Administering the Kerberos Server

Kerberos Database Utilities

 

 

DES-CRC or 1: DES-CBC-CRC

 

 

 

NOTE

The default, DES3-CBC-MD5, will be set as the

 

 

encryption type if you do not specify any of the

 

 

encryption types previously mentioned.

 

-f keyfile

Specifies an alternate name for the stash file when

 

 

 

used with the -sswitch. If you do not use the -f

 

 

switch, .k5.REALM is used as the default keyfile.

 

-M mkeyname

Specifies an alternate primary principal name. The

 

 

default primary name is K/M@REALM.

 

-p PASSWORD

Suppresses kdb_create from prompting you for the

 

 

master password, which makes it easier to configure a

 

 

database with a shell script. Uses the master password

 

 

to generate an encryption key that protects all the

 

 

entries in the database.

 

 

You cannot use this option to change the master

 

 

password.

 

-r REALM

Creates the principal database for the realm REALM. By

 

 

default, kdb_create uses the realm defined in the

 

 

krb.conf file. If this file does not exist, the command

 

 

uses the uppercase equivalent of the domain name.

 

-s

Stores the master key in a stash file that can be

 

 

automatically retrieved, eliminating the need to

 

 

manually enter the key each time you start the

 

 

Kerberos server.

 

-v

Runs kdb_create in verbose mode.

The following example displays how to use kdb_create:

shell% kdb_create -a BAMBI.COM

Initializing database /opt/krb5/principal for realm BAMBI.COM. master key name is K/M@DCETST3.FINANCE.BAMBI.COM

You will be prompted for the database Master Password

It is important that you DO NOT FORGET this password.

Enter password:

Re-enter password for verification:

226

Chapter 8

Page 226
Image 226
HP UX Kerberos Data Security Software manual 226