Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

kerberos

Status
Not open for further replies.
May 22, 2003
25
US
Hi,

1). I would like to know the step wise procedure to how to add new principal in kerberos

2). one more thing i need is while giving kinit <username> for creating new kerberos tickets it is giving by default 30 days issued 30th may expires 29th june i would like to change that as 60 or 90 days how can i do that?

3).Apart from the root if we create a new prinicipal can we use rsh,rlogin,rcp commands with that account or not.

Thanks in advance
AIX SUPPORT
 
Hi,

Can anyone of you help on this please.

Thanks
AIX SUPPORT
 
Hi aixsupport

answering to 1)
with root account please issue the command
#/usr/kerberos/bin/add_principal -r <realm_name> -v <file_name>

Here r--->adds kerberos principals to realm other than local realm
v --->verbose
file_name--->contains princiapl names and passwords adding to kerberos authentication database

answering to 2)By default max ticket life is 3o days.we are following the same default in our shop.
But by using kdb_edit utility you can overwrite defaults

answering 3)Apart from root any princiapl can use :rlogin,rsh,rcp,ftp,telnet,pop,afs and nfs network services/utilities as kerberos support all of them.


sushveer
IBM certified specialist-p-series AIX5L System Administration
AIX/SOLARIS/WEBSPHERE-MQ/TIVOLI Administrator
 
Hi,

Thanks for your response.

can you clearly explain db_edit with example so that i will try to dao that.

Thanks for spending your time on this .

Thanks
AIX support
 
Hi aixsupport

#/usr/kerberos/bin/kdb_edit -n

This is intractive session...u need to input for every field
accordingly...but to address your problem of max ticket life

you will see a prompt for:max ticket lifetime[255]
Here you can enter the value above 191 that will make your
ticket life >30 days...By default while installation of kerberos ...install program will keep 191 for this..that's
why we have default 30 days...
Max value you can put up to 255 as shown in parenthesis
...

I think ...u are clear now with my procedure!

sushveer
IBM certified specialist-p-series AIX5L System Administration
AIX/SOLARIS/WEBSPHERE-MQ/TIVOLI Administrator
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top