Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Creating the Kerberos Database
Chapter 6192
• 3DES or 5: DES-CBC-MD5 (default)
-f keyfile When used with the -s switch, it specifies an alternate
name for the stash file. If you do not use the -f switch,
the default keyfile is .k5.REALM.
-M mkeyname Specifies an alternate primary principal name. The
default primary name is K/M@REALM.
-p PASSWORD Suppress the kdb_create from prompting you for the
master password, which makes it easier to configure a
database with a shell script. The master password is
used to generate an encryption key that protects all the
entries in the database.
You cannot use this option to change the master
password.
-r REALM Creates the principal database for the realm REALM.By
default, kdb_create uses the realm defined in the
krb.conf file. If this file does not exist the command
uses the uppercase equivalent of the domain name.
-s Stores the master key in a stash file that can be
automatically retrieved, eliminating the need to
manually enter the key each time you start the
security server.
-v Runs the kdb_create in verbose mode.
Given below is an example of using the kdb_create:
shell% kdb_create -a BAMBI.COM
Initializing database /opt/krb5/principal for realm BAMBI.COM...
master key name is K/M@DCETST3.FINANCE.BAMBI.COM
It is important that you NOT FORGET this password.
Enter password:
Re-enter password for verification:
Adding principals to database...
Cleaning up....
shell%
The kdb_create command creates the principals mentioned below:
• K/M@<REALM NAME>
This is the default key name. However this key name is can be
configured.
• default@<REALM NAME>