Create the database
with the following command.
[root@coma ~]
kdb5_util create -s
This will prompt
you for a password. You will only have to enter this password when you
initially configure a slave KDC, so choose something large and random and store
it in a secure place. Really, you may only have to enter this once more, so
make it secure.
Add the first Administrative
User
I do administration as root, so the
first user I add is root/admin. The default realm is appended automatically, so
the command to use is as follows.
[root@coma ~] kadmin.local -q "addprinc root/admin"
Enter a password when prompted. You will need this password every time you administer the database.
[root@coma ~] kadmin.local -q "addprinc root/admin"
Enter a password when prompted. You will need this password every time you administer the database.
Starting the Services
At this point it is necessary to enable
and start the kerberos services.
[root@coma ~] chkconfig kadmin on
[root@coma ~] service kadmin start
[root@coma ~] chkconfig krb5kdc on
[root@coma ~] service krb5kdc start
[root@coma ~] service kadmin start
[root@coma ~] chkconfig krb5kdc on
[root@coma ~] service krb5kdc start
To test if everything is working, run
kadmin. By default, the current user appended with ‘/admin’ is used as the
principle.
[root@coma ~] kadmin
Authenticating as principal root/admin@PHYSIK.UNIZH.CH with password.
Password for root/admin@PHYSIK.UNIZH.CH:
kadmin: listprincs
K/M@PHYSIK.UNIZH.CH
kadmin/admin@PHYSIK.UNIZH.CH
kadmin/changepw@PHYSIK.UNIZH.CH
kadmin/history@PHYSIK.UNIZH.CH
krbtgt/PHYSIK.UNIZH.CH@PHYSIK.UNIZH.CH
root/admin@PHYSIK.UNIZH.CH
The additional principles have been created by the tool. They are required so leave them be.
[root@coma ~] kadmin
Authenticating as principal root/admin@PHYSIK.UNIZH.CH with password.
Password for root/admin@PHYSIK.UNIZH.CH:
kadmin: listprincs
K/M@PHYSIK.UNIZH.CH
kadmin/admin@PHYSIK.UNIZH.CH
kadmin/changepw@PHYSIK.UNIZH.CH
kadmin/history@PHYSIK.UNIZH.CH
krbtgt/PHYSIK.UNIZH.CH@PHYSIK.UNIZH.CH
root/admin@PHYSIK.UNIZH.CH
The additional principles have been created by the tool. They are required so leave them be.
Create a Host Principal for the
KDC
Now you will want to create a host
principal for the KDC. This is required for replication (see below). You also
need to add this principal to the local key table.
[root@coma ~]# kadmin
Authenticating as principal root/admin@EXAMPLE.COM with password.
Password for root/admin@EXAMPLE.COM:
kadmin: addprinc -randkey host/coma.EXAMPLE.COM
NOTICE: no policy specified for host/coma.example.com@EXAMPLE.COM; assigning "default"
Principal "host/coma.example.com@EXAMPLE.COM" created.
kadmin: ktadd host/coma.example.com
[root@coma ~]# kadmin
Authenticating as principal root/admin@EXAMPLE.COM with password.
Password for root/admin@EXAMPLE.COM:
kadmin: addprinc -randkey host/coma.EXAMPLE.COM
NOTICE: no policy specified for host/coma.example.com@EXAMPLE.COM; assigning "default"
Principal "host/coma.example.com@EXAMPLE.COM" created.
kadmin: ktadd host/coma.example.com
Setup the default Policy
You will want to create the default
password policy at this point. All new accounts will have this policy enforced.
[root@coma ~] kadmin
Authenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: add_policy -maxlife 180days -minlife 2days -minlength 8 -minclasses 3 -history 10 default
You can also add other policies and apply different policies to different principles. The different flags and their meaning are as follows.
[root@coma ~] kadmin
Authenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: add_policy -maxlife 180days -minlife 2days -minlength 8 -minclasses 3 -history 10 default
You can also add other policies and apply different policies to different principles. The different flags and their meaning are as follows.
Flag
|
Description
|
-maxlife
|
The is the maximum
period before the password must be changed.
|
-minlife
|
This is the minimum
time after a password change before it can be changed again. Without a
minimum time, users can change their password multiple times and overflow the
history (see below) and end up back with the same password.
|
-minclasses
|
This is the number
of distinct character classes that must appear in the password. Character
classes are uppercase letters, lowercase letters, number and symbols. Setting
this to 2 for example would mean a password with at least one lowercase
letter and a number would be valid.
|
-history
|
This is the number
of previous passwords to keep. A password may not duplicate a prior password.
|
Changing the Maximum Renewal
Time
Each principal has its own maximum
renewal life. On RHEL4, new principals are created with a maximum renewal time
of zero. This means you can get a renewable ticket, but they can never be
renewed. Each principal must be manually changed to the desired maximum renewal
time. In addition, the special principal krbtgt/REALM@REALM must be changed to
reflect the maximum renewal time that any principal will have.
[root@coma ~]# kadmin
Authenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: modprinc -maxrenewlife 2weeks krbtgt/ EXAMPLE.COM @ EXAMPLE.COM
Principal "krbtgt/ EXAMPLE.COM @ EXAMPLE.COM " modified.
[root@coma ~]# kadmin
Authenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: modprinc -maxrenewlife 2weeks krbtgt/ EXAMPLE.COM @ EXAMPLE.COM
Principal "krbtgt/ EXAMPLE.COM @ EXAMPLE.COM " modified.
Adding Principals
[root@coma ~] kadmin
uthenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: addprinc -maxrenewlife 7days doug
The various options allow you to tune your password policy.
uthenticating as principal root/admin@ EXAMPLE.COM with password.
Password for root/admin@ EXAMPLE.COM:
kadmin: addprinc -maxrenewlife 7days doug
The various options allow you to tune your password policy.
This helps us confirm we are paying the right particular person and protects our players against any authorised use of their account. Please e mail your proof of tackle as outlined above or use the submit button 바카라사이트 under. We settle for all main banking methods to deposit and withdraw, together with MasterCard and Visa, pay by mobile , Trustly, Skrill, Instant bank transfer and Pay Safe. Spin up classics like Rainbow Riches and Raging Rhino or use your every day freebies to fire up some jackpot joy with Wolfs Gold and Pandas Fortune.