[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 3
mkkrb5clnt Command
Purpose
Configures a Kerberos client.
Syntax
mkkrb5clnt -h | [ -c KDC -r Realm -s Server -U [ -a Admin ] -d Domain [ -A ] [ -i Database ] [ -K ] [ -T ] ] [ -l {ldapserver | ldapserver:port}
]
Description
This command configures the Kerberos client. The first part of the command
reads realm name, KDC, VDB path, and domain name from the input and generates
a krb5.conf file.
| /etc/krb5/krb5.conf: |
Values for realm name, Kerberos admin server, and domain name are set
as specified on the command line. Also updates the paths for default_keytab_name, kdc, and kadmin log files. |
If DCE is not configured, this command creates a link to /etc/krb5/krb5.conf from /etc/krb5.conf.
The command also allows you to configure root as admin user, configure
integrated Kerberos authentication, and configure Kerberos as default authentication
scheme.
For integrated login, the -i flag requires the name
of the database being used. For LDAP, use the load module name that specifies
LDAP. For local files, use the keyword files.
| Standard Output |
Consists of information messages when the -h flag
is used. |
| Standard Error |
Consists of error messages when the command cannot complete successfully. |
Flags
|
-a Admin |
Specifies the principal name of the Kerberos server admin. |
|
-A |
Specifies root to be added as a Kerberos administrative user. |
|
-c KDC |
Specifies the KDC server. |
|
-d Domain |
Specifies the complete domain name for the Kerberos client. |
|
-h |
Specifies that the command is only to display the valid command syntax. |
|
-i Database |
Configures integrated Kerberos authentication. |
|
-K |
Specifies Kerberos to be configured as the default authentication scheme. |
|
-l ldapserver | ldapserver:port |
For servers, specifies the LDAP directory used to store the Network
Authentication Service principal and policy information.
For clients, specifies
the LDAP directory server to use for Administration server and KDC discovery
using LDAP. If the -l flag is used, then the KDC and
server flags are optional. If the -l option is not used,
the KDC and server flags must be specified. The port number can optionally
be specified.
For clients and servers, the port number can optionally
be specified. If the port number is not specified, the client connects to
the default LDAP server port 389 or 636 for SSL connections.
Note
Only the client configuration is updated. |
|
-r Realm |
Specifies the full realm name for which the Kerberos client is to be
configured. |
|
-s Server |
Specifies the fully qualified host name for Kerberos admin server. |
|
-T |
Specifies the flag to acquire server admin TGT based admin ticket. |
|
-U |
Undo the setup from the previous configuration command. |
Exit Status
Failure of this command to execute successfully may result in incomplete
client configuration.
| 0 |
Indicates the successful completion of the command. |
| 1 |
Indicates that an error occurred. |
Security
Only the root user is authorized to use this command.
Examples
- To display the command syntax, type:
mkkrb5clnt -h
- To configure testbox.austin.ibm.com as a client
to sundial.austin.ibm.com where KDC is also running
on sundial.austin.ibm.com, type:
mkkrb5clnt -c sundial.austin.ibm.com -r UD3A.AUSTIN.IBM.COM \
-s sundial.austin.ibm.com -d austin.ibm.com
- To configure testbox.austin.ibm.com as the client,
make root as the server admin, configure integrated login, configure Kerberos
as default authentication scheme, type:
mkkrb5clnt -c sundial.austin.ibm.com -r UD3A.AUSTIN.IBM.COM \
-s sundial.austin.ibm.com -d austin.ibm.com \
-A -i files -K -T
Files
| /usr/krb5/sbin |
Contains the mkkrb5clnt command. |
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]