Table of Contents
Advertisement
kadmin:
modify_principal -maxlife "8 hours" newbie
Principal "newbie@EXAMPLE.COM" modified.
kadmin:
getprinc joe
Principal: newbie@EXAMPLE.COM
Expiration date: [never]
Last password change: Wed Jan 12 17:28:46 CET 2005
Password expiration date: [none]
Maximum ticket life: 0 days 08:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Wed Jan 12 17:59:49 CET 2005 (newbie/admin@EXAMPLE.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Attributes:
Policy: [none]
kadmin:
This changes the maximum ticket life time to eight hours. For more information about
the kadmin command and the options available, refer to
kerberos/www/krb5-1.4/krb5-1.4/doc/krb5-admin.html#Kadmin
or look at man 8 kadmin.
%20Options
46.8 Creating Kerberos Host
Principals
In addition to making sure every machine on your network knows which Kerberos
realm it is in and what KDC to contact, create a host principal for it. So far, only user
credentials have been discussed. However, Kerberos-compatible services usually need
to authenticate themselves to the client user, too. Therefore, special host principals must
be present in the Kerberos database for each host in the realm.
The naming convention for host principals is host/<hostname>@<REALM>, where
hostname is the host's fully qualified hostname. Host principals are similar to user
principals, but have significant differences. The main difference between a user principal
and a host principal is that the key of the former is protected by a password—when a
user obtains a ticket-granting ticket from the KDC, he needs to type his password so
http://web.mit.edu/
Installing and Administering Kerberos
853
Advertisement
Table of Contents
Troubleshooting
