Recipe 4.12 Adding Users to a Kerberos Realm

Previous page
Table of content
Next page

4.12.1 Problem

You want to add a new user to an existing MIT Kerberos-5 realm.

4.12.2 Solution

Use kadmin on any realm host:

$ kadmin Authenticating as principal pat/admin@DOGOOD.ORG with password.

To add the user named joe:

kadmin: ank -policy users joe Enter password for principal "joe@DOGOOD.ORG": ******** Re-enter password for principal "joe@DOGOOD.ORG": ******** Principal "joe@DOGOOD.ORG" created.

To give joe administrative privileges:

kadmin: ank -policy admin joe/admin Enter password for principal "joe/admin@DOGOOD.ORG": ******** Re-enter password for principal "joe/admin@DOGOOD.ORG": ******** Principal "joe/admin@DOGOOD.ORG" created.

and tell Joe his temporary user and admin passwords, which he should immediately change with kpasswd . When finished:

kadmin: quit

4.12.3 Discussion

This is the same procedure we used while setting up your KDC. [Recipe 4.11] You need not be on the KDC to do administration; you can do it remotely with kadmin. The program kadmin.local, which we used before, is only for bootstrapping or other exceptional situations.

4.12.4 See Also

kadmin(8).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Qshell for iSeries
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
Comparing, Designing, and Deploying VPNs
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy