Filter
Top Products
Administering the Kerberos Server
Principals
Chapter 8126
kadmin/REALM@REALM: The Kerberos administrative graphical
user interface and command-line interface utilities use the
kadmin/REALM@REALM principal name. This principal is required in each
realm. It automatically adds the principal name when you add a realm to
the database.
This principal uses a random key, but you do not need to extract the key
to a service key table file.
IMPORTANT Do not remove or modify this principal entry.
kadmin/changepw@REALM: The Kerberos v5 standard set/change
password protocol requires the kadmin/changepw@REALM principal. This
principal is automatically added to the database when a realm is created.
This principal uses a random key, but you do not need to extract the key
to the service key table file.
IMPORTANT Do not remove or modify this principal entry.
kcpwd/REALM@REALM: The kcpwd/REALM@REALM principal name is
the change password service for Kerberos. This principal is required in
each realm. It is automatically added when you add a realm to the
database.
This principal uses a random key. However, you do not need to extract
this key to a service key table file.
IMPORTANT Do not remove or modify this principal entry.
host/fqdn@REALM: Kerberos servers and application services such as
the following use the host/fqdn@REALM principal name:
• Primary and secondary security servers, depending on the
requirement of the database propagation.
• Secure connection utility daemons and client applications.