Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 674 — #700
i
i
i
i
i
i
i
i
This changes the maximum ticket life time to two days and sets the expira-
tion date for the account to January 1, 2005.
Basic kadmin Commands
Here is a brief list of kadmin commands. For more information, refer to the
manual page of kadmin.
add principal add a new principal
modify principal edit various attributes of a principal, such as maxi-
mum ticket life time and account expiration date
delete principal remove a principal from the database
rename principal newname renames a principal to newname
list pattern list all principals matching the given pattern. Patterns work
much like the shell globbing patterns: list newbie* would list
newbie and newbie/admin in this example.
get principal display detailed information about the principal
passwd principal changes a principal’s password
At all stages, help is available by typing
? and
Enter . This even works in
prompt environments generated by modify and add.
The init command used when initially creating the realm (as well as a
few others) is not available in remote mode. To create a new realm, go to
the KDC’s console and use kadmin in local mode (using the -l command
line option). The same is true for dumping and restoring the KDC database
using the dump, load, and merge commands.
26.6.8 Creating Kerberos Host Principals
In addition to making sure every machine on your network knows which
Kerberos realm it is in and what KDC to contact, create a host principal for
it. So far, only user credentials have been discussed. However, Keberos-
compatible services usually need to authenticate themselves to the client
user, too. Therefore, special host principals must be present in the Kerberos
database for each host in the realm.
674 26.6. Installing and Administering Kerberos