4.12.1 ProblemYou want to add a new user to an existing MIT Kerberos-5 realm. 4.12.2 SolutionUse kadmin on any realm host: $ kadmin Authenticating as principal pat/admin@DOGOOD.ORG with password. To add the user named joe: kadmin: ank -policy users joe Enter password for principal "joe@DOGOOD.ORG": ******** Re-enter password for principal "joe@DOGOOD.ORG": ******** Principal "joe@DOGOOD.ORG" created. To give joe administrative privileges: kadmin: ank -policy admin joe/admin Enter password for principal "joe/admin@DOGOOD.ORG": ******** Re-enter password for principal "joe/admin@DOGOOD.ORG": ******** Principal "joe/admin@DOGOOD.ORG" created. and tell Joe his temporary user and admin passwords, which he should immediately change with kpasswd . When finished: kadmin: quit 4.12.3 DiscussionThis is the same procedure we used while setting up your KDC. [Recipe 4.11] You need not be on the KDC to do administration; you can do it remotely with kadmin. The program kadmin.local, which we used before, is only for bootstrapping or other exceptional situations. 4.12.4 See Alsokadmin(8). |