(heimdal.info) Creating the database
Info Catalog
(heimdal.info) Configuration file
(heimdal.info) Setting up a realm
(heimdal.info) keytabs
Creating the database
=====================
The database library will look for the database in the directory
`/var/heimdal', so you should probably create that directory. Make
sure the directory have restrictive permissions.
# mkdir /var/heimdal
The keys of all the principals are stored in the database. If you
choose to, these can be encrypted with a master key. You do not have to
remember this key (or password), but just to enter it once and it will
be stored in a file (`/var/heimdal/m-key'). If you want to have a
master key, run `kstash' to create this master key:
# kstash
Master key:
Verifying password - Master key:
To initialise the database use the `kadmin' program, with the `-l'
option (to enable local database mode). First issue a `init MY.REALM'
command. This will create the database and insert default principals
for that realm. You can have more than one realm in one database, so
`init' does not destroy any old database.
Before creating the database, `init' will ask you some questions about
max ticket lifetimes.
After creating the database you should probably add yourself to it. You
do this with the `add' command. It takes as argument the name of a
principal. The principal should contain a realm, so if you haven't setup
a default realm, you will need to explicitly include the realm.
# kadmin -l
kadmin> init MY.REALM
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin> add me
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Attributes []:
Password:
Verifying password - Password:
Now start the KDC and try getting a ticket.
# kdc &
# kinit me
me@MY.REALMS's Password:
# klist
Credentials cache: /tmp/krb5cc_0
Principal: me@MY.REALM
Issued Expires Principal
Aug 25 07:25:55 Aug 25 17:25:55 krbtgt/MY.REALM@MY.REALM
If you are curious you can use the `dump' command to list all the
entries in the database. It should look something similar to the
following example (note that the entries here are truncated for
typographical reasons):
kadmin> dump
me@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
kadmin/admin@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
krbtgt/MY.REALM@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
kadmin/changepw@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
Info Catalog
(heimdal.info) Configuration file
(heimdal.info) Setting up a realm
(heimdal.info) keytabs
automatically generated byinfo2html