[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 3

mkkrb5clnt Command

Purpose

Configures a Kerberos client.

Syntax

mkkrb5clnt -h | [ -c KDC -r Realm -s Server [ -v VDBPath ] [ -a Admin ] -d Domain [ -A ] [ -i Database ] [ -K ] [ -T ] ]

Description

This command configures the Kerberos client. The first part of the command reads realm name, KDC, VDB path, and domain name from the input and generates a krb5.conf file.

/etc/krb5/krb5.conf: Values for realm name, Kerberos admin server, and domain name are set as specified on the command line. Also updates the paths for default_keytab_name, kdc, and kadmin log files.

If DCE is not configured, this command creates a link to /etc/krb5/krb5.conf from /etc/krb5.conf.

The command also allows you to configure root as admin user, configure integrated Kerberos authentication, and configure Kerberos as default authentication scheme.

For integrated login, the -i flag requires the name of the database being used. For LDAP, use the load module name that specifies LDAP. For local files, use the keyword files.

Standard Output Consists of information messages when the -h flag is used.
Standard Error Consists of error messages when the command cannot complete successfully.

Flags


-a Admin Specifies the principal name of the Kerberos server admin.
-A Specifies root to be added as a Kerberos administrative user.
-c KDC Specifies the KDC server.
-d Domain Specifies the complete domain name for the Kerberos client.
-h Specifies that the command is only to display the valid command syntax.
-i Database Configures integrated Kerberos authentication.
-K Specifies Kerberos to be configured as the default authentication scheme.
-r Realm Specifies the full realm name for which the Kerberos client is to be configured.
-s Server Specifies the fully qualified host name for Kerberos admin server.
-T Specifies the flag to acquire server admin TGT based admin ticket.
-v VDBPath Specifies the path where the Kerberos VDB layer is found.

Exit Status

Failure of this command to execute successfully may result in incomplete client configuration.

0 Indicates the successful completion of the command.
1 Indicates that an error occurred.

Security

Only the root user is authorized to use this command.

Examples

  1. To display the command syntax, type: 

    mkkrb5clnt -h
  2. To configure testbox.austin.ibm.com as a client to sundial.austin.ibm.com where KDC is also running on sundial.austin.ibm.com, type: 

    mkkrb5clnt -c sundial.austin.ibm.com -r UD3A.AUSTIN.IBM.COM \
            -s sundial.austin.ibm.com -d austin.ibm.com
  3. To configure testbox.austin.ibm.com as the client, make root as the server admin, configure integrated login, configure Kerberos as default authentication scheme, type: 

    mkkrb5clnt -c sundial.austin.ibm.com -r UD3A.AUSTIN.IBM.COM \
     -s sundial.austin.ibm.com -d austin.ibm.com \
     -A -i files -K -T

Files


/usr/krb5/sbin Contains the mkkrb5clnt command.

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]