Child pages
  • Adding a Unix host to the Kerberos database
Skip to end of metadata
Go to start of metadata

Adding a Unix host to the Kerberos database 

Ok, so you want a host added to the Kerberos database so that it can run Kerberos telnetd, rlogind, etc. A host also needs to be added to the database if you want to use ksu on it.


  • Currently only Unix hosts can run Kerberos application servers.
  • You must have root access to the host.
  • We only hand out keys for NCSA hosts.

Here is what you need to do:

  1. Send email to the Kerberos support team ( You will need to tell them:
    1. The names of the host(s) you want to add
  2. You will get an invite to a new shared folder in LastPass where you will receive confirmation that the host(s) has been added to the Kerberos database and can view its initial password.
  3. You then need to log onto the host as root.
  4. Run the command 

    /usr/bin/kadmin -p host/<host>

    Where <host> is the name of host. For example if you were adding the host odin you would log into odin as root and run the command 

    /usr/bin/kadmin -p host/

    When prompted for a password, enter the host's initial password as given to you by the Kerberos team.

  5. At the kadmin: prompt enter the command 

    ktadd host/<host>

    Where <host> again is the name of the host being added. Continuing the example from above of adding the host odin, you would enter the command:ktadd host/
    . Doing this creates the file /etc/krb5.keytab and also randomizes the password the password you just received from the Kerberos team.

  6. Type quit and you are done.

Getting a replacement key for a host

If the host previously had a key but it was lost somehow (/etc/krb5.keytab got deleted, a disk crashed, or OS upgrade), just do everything as above, but in your request to the Kerberos team, mention that this is a replacement key for one that was lost.

NCSA Kerberos administrators can refer to the Admin Adding a Unix host to the Kerberos database page for instructions on adding a host to the kerberos database.

  • No labels