Managing Kerberos service entries in LDAP directories
The ksetup command manages Kerberos service entries in the LDAP server directory.
Purpose
The ksetup command manages Kerberos service entries in the LDAP server directory. The following subcommands are supported:
- addhost host-name realm-name
- This subcommand adds a host entry for the specified realm. The fully qualified host name should be used so that it resolves correctly no matter what default DNS domain is in effect on the Kerberos clients. If no realm name is specified, the default realm name is used.
- addkdc host-name:port-number realm-name
- This subcommand adds an entry in the Kerberos server for the specified realm. If a host entry does not already exist, one is created. If a port number is not specified, it is set to 88. Use the fully qualified host name so that it resolves correctly no matter what default DNS domain is in effect on the Kerberos clients. If no realm name is specified, the default realm name is used.
- delhost host-name realm-name
- This subcommand deletes a host entry and any associated specification for the Kerberos server from the specified realm. If no realm name is specified, the default realm name is used.
- delkdc host-name realm-name
- This subcommand deletes an entry in the Kerberos server for the specified host. The host entry itself is not deleted. If no realm name is specified, the default realm name is used.
- listhost realm-name
- This subcommand lists the entries in the Kerberos server for a realm. If no realm name is specified, the default realm name is used.
- exit
- This subcommand ends the ksetup command.
Examples
To add the host, kdc1.myco.com, to the server, ldapserv.myco.com, as the Kerberos server for realm MYCO.COM, using a Directory Server (LDAP) administrator ID of Administrator and a password of verysecret, complete the following steps:
On a Qshell command line, enter: ksetup -h ldapserv.myco.com -n CN=Administrator -p verysecret
Or
- On an IBM i control
language (CL) command line, enter:
call qsys/qkrbksetup parm('-h' 'ldapserv.myco.com' '-n' 'CN=Administrator' '-p' 'verysecret')
- When the Directory Server (LDAP) is successfully contacted, a
subcommand prompt is displayed. Enter
addkdc kdc1.myco.com MYCO.COM
See the ksetup usage notes on this Qshell command for specifics on its usage and restrictions.