Administering the Kerberos Server
Manual Administration Using kadmin
[principal] Specifies an alternate principal to extract other than the default host/fqdn@REALM principal, for example,
ext finance@BAMBI.COM
After ext executes, it prompts you for the service key table file name.
The default file name is /krb5/v5srvtab.
Listing the Attributes of a PrincipalThe inq command lists the attributes of the principal, if it exists. The kadmin utility displays the following message if the principal does not exist in the database:
Principal does not exist
The general syntax for listing the attributes of the principal is as follows:
command: inq
For example, to list the attributes of the principal admin, type kadmin at the
command: inq
Name of Principal: admin
Modifying a PrincipalTo modify attributes of a principal in the database, use the kadmin mod command. In addition to the name of the principal, you must also specify the type of parameter.
You can modify the following parameters:
attr | Specifies properties associated with the principal. |
fcnt | Specifies the number of failed authentication attempts |
| allowed for a principal. The number must be an integer |
| between 0 and 255. |
vno | Specifies the key version number. The number must be |
| an integer between 0 and 255. When you create a |
| principal, its key version number (vno) is 1 and the |
| version number automatically increments by one each |
| time the key is changed. |
208 | Chapter 8 |