Administration

Creating the Kerberos Database

 

3DES or 5: DES-CBC-MD5(default)

-f keyfile

When used with the -sswitch, it specifies an alternate

 

name for the stash file. If you do not use the -fswitch,

 

the default keyfile is .k5.REALM.

-M mkeyname

Specifies an alternate primary principal name. The

 

default primary name is K/M@REALM.

-p PASSWORD

Suppress the kdb_create from prompting you for the

 

master password, which makes it easier to configure a

 

database with a shell script. The master password is

 

used to generate an encryption key that protects all the

 

entries in the database.

 

You cannot use this option to change the master

 

password.

-r REALM

Creates the principal database for the realm REALM. By

 

default, kdb_create uses the realm defined in the

 

krb.conf file. If this file does not exist the command

 

uses the uppercase equivalent of the domain name.

-s

Stores the master key in a stash file that can be

 

automatically retrieved, eliminating the need to

 

manually enter the key each time you start the

 

security server.

-v

Runs the kdb_create in verbose mode.

Given below is an example of using the kdb_create:

shell% kdb_create -a BAMBI.COM

Initializing database /opt/krb5/principal for realm BAMBI.COM...

master key name is K/M@DCETST3.FINANCE.BAMBI.COM

It is important that you NOT FORGET this password.

Enter password:

Re-enter password for verification:

Adding principals to database...

Cleaning up....

shell%

The kdb_create command creates the principals mentioned below:

K/M@<REALM NAME>

This is the default key name. However this key name is can be configured.

default@<REALM NAME>

192

Chapter 6