System Administration Guide: Security Services

ProcedureHow to Interactively Configure a Master KDC

Starting with the Solaris Express Developer Edition 1/08 release, a master KDC can be interactively configured by using the following procedure.

  1. Become superuser.

  2. Create the KDC.

    Run the kdcmgr utility to create the KDC. You need to provide both the master key password and the password for the administrative principal.

    kdc1# kdcmgr create master
    Starting server setup
    Enter the Kerberos realm: EXAMPLE.COM
    Setting up /etc/krb5/kdc.conf
    Setting up /etc/krb5/krb5.conf
    Initializing database '/var/krb5/principal' for realm 'EXAMPLE.COM', 
    master key name 'K/M@EXAMPLE.COM' 
    You will be prompted for the database Master Password. 
    It is important that you NOT FORGET this password. 
    Enter KDC database master key: <Type the password>
    Re-enter KDC database master key to verify: <Type it again>
    Enter the krb5 administrative principal to be created: kws/admin
    Authenticating as principal root/admin@EXAMPLE.COM with password. 
    WARNING: no policy specified for kws/admin@EXAMPLE.COM; defaulting to no policy 
    Enter password for principal "kws/admin@EXAMPLE.COM": <Type the password>
    Re-enter password for principal "kws/admin@EXAMPLE.COM": <Type it again>
    Principal "kws/admin@EXAMPLE.COM" created. 
    Setting up /etc/krb5/kadm5.acl. 
    Setup COMPLETE. 

Example 23–1 Displaying the Status of a KDC Server

The kdcmgr status command can be used to display information about either a master or a slave KDC server.