You can manage principals by using the kadmin tool. This section explains the following:
Specify the realm to which you want to add principals by using the following command:
kadmin.local: -r realm
If you do not specify a realm, the principals are added to the default realm.
Add principal by using the following command in kadmin.local:
kadmin.local: addprinc [-pw password] [-x "-userdn principaluserdn"|"-containerdn containerdn"] principal_name
NOTE: -x denotes the extra options provided for existing commands.
For example:
kadmin.local: addprinc -pw admin -x "-userdn cn=user1,o=org" userprinc
kadmin.local: addprinc -pw admin -x "-containerdn ou=sales,o=org" telnet-server1/host
Use the following command to modify principals:
kadmin.local: modprinc [-pw password] [-userdn principaluserdn] principal_name
For example,
kdadmin.local: modprinc -pw admin -userdn cn=user1,O=novell userprinc
Use the following command to delete principals:
kadmin.local: delprinc [-f] principal_name
For example,
kadmin.local: delprinc [-f] userprinc
This command prompts for deletion, unless the -f option is specified.
Use the following command to list the principals:
kadmin.local: listprincs [expression]
For example,
kadmin.local: listprincs test*
To change the password of a principal, execute the following commands:
./kadmin.local
kadmin.local: cpw [-pw password] principalname
For example,
kadmin.local: cpw test
To extract the principal key to a keytab file, execute the following commands:
./kadmin.local
kadmin.local: ktadd -k filename principalname
For example:
kadmin.local: ktadd -k /etc/krb5.keytab test
Here the key of the prinicpal 'krb5' principal is extracted to the file krb5.keytab in the etc folder.