Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Viewing Kerberos Principals and Their Attributes

The following examples show how to list principals and their attributes. You can use wildcards to construct the lists. For information about possible wildcards, review the definition of expression in the kadmin(1M) man page.

Example 5-1  Viewing Kerberos Principals

In this example, the list_principals subcommand is used to list all the principals that match kadmin*. Without an argument, list_principals lists all the principals that are defined in the Kerberos database.

# /usr/sbin/kadmin
kadmin: list_principals kadmin*
Example 5-2  Viewing the Attributes of Kerberos Principals

The following example displays the attributes of the jdb/admin principal.

kadmin: get_principal jdb/admin
Principal: jdb/admin@EXAMPLE.COM

Expiration date: [never]
Last password change: [never]

Password expiration date: Fri Sep 13 11:50:10 PDT 2013
Maximum ticket life: 1 day 16:00:00
Maximum renewable life: 1 day 16:00:00
Last modified: Thu Aug 15 13:30:30 PST 2013 (host/admin@EXAMPLE.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 1, AES-128 CTS mode with 96-bit SHA-1 HMAC, no salt
Key: vno 1, Triple DES with HMAC/sha1, no salt
Key: vno 1, ArcFour with HMAC/md5, no salt
Policy: [none]
kadmin: quit
Example 5-3  Using the gkadmin GUI to List and Set Defaults for Kerberos Principals

In this example, the administrator wants to show a new administrator the list of principals and their attributes, so uses the gkadmin GUI. The administrator also sets new defaults for future principals.

# /usr/sbin/gkadmin

The window displays the Principal Name, Password, Realm, and Master KDC fields.

The administrator navigates to the list of all principal names, then shows the new administrator how to use the case-sensitive filter.

Then, the administrator clicks the Edit menu and chooses Properties. After clicking Require Password Change, the administrator applies the change.

To see the attributes for a current principal, the administrator navigates to the list of principals and chooses a principal from the list. The first dialog box displays basic attributes. The administrator clicks the Next button to display all the attributes.