June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.12. Adding Users to a Kerberos Realm
Problem
You want to add a new user to an existing MIT Kerberos-5 realm.
Solution
Use kadmin on any realm host:
$ kadmin Authenticating as principal pat/admin@DOGOOD.ORG with password.
To add the user named joe:
kadmin:ank -policy users joeEnter password for principal "joe@DOGOOD.ORG":********Re-enter password for principal "joe@DOGOOD.ORG":********Principal "joe@DOGOOD.ORG" created.
To give joe administrative privileges:
kadmin:ank -policy admin joe/adminEnter password for principal "joe/admin@DOGOOD.ORG":********Re-enter password for principal "joe/admin@DOGOOD.ORG":********Principal "joe/admin@DOGOOD.ORG" created.
and tell Joe his temporary user and admin passwords, which he should immediately change with kpasswd . When finished:
kadmin: quitDiscussion
This is the same procedure we used while setting up your KDC. [Recipe 4.11] You need not be on the KDC to do administration; you can do it remotely with kadmin. The program kadmin.local, which we used before, is only for bootstrapping or other exceptional situations.
See Also
kadmin(8).