Name
addprinc — Adding a principal
Synopsis
addprinc [-expire expiredate] [-pwexpire pwexpiredate] [-maxlife maxtixlife] [-kvno kvno] [-policy policyname] [-randkey] [-pw password] [-maxrenewlife maxrenewlife] [-e keysaltlist] [(+/-)attribute] principal-name
Aliases
add_principal, ank
The addprinc command adds
a new principal into the Kerberos database. This command requires
one argument, the name of the new principal to add. The command
also recognizes several optional arguments that specify policy
information the new principal should be subject to. More
information about password policies is available in Chapter 6.
Other options include the randkey option, which adds the principal
with a random key. This option is good to use for services that
require secure keys that don’t have to be memorized by a human. If
the principal needs to have a special key encryption type or salt,
it can be specified with the -e
option. Following is a full list of all of the options available
to addprinc:
- -expire expiredate
This option sets an expiry date for the principal. After the date specified, tickets will no longer be issued for the principal, and requests by the principal to obtain service tickets will not be honored.
- -pwexpire pwexpiredate
This option sets the password expiry date for the principal.
- -maxlife maxtixlife
This option sets the maximum lifetime of tickets issued for the principal.
- -kvno kvno
This option sets the key version number for the principal’s key to kvno. Unless you need to override ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
