Configures a Kerberos server.
mkkrb5srv -h | [ -r Realm [ -s Server ] -d Domain -a AdminName ] [ -l ldapserver | ldapserver:port ] [-u ldap_DN ] [ -p ldap_DN_pw ] [ -f {keyring | keyring:entry_dn} ] [ -k keyring_pw ] [ -b bind_type ] [-m masterkey_location ] [ -U ]
The mkkrb5srv command configures the Kerberos server. This command creates the kadm5.acl file, the kdc.conf file, and the Kerberos database. It also adds the administrator to the database and updates the /etc/inittab file with Kerberos daemons. This command does the initial configuration once the variables are set. They can be modified by editing the following files:
/etc/krb5/krb5.conf: | Values for realm name, Kerberos admin server, and domain name are set as specified on the command line. Also updates the paths for default_keytab_name, kdc, and kadmin log files. |
/var/krb5/krb5kdc/kdc.conf | This command sets the value for kdc_ports. Paths for database name, admin_keytab, acl_file, dict_file, key_stash_file. Values for kadmin_port, max_life, max_renewable_life, master_key_type, and supported_enctypes. |
/var/krb5/krb5kdc/kadm5.acl | Sets up the acls for admin, root, and host principals. |
If DCE is not configured, this command creates a link to /etc/krb5/krb5.conf from /etc/krb5.conf.
Standard Output | Consists of information messages when the -h flag is used. |
Standard Error | Consists of error messages when the command cannot complete successfully. |
Failure of this command to execute successfully results in incomplete server configuration.
0 | Indicates the successful completion of the command. |
1 | Indicates that an error occurred. |
Only the root user is authorized to use this command.
mkkrb5srv -h
mkkrb5srv -r UD3A.AUSTIN.IBM.COM -s sundial.austin.ibm.com -d austin.ibm.com
/usr/sbin/mkkrb5srv | Contains the mkkrb5srv command. |