Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 668 — #694
i
i
i
i
i
i
i
i
Creating the Realm
Finally, create entries for your realm in the Kerberos database. Run
kadmin with the -l option as shown. This option tells kadmin to access the
database locally. By default, it tries to contact the Kerberos admin service
over the network. At this stage, this will not work because it is not running
yet.
Now, tell kadmin to initialize your realm. It will ask you a number of ques-
tions in return. It is best to accept the default settings offered by kadmin
initially:
kadmin -l
kadmin> init SAMPLE.COM
Realm max ticket life [unlimited]: <press return>
Realm max renewable ticket life [unlimited]: <press return>
To verify that it did anything, use the list command:
kadmin> list *
default@SAMPLE.COM
kadmin/admin@SAMPLE.COM
kadmin/hprop@SAMPLE.COM
kadmin/changepw@SAMPLE.COM
krbtgt/SAMPLE.COM@SAMPLE.COM
changepw/kerberos@SAMPLE.COM
This shows that there are now a number of principals in the database. All
of these are for internal use by Kerberos.
Creating a Principal
Next, create two Kerberos principals for yourself: one normal principal for
your everyday work and one for administrative tasks relating to Kerberos.
Assuming your login name is newbie, proceed as follows:
kadmin -l
kadmin> add newbie
Max ticket life [1 day]: <press return>
Max renewable life [1 week]: <press return>
Principal expiration time [never]: <press return>
Password expiration time [never]: <press return>
Attributes []: <press return>
newbie@SAMPLE.COM’s Password: <type password here>
Verifying password: <re-type password here>
668
26.6. Installing and Administering Kerberos