Filter
Top Products
Administering the Kerberos Server
Kerberos Database Utilities
Chapter 8 225
Kerberos Database Utilities
The primary security server contains a database of all principals that are
trusted in each of the supported realms. You can also create the database
during installation. See “Auto-Configuration of the Kerberos Server” on
page 63 for more information.
The kdb_create utility creates a Kerberos database and adds a realm to
the existing database. You cannot use this utility if you do not remember
the master password. After creating the principal database using the
kdb_create utility, you can load a previously dumped database by using
the kdb_load utility.
NOTE You must be a root user to execute the kdb_create utility.
The general syntax for creating the Kerberos database is as follows:
kdb_create [-a REALM] [-e enctype] [-M mkeyname] [-p
PASSWORD] [-r REALM] [-s[-f keyfile]] [-v]
The -a, -e and the -M switches are used to override defaults. You must
use these switches each time you run other daemons and programs that
use the defaults. For example, when you use the kadmind or kdb_load
utility, use the switches mentioned in the kdb_create command.
Restart the kadmind and the kdcd daemons after you invoke the
kdb_create utility.
You can invoke the kdb_create utility with the following options:
-a Realms Adds the realm REALM to the existing principal
database. To use this switch, you must be aware of the
master password and the principal database must
already exist.
-e enctype Specifies the encryption and checksum mechanism of
the primary principal. Following are the encryption
types that are supported:
• 3DES or 5: DES-CBC-MD5 (default)
• DES-MD5 or 3: DES-CBC-MD5