| |
|
|
|
|
ncsa |
Kerberos 5: Changing a Host's Name
This documentation lists steps to be taken when changing a hostname
on a host that runs kerberos daemons. This page assumes you are changing
the name from oldname to newname.
Before the name change:
- Send email to the Kerberos support team
(kerberos@ncsa.uiuc.edu).
Tell them you are changing the name of a host in the Kerberos
database. You will also need to tell them:
- The old and new name of the host
- How we can contact you securely, preferably where we can find
your PGP public key. If you don't do PGP yet, your phone number.
Cleartext email is not secure.
- You will get either pgp-encrypted email or a phone call back from
the Kerberos team, telling you that the new hostname as been added
to the Kerberos database and whatthe initial password is for the
new name.
- You then need to log onto the host as root.
- Run the command
/usr/local/krb5/sbin/kadmin -p host/<host>.ncsa.uiuc.edu
Where <host> is the name of host. For example if
you were changing the name to from oldname to newname
you would log into the host as root and run the command:
/usr/local/krb5/sbin/kadmin -p host/newname.ncsa.uiuc.edu
then type in the password you just received from the Kerberos team.
- At the kadmin: prompt enter the command
ktadd host/<host>.ncsa.uiuc.edu
Where <host> again is the new name of the host.
Continuing the example from above of changing the name from oldname
to newname, you would enter the command:
ktadd host/newname.ncsa.uiuc.edu.
Doing this adds the key for the new name to the file
/etc/krb5.keytab
- Type quit and you are done.
After the name change:
Send email to kerberos@ncsa.uiuc.edu
and let us know you are done with the old name so we can delete it from
the database.
Notes for the Kerberos admin:
Just add the new host principal as you would for
a new host.
To delete the old principal run kadmin and use the delprinc command.
Back to NCSA Kerberos Information
Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu
|
|
|
|
|
