1.3. Create the Database and Set Up First Administrator

  1. Use the utilty kdb5_util to create the Kerberos database.

    • For RHEL/CentOS

      /usr/sbin/kdb5_util create -s

    • For SLES

      kdb5_util create -s

    The -s option allows storing the master server key for database in a stash file.

    If the stash file is not present, you must log into the KDC with the master password (specified during installation) each time it starts. This will automatically regenerate the master server key.

  2. Edit the Access Control List (/var/kerberos/krb5kdc/kadm5.acl in RHEL or CentOS and /var/lib/kerberos/krb5kdc/kadm5.acl in SLES ) to define the principals that have admin (modifying) access to the database.

    A simple example would be a single entry:

    */admin@EXAMPLE.COM *

    This specifies that all principals with the /admin instance extension have full access to the database.

  3. Restart kadmin.

  4. Create the first user principal.

    On the KDC machine, execute the following as root user:

    /usr/sbin/kadmin.local -q "addprinc <username>/admin"

    Other principals can now be created either on the KDC machine itself or through the network, using this principal.

  5. Start Kerberos.

    • For RHEL/CentOS

      /sbin/service krb5kdc start
      /sbin/service kadmin start

    • For SLES

      rckrb5kdc start
      rckadmind start


loading table of contents...