b <userdb-file> | -e <db-connection-string> | -M <db-connection-string> | -N <db-connection-string> ] -u <username> -r <realm>

List all long-term users in MySQL database:

$ turnadmin -l --mysql-userdb="<db-connection-string>" -r <realm>

List all admin users in Redis database:

$ turnadmin -L --redis-userdb="<db-connection-string>"

Set secret in MySQL database:

$ turnadmin -s <secret> --mysql-userdb="<db-connection-string>" -r <realm>

Show secret stored in PostgreSQL database:

$ turnadmin -S --psql-userdb="<db-connection-string>" -r <realm>

Set origin-to-realm relation in MySQL database:

$ turnadmin --mysql-userdb="<db-connection-string>" -r <realm> -o <origin>

Delete origin-to-realm relation from Redis DB:

$ turnadmin --redis-userdb="<db-connection-string>" -o <origin>

List all origin-to-realm relations in Redis DB:

$ turnadmin --redis-userdb="<db-connection-string>" -I

List the origin-to-realm relations in PostgreSQL DB for a single realm:

$ turnadmin --psql-userdb="<db-connection-string>" -I -r <realm>

Create new key file for mysql password encryption:

$ turnadmin -E --key-path <key-file>

Create encrypted mysql password:

$ turnadmin -E --file-key-path <key-file> -p <secret>

Verify/decrypt encrypted password:

$ turnadmin --file-key-path <key-file> -v <encrypted>

Help:

$ turnadmin -h

=======================================

Docs

After installation, run the command:

$ man turnadmin

or in the project root directory:

$ man -M man turnadmin

to see the man page.

=====================================

Files

/etc/turnserver.conf

/var/db/turndb

/usr/local/var/db/turndb

/var/lib/turn/turndb

/usr/local/etc/turnserver.conf

=====================================

Directories

/usr/local/share/turnserver

/usr/local/share/doc/turnserver

/usr/local/share/examples/turnserver

======================================

See Also

turnserver, turnutils

======================================

Web Resources

project page:

https://github.com/coturn/coturn/

Wiki page:

https://github.com/coturn/coturn/wiki

forum:

https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-turn-server/

======================================

Authors

Oleg Moskalenko <mom040267@gmail.com>

Gabor Kovesdan http://kovesdan.org/

Daniel Pocock http://danielpocock.com/

John Selbie (jselbie@gmail.com)

Lee Sylvester <lee@designrealm.co.uk>

Erik Johnston <erikj@openmarket.com>

Roman Lisagor <roman@demonware.net>

Vladimir Tsanev <tsachev@gmail.com>

Po-sheng Lin <personlin118@gmail.com>

Peter Dunkley <peter.dunkley@acision.com>

Mutsutoshi Yoshimoto <mutsutoshi.yoshimoto@mixi.co.jp>

Federico Pinna <fpinna@vivocha.com>

Bradley T. Hughes <bradleythughes@fastmail.fm>

Mihaly Meszaros <misi@majd.eu>

Info

29 January 2019