User guide
Chapter 13: Command Line Interface
193
Diagnostic Tips:
Use the name command in the network menu to set the FQDN for
the Dominion SX.
Disable HTTP redirect from the services menu.
Synchronize the time of the client machine, Dominion SX, KDC and
kadmin machines using time menu and ntp option.
The above 3 machines should be pingable by FQDN. Get the hosts
file using gethostnamefile from the Kerberos menu.
Use klist to check the ticket expiration.
Most of the kadmin error messages are associated with ticket
expiration
Kadmin: List principal and add missing principal if it doesn't already
exist in the KDC database.
Browser rule: Do not include the REALM part when the browser
prompts for principal.
Telnet access: Use -x -l and -k option appropriately. Telnet will
initially print that authentication
Key and Definitions:
1. For KDC, kadmind, the application server, and client machine, see
MIT Kerberos FAQ
[http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html]
2. FQDN: Fully Qualified Domain Name
Note: Information about setting up KDC kadmind is not in the scope of
this document. Use the references mentioned in this section for this
information.
Kerberos Command Example
1. admin > Security > Kerberos > getkrbconfig ip 192.168.52.197 login
vijay password vijayv path /home/vijay/krb5.conf
Success
2. kadmin: addprinc host/dsx-182.domain.com@REALM
kadmin: addprinc HTTP/dsx-182.raritan.com@RARITAN.COM
Loginsettings Commands
The loginsettings command menu offers commands used to configure
the systemwide login settings:
Command
Description
idletimeout
Set systemwide idletimeout.
inactiveloginexpiry
Configure local login expiry time.
invalidloginretries
Configure local login max number of