1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. Kerberos Configuration
  5. Creating Kerberos Principals and Keys (CLI)

Creating Kerberos Principals and Keys (CLI)

Use the following procedure to create Kerberos principals on the KDC administrative server using the appliance. Keys are generated for each principal and stored in the appliance keytab. Descriptions of each property are located in Kerberos Service Properties and Kerberos Properties and Logs.

Before You Begin

  • Ensure that you have enabled the Kerberos service, set the realm, and identified the KDC(s) as described in Creating a Kerberos Realm (CLI).
  • Ensure that you have login credentials on the KDC.
  1. Go to configuration services kerberos and enter list. 
    hostname:configuration services kerberos> list
REALM               KDC
TEST.NET
  2. Select the realm. 
    hostname:configuration services kerberos> select TEST.NET
hostname:configuration services kerberos TEST.NET>
  3. To create the principals, enter principals and then enter show to view the properties. 
    hostname:configuration services kerberos TEST.NET> principals
hostname:configuration services kerberos TEST.NET principals (uncommitted)> show
Properties:
               realm = TEST.NET
              server = kdc1.us.oracle.com
               admin = (unset)
            password = (unset)
  4. Optional: To change the KDC server, enter set kdcs= and the KDC server host name. Then enter commit. 
    hostname:configuration services kerberos TEST.NET> set kdcs=kdc2.us.oracle.com
               kdcs = kdc2.us.oracle.com (uncommitted)
hostname:configuration services kerberos TEST.NET> commit
  5. Enter set admin= and the KDC administrator name for the realm. 
    hostname:configuration services kerberos TEST.NET principals (uncommitted)> set admin=kdc/admin
  6. Enter set password= and the KDC administrator password, and then enter commit. 
    hostname:configuration services kerberos TEST.NET principals (uncommitted)> set password=test123
             password = (set)
hostname:configuration services kerberos TEST.NET principals (uncommitted)> commit
  7. Enter show to view the principals for the KDC. 
    hostname:configuration services kerberos TEST.NET> show
Properties:
                kdcs = kdc1.us.oracle.com
Keytab entries:
NAME            KEYS  PRINCIPAL
principal-000   4     host/hostname.us.oracle.com@TEST.NET
principal-001   4     nfs/hostname.us.oracle.com@TEST.NET
  8. To view the keys for a principal, select a principal and enter show. 
    hostname:configuration services kerberos TEST.NET> select principal-001
hostname:configuration services kerberos principal-001> show
Properties:
                 name = nfs/hostname.us.oracle.com@TEST.NET
Keys:
KEY       KVNO   ENCTYPENO   ENCTYPE
key-000   28     18          AES-256 CTS mode with 96-bit SHA-1 HMAC
key-001   28     17          AES-128 CTS mode with 96-bit SHA-1 HMAC
key-002   28     16          Triple DES cbc mode with HMAC/sha1
key-003   28     23          ArcFour with HMAC/md5
key-004   28     24          Exportable ArcFour with HMAC/md5
key-005   28     3           DES cbc mode with RSA-MD5
key-006   28     1           DES cbc mode with CRC-32

    Legend for column headings:

    • KEY = Key name
    • KVNO = Key version number
    • ENCTYPENO = Encryption type number
    • ENCTYPE = Encryption type
  9. To view the properties of a key, select a key and enter show. 
    hostname:configuration services kerberos principal-001> select key-003
hostname:configuration services kerberos principal-001 key-003> show
Properties:
               principal = nfs/hostname.us.oracle.com@TEST.NET
                    kvno = 28
                 enctype = ArcFour with HMAC/md5
               enctypeno = 23