System Administration Guide: Security Services

ProcedureHow to Automatically Configure a Kerberos Client

Before You Begin

This procedure uses an installation profile. See How to Create a Kerberos Client Installation Profile.

  1. Become superuser.

  2. Run the kclient installation script.

    You need to provide the password for the clntconfig principal to complete the process.


    client# /usr/sbin/kclient -p /net/denver.example.com/export/install/profile
    
    Starting client setup
    ---------------------------------------------------
    
    kdc1.example.com
    
    Setting up /etc/krb5/krb5.conf.
    
    Obtaining TGT for clntconfig/admin ...
    Password for clntconfig/admin@EXAMPLE.COM: <Type the password>
    
    nfs/client.example.com entry ADDED to KDC database.
    nfs/client.example.com entry ADDED to keytab.
    
    host/client.example.com entry ADDED to KDC database.
    host/client.example.com entry ADDED to keytab.
    
    Copied /net/denver.example.com/export/install/krb5.conf.
    
    ---------------------------------------------------
    Setup COMPLETE.
    
    client#

Example 23–7 Automatically Configuring a Kerberos Client With Command-Line Overrides

The following example overrides the DNSARG and the KDC parameters that are set in the installation profile.


# /usr/sbin/kclient -p /net/denver.example.com/export/install/profile\
-d dns_fallback -k kdc2.example.com

Starting client setup
---------------------------------------------------

kdc1.example.com

Setting up /etc/krb5/krb5.conf.

Obtaining TGT for clntconfig/admin ...
Password for clntconfig/admin@EXAMPLE.COM: <Type the password>

nfs/client.example.com entry ADDED to KDC database.
nfs/client.example.com entry ADDED to keytab.

host/client.example.com entry ADDED to KDC database.
host/client.example.com entry ADDED to keytab.

Copied /net/denver.example.com/export/install/krb5.conf.

---------------------------------------------------
Setup COMPLETE.

client#