Kerberos 命令使用

mac2025-03-04  5

认证登录

kinit admin/admin@EXAMPLE.COM

Password for admin/admin@EXAMPLE.COM: 123456

查询登录

klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: admin/admin@EXAMPLE.COM

 

Valid starting                      Expires                                Service principal

2018-07-12T00:54:55        2018-07-13T00:54:55          krbtgt/EXAMPLE.COM@EXAMPLE.COM

退出

kdestory

klist

klist: No credentials cache found (filename: /tmp/krb5cc_0)

登录管理KDC服务器

kadmin.local

Authenticating as principal root/admin@EXAMPLE.COM with password.

kadmin.local:

查看用户列表

listprincs

K/M@EXAMPLE.COM

activity_analyzer/host1.demo.com@EXAMPLE.COM

activity_explorer/host1.demo.com@EXAMPLE.COM

admin/admin@EXAMPLE.COM

...

修改账号密码

kadmin.local

Authenticating as principal root/admin@EXAMPLE.COM with password.

kadmin.local: change_password admin/admin@EXAMPLE.COM

Enter password for principal "admin/admin@EXAMPLE.COM": 123456

Re-enter password for principal "admin/admin@EXAMPLE.COM": 123456

Password for "admin/admin@EXAMPLE.COM" changed.

创建用户

kadmin.local

Authentication as principal root/admin@EXAMPLE.COM with password.

kadmin.local: add_principal test1

WARNING: no policy specified for test1@EXAMPLE.COM; defaulting to no policy

Enter password for prncipal "test1@EXAMPLE.COM": 123456

Re-enter password for pricipal "test1@EXAMPLE.COM": 123456

Principal "test1@EXAMPLE.COM" created.

删除用户

kadmin.local

Authenticating as principal root/admin@EXAMPLE.COM with password.

kadmin.local: delete_principal teset1

Are you sure you want to delete the principal "test1@EXAMPLE.COM"?(yes/no): yes

Principal "test1@EXAMPLE.COM" deleted.

Make sure that you have removed this principal from all ACLs before reusing.

只导出用户keytab文件(并且不要修改密码)

kadmin.local

Authenticating as principal root/admin@EXAMPLE.COM with password.

kadmin.local: xst -k admin.keytab -norandkey admin/admin@EXAMPLE.COM

Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes256-cts-hmac-sha1-96 add keytab WRFILE:admin.keytab.

......

使用keytab验证是否可以登录

kinit -kt /etc/security/keytabs/admin.keytab admin/admin@EXAMPLE.COM

 

 

最新回复(0)