Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 871

When you make tape backups of the Kerberos database (/var/lib/kerberos/
krb5kdc/principal), do not back up the stash file (which is in /var/lib/
kerberos/krb5kdc/.k5.EXAMPLE.COM). Otherwise, everyone able to read the
tape could also decrypt the database. Therefore, it is also a good idea to keep a copy of
the pass phrase in a safe or some other secure location, because you need it to restore
your database from backup tape after a crash.
To create the stash file and the database, run:
$> kdb5_util create -r EXAMPLE.COM -s
Initializing database '/var/lib/kerberos/krb5kdc/principal' for realm
'EXAMPLE.COM',
master key name 'K/M@EXAMPLE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: <= Type the master password.
Re-enter KDC database master key to verify: <= Type it again.
$>
To verify that it did anything, use the list command:
$>kadmin.local
kadmin> listprincs
K/M@EXAMPLE.COM
kadmin/admin@EXAMPLE.COM
kadmin/changepw@EXAMPLE.COM
krbtgt/EXAMPLE.COM@EXAMPLE.COM
This shows that there are now a number of principals in the database. All of these are
for internal use by Kerberos.
46.4.3 Creating a Principal
Next, create two Kerberos principals for yourself: one normal principal for your everyday
work and one for administrative tasks relating to Kerberos. Assuming your login name
is newbie, proceed as follows:
kadmin.local
kadmin> ank newbie
newbie@EXAMPLE.COM's Password: <type password here>
Verifying password: <re-type password here>
Installing and Administering Kerberos 853