Administration

Manual Administration Using kadmin

The general syntax for deleting a specified principal:

command: del

For example, to delete the principal “admin”, you would do the following:

command: del

Name of Principal to delete: admin

Principal removed

You are not alerted with a confirmation message on deletion of a principal.

Extract a Principal

The ext command securely extracts a principal’s key into a local service key table file. By default, the host/fqdn@REALM principal is extracted into the v5srvtab file, where fqdn is the fully qualified domain name of the host system.

If the principal does not exist in the principal database, it is added with the name you have specified.If the service key table file does not exist, it is created with the name you have specified.

If the principal exits, kadmin resets the key version to 1 by overwriting the previous key and extracting the key that is created using a new password and no salt key. To extract the key without any modifications, use the -noption.

The general syntax for extracting a principal and a key to a local service key table file:

command: ext

For example, to extract the principal “admin” to a local service key table file, SrvTab, you would do the following:

command: ext

Name of Principal (host/fqdn@REALM): admin

Service Key Table File Name (/opt/krb5/v5srvtab):/opt/SrvTab

Principal modified

Key extracted

The optional parameters are:

[-n]

Extracts the key for an existing principal without

 

changing the key or the salt type.

174

Chapter 6

Page 174
Image 174
HP UX Kerberos Data Security Software manual Extract a Principal