创建 Kerberos 主体和密钥 (CLI)

使用以下过程可使用设备在 KDC 管理服务器上创建 Kerberos 主体。将为每个主体生成密钥，并将密钥存储在设备密钥表中。有关每个属性的说明，请参见Kerberos 服务属性和Kerberos 属性和日志。

开始之前

• 确保启用了 Kerberos 服务，设置了领域，并确定了 KDC，如创建 Kerberos 领域 (CLI)中所述。

• 确保您在 KDC 上有登录凭证。

1. 转到 configuration services kerberos 并输入 list。

   hostname:configuration services kerberos> list
   REALM               KDC
   TEST.NET

2. 选择领域。

   hostname:configuration services kerberos> select TEST.NET
   hostname:configuration services kerberos TEST.NET>

3. 要创建主体，请输入 principals，然后再输入 show 以查看属性。

   hostname:configuration services kerberos TEST.NET> principals
   hostname:configuration services kerberos TEST.NET principals (uncommitted)> show
   Properties:
                  realm = TEST.NET
                 server = kdc1.us.oracle.com
                  admin = (unset)
               password = (unset)

4. (u53ef选) 要更改 KDC 服务器，请输入 set kdcs= 和 KDC 服务器主机名称。然后输入 commit。

   hostname:configuration services kerberos TEST.NET> set kdcs=kdc2.us.oracle.com
                  kdcs = kdc2.us.oracle.com (uncommitted)
   hostname:configuration services kerberos TEST.NET> commit

5. 输入 set admin= 和领域的 KDC 管理员名称。

   hostname:configuration services kerberos TEST.NET principals (uncommitted)> set admin=kdc/admin

6. 输入 set password= 和 KDC 管理员密码，然后再输入 commit。

   hostname:configuration services kerberos TEST.NET principals (uncommitted)> set password=test123
                password = *******
   hostname:configuration services kerberos TEST.NET principals (uncommitted)> commit

7. 输入 show 查看 KDC 的主体。

   hostname:configuration services kerberos TEST.NET> show
   Properties:
                   kdcs = kdc1.us.oracle.com
   Keytab entries:
   NAME            KEYS  PRINCIPAL
   principal-000   4     host/hostname.us.oracle.com@TEST.NET
   principal-001   4     nfs/hostname.us.oracle.com@TEST.NET

8. 要查看主体的密钥，请选择一个主体，然后输入 show。

   hostname:configuration services kerberos TEST.NET> select principal-001
   hostname:configuration services kerberos principal-001> show
   Properties:
                    name = nfs/hostname.us.oracle.com@TEST.NET
   Keys:
   KEY       KVNO   ENCTYPENO   ENCTYPE
   key-000   28     18          AES-256 CTS mode with 96-bit SHA-1 HMAC
   key-001   28     17          AES-128 CTS mode with 96-bit SHA-1 HMAC
   key-002   28     16          Triple DES cbc mode with HMAC/sha1
   key-003   28     23          ArcFour with HMAC/md5
   key-004   28     24          Exportable ArcFour with HMAC/md5
   key-005   28     3           DES cbc mode with RSA-MD5
   key-006   28     1           DES cbc mode with CRC-32

   列标题图例：

   • KEY = 密钥名称

   • KVNO = 密钥版本号

   • ENCTYPENO = 加密类型编号

   • ENCTYPE = 加密类型

9. 要查看密钥的属性，请选择一个密钥，然后输入 show。

   hostname:configuration services kerberos principal-001> select key-003
   hostname:configuration services kerberos principal-001 key-003> show
   Properties:
                  principal = nfs/hostname.us.oracle.com@TEST.NET
                       kvno = 28
                    enctype = ArcFour with HMAC/md5
                  enctypeno = 23