Sun OpenSSO Enterprise 8.0 Deployment Planning Guide


Use these commands to create the configuration entries in the Windows host's registry for the Kerberos realm. The registry entries function similarly to the krb5.conf file used by Unix Kerberos to define the Kerberos Domain Controller information for Kerberos realms.

Table 18–5 ksetup Options



/SetRealm DnsDomainName

Makes this computer a member of an RFC1510 Kerberos Realmp  

/MapUser Principal [Account]

Maps a Kerberos Principal ('*' = any principal) to an account ('*' = an account by same name); If account name is omitted, mapping is deleted for the specified principal.  

/AddKdc RealmName [KdcName]

Defines a Kerberos Domain Controller entry for the given realm. If KdcName omitted, DNS mapping may be used to locate Kerberos Domain Controllers.

/DelKdc RealmName [KdcName]

Deletes a Kerberos Domain Controller entry from the realm. If KdcName omitted, the realm entry itself is deleted.

/AddKpasswd Realmname KpasswdName

Add Kpasswd server address for a realm

/DelKpasswd Realmname KpasswdName

Delete Kpasswd server address for a realm

/Server Servername

Specifies name of a Windows machine to target the changes  

/SetComputerPassword Password

Sets the password for the computer's domain account or host principal  

/RemoveRealm RealmName

Deletes all information for this realm from the registry  

/Domain [DomainName]

Uses this domain (if DomainName is unspecified, detects domain)  

/ChangePassword OldPasswd NewPasswd

Use Kpasswd to change the logged-on user's password. Use '*' to be prompted for passwords.

/ListRealmFlags (no args)

Lists the available Realm flags that ksetup knows

/SetRealmFlags <realm> <flag> [flag] [flag] [...]

Sets RealmFlagsfor a specific realm

/AddRealmFlags realm flag [flag] [flag] [...]

Adds additional RealmFlags to a realm

/DelRealmFlags realm flag [flag] [flag] [...]

Deletes RealmFlags from a realm

/DumpState (no arguments)

Analyze the Kerberos configuration on the given machine