In this tutorial I will give you a few useful commands when using Kerberos. If you haven’t installed Kerberos yet go here. I will keep this updated as time goes on. Also note that the commands below have a variety of options. Please go check.
Admin
This will open Kerberos V5 administration system.
kadmin.local
Add Principal
This will add a new principal. -randkey is optional. When specified the encrypted key will be chosen at random instead of derived from a password. Be sure to change USER to whatever your user is.
addprinc -randkey USER/_HOST@REALM.CA
Create KeyTab
This will create a keytab in the directory where you generated it. You should put it in /etc/security/keytabs/ folder. You can also specify the full path (IE: /etc/security/keytabs/USER.keytab). Be sure to change USER to whatever your user is.
xst -k USER.keytab USER/_HOST@REALM.CA
Kinit
When using the -kt uses the keytab to grant a ticket
kinit -kt /etc/security/keytabs/USER.keytab USER/_HOST@REALM.CA
Klist
If you want to see what tickets have been granted. You can issue the below command.
klist
Inline Commands
You can do inline Kerberos commands without first opening kadmin.local. To do so you must specify the “-q” option then in quotes the command to issue. See below.
kadmin.local -q "addprinc -randkey USER/_HOST@REALM.CA"