NCSA Home
Contact Us | Intranet | Search

ncsa

Adding a Unix host to the Kerberos database

Ok, so you want a host added to the Kerberos database so that it can run Kerberos telnetd, rlogind, etc. A host also needs to be added to the database if you want to use ksu on it.

Prerequisites:

  • Currently only Unix hosts can run Kerberos application servers.
  • You must have root access to the host.
  • We only hand out keys for NCSA hosts.

Here is what you need to do:

  1. Send email to the Kerberos support team (kerberos@ncsa.uiuc.edu). You will need to tell them:
    1. The names of the host(s) you want to add
    2. How we can contact you securely, preferably where we can find your PGP public key. If you don't do PGP yet, your phone number. They may also drop it in your AFS home directory in a file. Cleartext email is not secure.
  2. You will get either pgp-encrypted email, a file in your AFS home directory, or a phone call back from the Kerberos team, telling you that the host(s) has been added to the Kerberos database and what it's initial password is.
  3. You then need to log onto the host as root.
  4. Run the command 
    /usr/local/krb5/sbin/kadmin -p host/<host>.ncsa.uiuc.edu
    Where <host> is the name of host. For example if you were adding the host odin you would log into odin as root and run the command 
    /usr/local/krb5/sbin/kadmin -p host/odin.ncsa.uiuc.edu
  5. When prompted for a password, enter the host's initial password as given to you by the Kerberos team.
  6. At the kadmin: prompt enter the command 
    ktadd host/<host>.ncsa.uiuc.edu
    Where <host> again is the name of the host being added. Continuing the example from above of adding the host odin, you would enter the command: 
    ktadd host/odin.ncsa.uiuc.edu
    . Doing this creates the file /etc/krb5.keytab and also randomizes the password the password you just received from the Kerberos team.
  7. Type quit and you are done.

Getting a replacement key for a host

If the host previously had a key but it was lost somehow (/etc/krb5.keytab got deleted, a disk crashed, or OS upgrade), just do everything as above, but in your request to the Kerberos team, mention that this is a replacement key for one that was lost.

NCSA Kerberos administrators can refer to the Admin Adding a Unix host to the Kerberos database page for instructions on adding a host to the kerberos database.

Back to NCSA Kerberos Information

Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu

University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
Contact NCSA | NCSA Intranet | Site Map
Contact webmaster with questions regarding this page. Last updated September 25, 2002.
All rights reserved. ©2008 Board of Trustees of the University of Illinois.