Name
add — Adding a principal
Synopsis
add [--random-key] [--random-password] [--password=password] [--key=hexkey] [--max-ticket-life=lifetime] [--max-renewable-life=lifetime] [--attributes=attributes] [--expiration-time=time] [--pw-expiration-time=time] [--use-defaults] principal-name
Aliases
add_new_key
, ank
The add
command adds a
new principal into the Kerberos database. This command requires
one argument, the name of the new principal to add, and also
recognizes several optional arguments that specify policy
information the new principal should be subject to. More
information about password policies is available in Chapter 6.
Other options include the random-key option that adds the
principal with a random key. This option is good to use for
services that require secure keys that don’t have to be
memorized by a human. Following is a full list of all of the
options available to addprinc
:
- --expiration-time=expiredate
This option sets an expiry date for the principal. After the date specified, tickets will no longer be issued for the principal, and requests by the principal to obtain service tickets will not be honored.
- --pw-expiration-time=pwexpiredate
This option sets the password expiry date for the principal.
- --max-ticket-life=maxtixlife
This option sets the maximum lifetime of tickets issued for the principal.
- --password=password
This option sets the principal’s password to the argument given, instead of prompting on the terminal for one. This option is useful when invoking kadmin ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.