Configuring A Kerberos Client With Yast - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual

This shows that there are now a number of principals in the database. All of these are
for internal use by Kerberos.
Creating a Principal
Next, create two Kerberos principals for yourself: one normal principal for your everyday
work and one for administrative tasks relating to Kerberos. Assuming your login name
is newbie, proceed as follows:
kadmin.local
kadmin> ank newbie
newbie@EXAMPLE.COM's Password: <type password here>
Verifying password: <re-type password here>
Next, create another principal named newbie/admin by typing ank newbie/admin
at the kadmin prompt. The admin suffixed to your username is a role. Later, use this
role when administering the Kerberos database. A user can have several roles for dif-
ferent purposes. Roles are basically completely different accounts with similar names.
Starting the KDC
Start the KDC daemon and the kadmin daemon. To start the daemons manually, enter
rckrb5kdc start and rckadmind start. Also make sure that KDC and kad-
mind are started by default when the server machine is rebooted with the command
insserv krb5kdc and insserv kadmind.
6.4.6 Configuring Kerberos Clients
Once the supporting infrastructure is in place (DNS, NTP) and the KDC has been
properly configured and started, configure the clients machines. You can either use
YaST to configure a Kerberos client or use one of the two manual approaches described
below.

Configuring a Kerberos Client with YaST

Rather than manually editing all relevant configuration files when configuring a Kerberos
client, let YaST do the job for you. You can either perform the client configuration
during the installation of your machine or in the installed system:
94 Security Guide