addprinc — Adding a principal


addprinc [-expire expiredate] [-pwexpire pwexpiredate] [-maxlife maxtixlife]    [-kvno kvno] [-policy policyname] [-randkey] [-pw password] [-maxrenewlife   maxrenewlife] [-e keysaltlist] [(+/-)attribute] principal-name


add_principal, ank

The addprinc command adds a new principal into the Kerberos database. This command requires one argument, the name of the new principal to add. The command also recognizes several optional arguments that specify policy information the new principal should be subject to. More information about password policies is available in Chapter 6.

Other options include the randkey option, which adds the principal with a random key. This option is good to use for services that require secure keys that don’t have to be memorized by a human. If the principal needs to have a special key encryption type or salt, it can be specified with the -e option. Following is a full list of all of the options available to addprinc:

-expire expiredate

This option sets an expiry date for the principal. After the date specified, tickets will no longer be issued for the principal, and requests by the principal to obtain service tickets will not be honored.

-pwexpire pwexpiredate

This option sets the password expiry date for the principal.

-maxlife maxtixlife

This option sets the maximum lifetime of tickets issued for the principal.

-kvno kvno

This option sets the key version number for the principal’s key to kvno. Unless you need to override ...

Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.