Use the following procedure to import Kerberos keys that were created on the KDC. The keys are then stored in the appliance keytab. This task does not require login credentials on the KDC. Descriptions of each property are located in Kerberos Service Properties and Kerberos Properties and Logs.
Before You Begin
Ensure that you have enabled the Kerberos service, set the realm, and identified the KDC(s) as described in Creating a Kerberos Realm (CLI).
hostname:configuration services kerberos importkeytab (uncommitted)> show Properties: url = (unset) user = (unset) password = (unset)
hostname:configuration services kerberos importkeytab (uncommitted)> set url=http://akbuild1/shares/export/123456/demo.keytab url = http://akbuild1/shares/export/123456/demo.keytab
hostname:configuration services kerberos importkeytab (uncommitted)> set user=myusername user = myusername
hostname:configuration services kerberos importkeytab (uncommitted)> set password=letmein password = (set) hostname:configuration services kerberos importkeytab (uncommitted)> commit Transferred 718 of 718 (100%) . . . done Imported 8 keys.
hostname:configuration services kerberos> show Properties: <status> = online allow_weak_crypto = true Realms: REALM KDC TEST.NET kdc1.us.oracle.com
hostname:configuration services kerberos> select TEST.NET hostname:configuration services kerberos TEST.NET> show Properties: kdcs = kdc1.us.oracle.com Keytab entries: NAME KEYS PRINCIPAL principal-000 4 host/hostname.us.oracle.com@TEST.NET principal-001 4 nfs/hostname.us.oracle.com@TEST.NET
hostname:configuration services kerberos TEST.NET> select principal-001 hostname:configuration services kerberos principal-001> show Properties: name = nfs/hostname.us.oracle.com@TEST.NET Keys: KEY KVNO ENCTYPENO ENCTYPE key-000 28 18 AES-256 CTS mode with 96-bit SHA-1 HMAC key-001 28 17 AES-128 CTS mode with 96-bit SHA-1 HMAC key-002 28 16 Triple DES cbc mode with HMAC/sha1 key-003 28 23 ArcFour with HMAC/md5 key-004 28 24 Exportable ArcFour with HMAC/md5 key-005 28 3 DES cbc mode with RSA-MD5 key-006 28 1 DES cbc mode with CRC-32
Legend for column headings:
KEY = Key name
KVNO = Key version number
ENCTYPENO = Encryption type number
ENCTYPE = Encryption type
hostname:configuration services kerberos principal-001> select key-003 hostname:configuration services kerberos principal-001 key-003> show Properties: principal = nfs/hostname.us.oracle.com@TEST.NET kvno = 28 enctype = ArcFour with HMAC/md5 enctypeno = 23