Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Ways to Administer Kerberos Principals and Policies

The Kerberos database on the master KDC contains all of your realm's Kerberos principals, their passwords, policies, and other administrative information. To create and delete principals, and to modify their attributes, you can use either the kadmin or gkadmin command.

    The kadmin command provides an interactive command-line interface that enables you to maintain Kerberos principals, policies, and keytab files. You can also run scripts that automate principal creation. The kadmin command has a local version and a remote version:

  • kadmin – Uses Kerberos authentication to operate securely from anywhere on the network

  • kadmin.local – Must be run directly on the master KDC

The capabilities of the two versions are identical. You must configure the database enough with the local version before you can use the remote version.

The Oracle Solaris release also provides an interactive graphical user interface (GUI), gkadmin.

This section describes the scripting capabilities of the kadmin.local command, and compares the command-line and GUI interfaces.