Administering the Kerberos Server
Principals
IMPORTANT
IMPORTANT
IMPORTANT
kadmin/REALM@REALM: The Kerberos administrative graphical user interface and
This principal uses a random key, but you do not need to extract the key to a service key table file.
Do not remove or modify this principal entry.
kadmin/changepw@REALM: The Kerberos v5 standard set/change password protocol requires the kadmin/changepw@REALM principal. This principal is automatically added to the database when a realm is created.
This principal uses a random key, but you do not need to extract the key to the service key table file.
Do not remove or modify this principal entry.
kcpwd/REALM@REALM: The kcpwd/REALM@REALM principal name is the change password service for Kerberos. This principal is required in each realm. It is automatically added when you add a realm to the database.
This principal uses a random key. However, you do not need to extract this key to a service key table file.
Do not remove or modify this principal entry.
host/fqdn@REALM: Kerberos servers and application services such as the following use the host/fqdn@REALM principal name:
•Primary and secondary security servers, depending on the requirement of the database propagation.
•Secure connection utility daemons and client applications.
126 | Chapter 8 |