August 2003
Intermediate to advanced
270 pages
10h 9m
English
Content preview from Kerberos: The Definitive GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Name
ktadd — Adding keys into keytabs
Synopsis
ktadd [-k keytab] [-e keysaltlist] principal-name | -glob glob-pattern
Aliases
xst
The ktadd command creates
a random key for a principal or set of principals in the Kerberos
database, and returns those keys to the client so that they can be
saved into a keytab file on the client machine. This command is
used to create keytabs for service and host principals in a
Kerberos realm.
Note that ktadd does not
extract the current key from the Kerberos database; it instead
creates a new, random key and returns it, incrementing the key
version number to indicate that a new key has been generated. This
is a deliberate design decision, as it prevents a rogue
administrator from simply dumping the entire Kerberos database
through kadmin. It also means that the old keys or passwords
assigned to this principal will no longer be valid once ktadd is run on the principal, and you
cannot run ktadd from more than
one system on the same principal since they will receive different
keys.
Optional parameters include -k to specify the path to the keytab
file to append to; the default is the system keytab file in
/etc/krb5.keytab. You can also specify the
-e option to indicate the list
of encryption keys and salts to use when creating and extracting
the new key.
The ktadd command
requires that the administrator have I and C permissions on the principals that she
is adding to the keytab.
Example
kadmin: ktadd -k /tmp/key host/slave.wedgie.org@WEDGIE.ORG Entry for principal ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.