learn-kerberos $ cd ~/forks/krb5/
[ 0s006 | Jan 25 10:55AM ]
krb5 $ export KRB5_KDC_PROFILE=(pwd)/config-files/kdc.conf
[ 0s000 | Jan 25 10:55AM ]
krb5 $ export KRB5_CONFIG=(pwd)/config-files/krb5.conf
[ 0s000 | Jan 25 10:57AM ]
krb5 $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local: No such file or directory while initializing kadmin.local interface
[ 0s022 | Jan 25 10:58AM ]
krb5 $ ls
NOTICE README doc src
[ 0s004 | Jan 25 10:58AM ]
krb5 $ cd src/
[ 0s004 | Jan 25 10:58AM ]
src $ export KRB5_CONFIG=(pwd)/config-files/krb5.conf
[ 0s000 | Jan 25 10:58AM ]
src $ export KRB5_KDC_PROFILE=(pwd)/config-files/kdc.conf
[ 0s000 | Jan 25 10:58AM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local: <pasted my password, oops>
kadmin.local: Unknown request "<my password>"
kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU
No policy specified for admin/admin@ATHENA.MIT.EDU; defaulting to no policy
Enter password for principal "admin/admin@ATHENA.MIT.EDU":
Re-enter password for principal "admin/admin@ATHENA.MIT.EDU":
Principal "admin/admin@ATHENA.MIT.EDU" created.
kadmin.local: exit
[ 1h 14m 39s226 | Jan 25 12:12PM ]
src $ krb5kdc
[ 0s447 | Jan 25 12:12PM ]
src $ kadmind
kadmind: Cannot open /usr/local/var/krb5kdc/kadm5.acl: No such file or directory while initializing ACL file, aborting
[ 0s111 | Jan 25 12:13PM ]
src $ kadmind
kadmind: Cannot open /usr/local/var/krb5kdc/kadm5.acl: No such file or directory while initializing ACL file, aborting
[ 0s014 | Jan 25 12:13PM ]
src $ fd kadm5
include/krb5/kadm5_auth_plugin.h
include/krb5/kadm5_hook_plugin.h
kadmin/dbutil/kadm5_create.c
lib/kadm5
lib/kadm5/clnt/libkadm5clnt_mit.exports
lib/kadm5/srv/kadm5_hook.c
lib/kadm5/srv/libkadm5srv_mit.exports
lib/kadm5/t_kadm5.c
lib/kadm5/t_kadm5.py
man/kadm5.acl.man
plugins/kadm5_auth
plugins/kadm5_auth/test/kadm5_auth_test.exports
plugins/kadm5_hook
plugins/kadm5_hook/test/kadm5_hook_test.exports
tests/misc/test_cxx_kadm5.cpp
tests/t_kadm5_auth.py
tests/t_kadm5_hook.py
[ 0s040 | Jan 25 12:14PM ]
src $ fd kadm5.acl
man/kadm5.acl.man
[ 0s019 | Jan 25 12:14PM ]
src $ vim man/kadm5.acl.man
[ 9s009 | Jan 25 12:14PM ]
src $ man kadm5.acl
[ 16s533 | Jan 25 12:14PM ]
src $ ls /usr/local/var/krb5kdc/kadm5.acl
ls: /usr/local/var/krb5kdc/kadm5.acl: No such file or directory
[ 0s003 | Jan 25 12:14PM ]
src $ vim /usr/local/var/krb5kdc/kadm5.acl
[ 2s003 | Jan 25 12:16PM ]
src $ kadmind
kadmind: /usr/local/var/krb5kdc/kadm5.acl: syntax error at line 1 <*/admin@AT...> while initializing ACL file, aborting
[ 0s017 | Jan 25 12:16PM ]
src $ vim /usr/local/var/krb5kdc/kadm5.acl
[ 20s401 | Jan 25 12:17PM ]
src $ kadmind
[ 0s014 | Jan 25 12:17PM ]
src $ ls
Makefile build-tools config.log doc lib prototype
Makefile.in ccapi config.status include man tests
aclocal.m4 clients configure kadmin patchlevel.h util
appl config configure.ac kdc plugins wconfig.c
autom4te.cache config-files deps kprop po windows
[ 0s004 | Jan 25 12:17PM ]
src $ krb5kdc
[ 0s014 | Jan 25 12:18PM ]
src $ kinit
kinit: Client 'rabuissa@ATHENA.MIT.EDU' not found in Kerberos database while getting initial credentials
[ 0s683 | Jan 25 12:18PM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local:
kadmin.local:
kadmin.local: ^D [ 14s823 | Jan 25 12:18PM ]
src $ kadmin.local -r ATHENA.MIT.EDU
Authenticating as principal rabuissa/admin@ATHENA.MIT.EDU with password.
kadmin.local:
kadmin.local: ^D [ 21s445 | Jan 25 12:19PM ]
src $ kinit --help
kinit: unrecognized option `--help'
Usage: kinit [-V] [-l lifetime] [-s start_time] [-r renewable_life]
[-f | -F] [-p | -P] [-n] [-a | -A] [-C] [-E]
[--request-pac | --no-request-pac]
[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]
[-S service_name] [-I input_ccache] [-T ticket_armor_cache]
[-X <attribute>[=<value>]] [principal]
options:
-V verbose
-l lifetime
-s start time
-r renewable lifetime
-f forwardable
-F not forwardable
-p proxiable
-P not proxiable
-n anonymous
-a include addresses
-A do not include addresses
-v validate
-R renew
-C canonicalize
-E client is enterprise principal name
-k use keytab
-i use default client keytab (with -k)
-t filename of keytab to use
-c Kerberos 5 cache name
-S service
-I input credential cache
-T armor credential cache
-X <attribute>[=<value>]
--{,no}-request-pac request KDC include/exclude a PAC
[ 0s014 | Jan 25 12:19PM ]
src $ klist
klist: Credentials cache 'KCM:501' not found
[ 0s193 | Jan 25 12:20PM ]
src $ ls /usr/local/var/krb5kdc/principal
/usr/local/var/krb5kdc/principal
[ 0s003 | Jan 25 12:20PM ]
src $ vim /usr/local/var/krb5kdc/principal
[ 6s771 | Jan 25 12:21PM ]
src $ kdb5_util dump --verbose dumpfile
Usage: kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-kv mkeyVNO]
[-M mkeyname] [-m] [-sf stashfilename] [-P password]
[-x db_args]* cmd [cmd_options]
create [-s]
destroy [-f]
stash [-f keyfile]
dump [-b7|-r13|-r18] [-verbose]
[-mkey_convert] [-new_mkey_file mkey_file]
[-rev] [-recurse] [filename [princs...]]
load [-b7|-r13|-r18] [-hash] [-verbose] [-update] filename
ark [-e etype_list] principal
add_mkey [-e etype] [-s]
use_mkey kvno [time]
list_mkeys
update_princ_encryption [-f] [-n] [-v] [princ-pattern]
purge_mkeys [-f] [-n] [-v]
tabdump [-H] [-c] [-e] [-n] [-o outfile] dumptype
where,
[-x db_args]* - any number of database specific arguments.
Look at each database documentation for supported arguments
[ 0s018 | Jan 25 12:21PM ]
src $ kdb5_util dump -verbose dumpfile
K/M@ATHENA.MIT.EDU
admin/admin@ATHENA.MIT.EDU
kadmin/admin@ATHENA.MIT.EDU
kadmin/changepw@ATHENA.MIT.EDU
krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
[ 0s014 | Jan 25 12:22PM