[ Team LiB ] Previous Section Next Section

Recipe 4.12 Adding Users to a Kerberos Realm

4.12.1 Problem

You want to add a new user to an existing MIT Kerberos-5 realm.

4.12.2 Solution

Use kadmin on any realm host:

$ kadmin
Authenticating as principal pat/admin@DOGOOD.ORG with password.

To add the user named joe:

kadmin: ank -policy users joe
Enter password for principal "joe@DOGOOD.ORG": ********
Re-enter password for principal "joe@DOGOOD.ORG": ********
Principal "joe@DOGOOD.ORG" created.

To give joe administrative privileges:

kadmin: ank -policy admin joe/admin
Enter password for principal "joe/admin@DOGOOD.ORG": ********
Re-enter password for principal "joe/admin@DOGOOD.ORG": ********
Principal "joe/admin@DOGOOD.ORG" created.

and tell Joe his temporary user and admin passwords, which he should immediately change with kpasswd . When finished:

kadmin: quit

4.12.3 Discussion

This is the same procedure we used while setting up your KDC. [Recipe 4.11] You need not be on the KDC to do administration; you can do it remotely with kadmin. The program kadmin.local, which we used before, is only for bootstrapping or other exceptional situations.

4.12.4 See Also

kadmin(8).
    [ Team LiB ] Previous Section Next Section