Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Adding Principals to Keytabs

To generate a keytab, or to add a principal to an existing keytab, use the ktadd command from kadmin, which requires the "inquire" administrative privilege. (If you use the -glob princ_exp option, it also requires the "list" administrative privilege.) The syntax is:

     ktadd [-k[eytab] keytab] [-q] [-e
     key:salt_list] [principal | -glob princ_exp]
     [...]
     

The ktadd command takes the following switches:

-k[eytab] keytab
use keytab as the keytab file. Otherwise, ktadd will use the default keytab file (/etc/krb5.keytab).
-e "enc:salt..."
Uses the specified list of enctype-salttype pairs for setting the key of the principal. The quotes are necessary if there are multiple enctype-salttype pairs. This will not function against kadmin daemons earlier than krb5-1.2. See Supported Encryption Types and Salts for all possible values.
-q
run in quiet mode. This causes ktadd to display less verbose information.
principal | -glob principal expression
add principal, or all principals matching principal expression to the keytab. The rules for principal expression are the same as for the kadmin list_principals (see Retrieving a List of Principals) command.

Here is a sample session, using configuration files that enable only des-cbc-crc encryption. (The line beginning with => is a continuation of the previous line.)

     kadmin: ktadd host/[email protected]
     kadmin: Entry for principal host/[email protected] with
          kvno 2, encryption type DES-CBC-CRC added to keytab
          WRFILE:/etc/krb5.keytab.
     kadmin:
     
     kadmin: ktadd -k /usr/local/var/krb5kdc/kadmind.keytab
     => kadmin/admin kadmin/changepw
     kadmin: Entry for principal kadmin/[email protected] with
          kvno 3, encryption type DES-CBC-CRC added to keytab
          WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
     kadmin:
     

 
 
  © 1985-2006 by the Massachusetts Institute of Technology - Reproduced with permission. Design by Interspire