Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Creating the Kerberos Database
Chapter 6 191
Creating the Kerberos Database
The primary security server contains adatabase of all principals that are
trusted in each of the supported realms. The database can also be
created during installation, refer to “Auto-Configuration of the Security
Server” on page 64, for more information.
The kdb_create utility creates a database and adds a realm to the
existing database. After the kdb_create utility, creates the principal
database, you can load a previously dumped database by using the
kdb_load utility.
NOTE You must be a root user to execute this command.
This utility cannot be used if you have forgotten the master password.
The general syntax for this is:
kdb_create [-a REALM] [-e enctype] [-M mkeyname] [-p
PASSWORD] [-r REALM] [-s[-f keyfile]] [-v]
If the -d, -e or the -M switches are used to over-ride defaults. These
switches must be used each time you run other daemons and programs
that use the defaults. For example, when using the kadmind or kdb_load
utilities.
The kadmind and the kdcd daemons should be restarted after you invoke
the kdb_create utility.
The kdb_create utility uses the following options:
-a Realms Adds the realm REALM to the existing principal
database. To use this switch, the principal database
must already exist and you must be aware of the
master password.
-e enctype Specifies the encryption and checksum mechanism of
the primary principal. The three encryption types
supported are:
• DES-CRC or 1: DES-CBC-CRC
• DES-MD5 or 3: DES-CBC-MD5