Use the utility
kdb5_utilto create the Kerberos database:On RHEL, CentOS, or Oracle Linux:
/usr/sbin/kdb5_util create -s
On SLES:
[on SLES] kdb5_util create -s
On Ubuntu or Debian:
[on Ubuntu or Debian] kdb5_util -s create
![[Note]](../common/images/admon/note.png)
Note The
-soption stores the master server key for the database in a stash file. If the stash file is not present, you must log into the KDC with the master password (specified during installation) each time it starts. This will automatically regenerate the master server key.Set up the KDC Access Control List (ACL):
On RHEL, CentOS, or Oracle Linux add administrators to
/var/kerberos/krb5kdc/kadm5.acl.On SLES, add administrators to
/var/lib/kerberos/krb5kdc/kadm5.acl.
Note For example, the following line grants full access to the database for users with the
adminextension:*/admin@EXAMPLE.COM *
Restart
kadminfor the change to take effect.Create the first user principal. This must be done at a terminal window on the KDC machine itself, while you are logged in as
root. Notice the.local. Normalkadminusage requires that a principal with appropriate access already exist. Thekadmin.localcommand can be used even if no principals exist./usr/sbin/kadmin.local -q "addprinc $username/admin"
Now this user can create additional principals either on the KDC machine or through the network. The following instruction assume you are using the KDC machine.
On the KDC, start Kerberos:
On RHEL, CentOS, or Oracle Linux:
/sbin/service krb5kdc start /sbin/service kadmin start
On SLES:
rckrb5kdc start rckadmind start
On Ubuntu or Debian:
/etc/init.d/krb5-kdc start /etc/init.d/kadmin start
