认证登录
kinit admin/admin@EXAMPLE.COM
Password for admin/admin@EXAMPLE.COM: 123456
查询登录
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@EXAMPLE.COM
Valid starting Expires Service principal
2018-07-12T00:54:55 2018-07-13T00:54:55 krbtgt/EXAMPLE.COM@EXAMPLE.COM
退出
kdestory
klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
登录管理KDC服务器
kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:
查看用户列表
listprincs
K/M@EXAMPLE.COM
activity_analyzer/host1.demo.com@EXAMPLE.COM
activity_explorer/host1.demo.com@EXAMPLE.COM
admin/admin@EXAMPLE.COM
...
修改账号密码
kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local: change_password admin/admin@EXAMPLE.COM
Enter password for principal "admin/admin@EXAMPLE.COM": 123456
Re-enter password for principal "admin/admin@EXAMPLE.COM": 123456
Password for "admin/admin@EXAMPLE.COM" changed.
创建用户
kadmin.local
Authentication as principal root/admin@EXAMPLE.COM with password.
kadmin.local: add_principal test1
WARNING: no policy specified for test1@EXAMPLE.COM; defaulting to no policy
Enter password for prncipal "test1@EXAMPLE.COM": 123456
Re-enter password for pricipal "test1@EXAMPLE.COM": 123456
Principal "test1@EXAMPLE.COM" created.
删除用户
kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local: delete_principal teset1
Are you sure you want to delete the principal "test1@EXAMPLE.COM"?(yes/no): yes
Principal "test1@EXAMPLE.COM" deleted.
Make sure that you have removed this principal from all ACLs before reusing.
只导出用户keytab文件(并且不要修改密码)
kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local: xst -k admin.keytab -norandkey admin/admin@EXAMPLE.COM
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes256-cts-hmac-sha1-96 add keytab WRFILE:admin.keytab.
......
使用keytab验证是否可以登录
kinit -kt /etc/security/keytabs/admin.keytab admin/admin@EXAMPLE.COM