Administering the Kerberos Server
Kerberos Database Utilities
Adding principals to database...
Cleaning up....
shell%
The kdb_create command creates the following principals:
•K/M@<REALM NAME>
This is the default key name. However, you can configure this key name.
•default@<REALM NAME>
•kadmin/<REALM NAME>@<REALM NAME>
•kcpwd/<REALM NAME>@<REALM NAME>
•krbtgt/<REALM NAME>@<REALM NAME>
IMPORTANT | Do not delete these principals. |
|
|
The K/M keyname is the default master key name. However, you can change the master key name by specifying the tag while using the
The stash file is a local copy of the master key that resides on the local disk of the primary security server in an encrypted format. This stash file is usually located in the same directory as the Kerberos database. By default, kdb_create does not create a stash file. A stash file allows the database utilities, such as kadmind, kadminl, kdcd and others, to authenticate themselves.
Occasionally, however, you may have to restart the machine on which the KDC runs, and if a stash file is present, you can configure KDC to start automatically without any human intervention whenever the machine is rebooted. The stash file, like the keytab file, is a potential
The Kerberos server supports the following encryption types:
•DES3
Chapter 8 | 227 |