From the local test, you can see a listing of principles. A principle typically has three parts, such as “kadmin/admin@TEST.ORG”. In this case, kadmin is a unique name in the realm that can be authenticated. admin is an optional “role” that identifies what the name can do. Last, TEST.ORG is the realm.
To add a user principle, execute the following command in kadmin.local or kadmin:
This command prompts for the password of user.
At the same time, a principle can also be a service. This step is necessary is a user is to connect to a service. To do this, use kadmin.local, then use the following command in kadmin.local:
In this case, host is the identifier of the service, while krbsvr.test.org identifies the fully qualified host domain name. You should use the command “hostname --fqdn” to confirm the fully qualified host domain name before performing this step.
Then, you have to export a key table required by krb5-rsh for the service entry using the following command in kadmin.local:
Again, use quit to exit kadmin.local.