In this tutorial I will give you a few useful commands when using Kerberos. If you haven’t installed Kerberos yet go here. I will keep this updated as time goes on. Also note that the commands below have a variety of options. Please go check.
Admin
This will open Kerberos V5 administration system.
- kadmin.local
Add Principal
This will add a new principal. -randkey is optional. When specified the encrypted key will be chosen at random instead of derived from a password. Be sure to change USER to whatever your user is.
- addprinc -randkey USER/_HOST@REALM.CA
Create KeyTab
This will create a keytab in the directory where you generated it. You should put it in /etc/security/keytabs/ folder. You can also specify the full path (IE: /etc/security/keytabs/USER.keytab). Be sure to change USER to whatever your user is.
- xst -k USER.keytab USER/_HOST@REALM.CA
Kinit
When using the -kt uses the keytab to grant a ticket
- kinit -kt /etc/security/keytabs/USER.keytab USER/_HOST@REALM.CA
Klist
If you want to see what tickets have been granted. You can issue the below command.
- klist
Inline Commands
You can do inline Kerberos commands without first opening kadmin.local. To do so you must specify the “-q” option then in quotes the command to issue. See below.
- kadmin.local -q "addprinc -randkey USER/_HOST@REALM.CA"