If a new principal requires a new policy, you must create the new policy before you create the principal. For policy creation, see Example 5–10. Most Kerberos policies specify password requirements.Example 5-4 Creating a New Kerberos Principal
The following example creates a new principal called pak and sets the principal's policy to testuser. The other required values, such as encryption type, use default values.
# /usr/sbin/kadmin kadmin: add_principal -policy testuser pak Enter password for principal "pak@EXAMPLE.COM": xxxxxxxx Re-enter password for principal "pak@EXAMPLE.COM": xxxxxxxx Principal "pak@EXAMPLE.COM" created. kadmin: quit
Typically, few users are privileged to administer the Kerberos database. If this new principal needs administrative privileges, continue with Modifying Principals' Kerberos Administration Privileges.