Adding a Unix host to the Kerberos database
Ok, so you want a host added to the Kerberos database so that it can run Kerberos telnetd, rlogind, etc. A host also needs to be added to the database if you want to use ksu on it.
- Currently only Unix hosts can run Kerberos application servers.
- You must have root access to the host.
- We only hand out keys for NCSA hosts.
Here is what you need to do:
- Send email to the Kerberos support team (firstname.lastname@example.org). You will need to tell them:
- The names of the host(s) you want to add
- You will get an invite to a new shared folder in LastPass where you will receive confirmation that the host(s) has been added to the Kerberos database and can view its initial password.
- You then need to log onto the host as root.
Run the command
<host>is the name of host. For example if you were adding the host odin you would log into odin as root and run the command
When prompted for a password, enter the host's initial password as given to you by the Kerberos team.
kadmin:prompt enter the command
<host>again is the name of the host being added. Continuing the example from above of adding the host odin, you would enter the command:ktadd host/odin.ncsa.uiuc.edu
. Doing this creates the file
/etc/krb5.keytaband also randomizes the password the password you just received from the Kerberos team.
quitand you are done.
Getting a replacement key for a host
If the host previously had a key but it was lost somehow (
/etc/krb5.keytab got deleted, a disk crashed, or OS upgrade), just do everything as above, but in your request to the Kerberos team, mention that this is a replacement key for one that was lost.
NCSA Kerberos administrators can refer to the Admin Adding a Unix host to the Kerberos database page for instructions on adding a host to the kerberos database.