DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

(heimdal.info.gz) Creating the database

Info Catalog (heimdal.info.gz) Configuration file (heimdal.info.gz) Setting up a realm (heimdal.info.gz) Modifying the database 
 
 4.2 Creating the database
 =========================
 
 The database library will look for the database in the directory
 `/var/heimdal', so you should probably create that directory.  Make
 sure the directory has restrictive permissions.
 
      # mkdir /var/heimdal
 
 The keys of all the principals are stored in the database.  If you
 choose to, these can be encrypted with a master key.  You do not have to
 remember this key (or password), but just to enter it once and it will
 be stored in a file (`/var/heimdal/m-key').  If you want to have a
 master key, run `kstash' to create this master key:
 
      # kstash
      Master key:
      Verifying password - Master key:
 
 If you want to generate a random master key you can use the
 `--random-key' flag to kstash. This will make sure you have a good key
 on which attackers can't do a dictionary attack.
 
 If you have a master key, make sure you make a backup of your master
 key file; without it backups of the database are of no use.
 
 To initialise the database use the `kadmin' program, with the `-l'
 option (to enable local database mode). First issue a `init MY.REALM'
 command. This will create the database and insert default principals
 for that realm. You can have more than one realm in one database, so
 `init' does not destroy any old database.
 
 Before creating the database, `init' will ask you some questions about
 maximum ticket lifetimes.
 
 After creating the database you should probably add yourself to it. You
 do this with the `add' command. It takes as argument the name of a
 principal. The principal should contain a realm, so if you haven't set
 up a default realm, you will need to explicitly include the realm.
 
      # kadmin -l
      kadmin> init MY.REALM
      Realm max ticket life [unlimited]:
      Realm max renewable ticket life [unlimited]:
      kadmin> add me
      Max ticket life [unlimited]:
      Max renewable life [unlimited]:
      Attributes []:
      Password:
      Verifying password - Password:
 
 Now start the KDC and try getting a ticket.
 
      # kdc &
      # kinit me
      me@MY.REALMS's Password:
      # klist
      Credentials cache: /tmp/krb5cc_0
              Principal: me@MY.REALM
 
        Issued           Expires          Principal
      Aug 25 07:25:55  Aug 25 17:25:55  krbtgt/MY.REALM@MY.REALM
 
 If you are curious you can use the `dump' command to list all the
 entries in the database.  It should look something similar to the
 following example (note that the entries here are truncated for
 typographical reasons):
 
      kadmin> dump
      me@MY.REALM 1:0:1:0b01d3cb7c293b57:-:0:7:8aec316b9d1629e3baf8 ...
      kadmin/admin@MY.REALM 1:0:1:e5c8a2675b37a443:-:0:7:cb913ebf85 ...
      krbtgt/MY.REALM@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
      kadmin/changepw@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
Info Catalog (heimdal.info.gz) Configuration file (heimdal.info.gz) Setting up a realm (heimdal.info.gz) Modifying the database
automatically generated byinfo2html