HP UX Kerberos Data Security Software manual 191

NOTE

Administration

Creating the Kerberos Database

Creating the Kerberos Database

The primary security server contains a database of all principals that are trusted in each of the supported realms. The database can also be created during installation, refer to “Auto-Configuration of the Security Server” on page 64, for more information.

The kdb_create utility creates a database and adds a realm to the existing database. After the kdb_create utility, creates the principal database, you can load a previously dumped database by using the kdb_load utility.

You must be a root user to execute this command.

This utility cannot be used if you have forgotten the master password.

The general syntax for this is:

kdb_create [-a REALM] [-e enctype] [-M mkeyname] [-p PASSWORD] [-r REALM] [-s[-f keyfile]] [-v]

If the -d, -eor the -Mswitches are used to over-ride defaults. These switches must be used each time you run other daemons and programs that use the defaults. For example, when using the kadmind or kdb_load utilities.

The kadmind and the kdcd daemons should be restarted after you invoke the kdb_create utility.

The kdb_create utility uses the following options:

-a Realms Adds the realm REALM to the existing principal database. To use this switch, the principal database must already exist and you must be aware of the master password.

-e enctype Specifies the encryption and checksum mechanism of the primary principal. The three encryption types supported are:

•DES-CRC or 1: DES-CBC-CRC

•DES-MD5 or 3: DES-CBC-MD5