美文网首页大数据 爬虫Python AI Sql大数据玩转大数据
Kerberos 命令使用

Kerberos 命令使用

作者: 大猪大猪 | 来源:发表于2018-07-12 01:52 被阅读5次

    这里列出Kerberos中常用的命令。

    使用指南(日常)

    登录 kinit admin/admin@EXAMPLE.COM

    [root@dounine ~]# kinit admin/admin@EXAMPLE.COM
Password for admin/admin@EXAMPLE.COM: 123456

    查询登录状态 klist

    [root@dounine ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@EXAMPLE.COM

Valid starting       Expires              Service principal
2018-07-12T00:54:55  2018-07-13T00:54:55  krbtgt/EXAMPLE.COM@EXAMPLE.COM

    退出 kdestroy

    [root@dounine ~]# kdestroy
[root@dounine ~]# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

    指使指南(维护)

    登录管理KDC服务器
    登录后台 kadmin.local

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:

    查看用户列表 listprincs

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  listprincs
K/M@EXAMPLE.COM
activity_analyzer/host1.demo.com@EXAMPLE.COM
activity_explorer/host1.demo.com@EXAMPLE.COM
admin/admin@EXAMPLE.COM
...

    修改帐号密码(可修改忘记密码)

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  change_password admin/admin@EXAMPLE.COM
Enter password for principal "admin/admin@EXAMPLE.COM": 123456
Re-enter password for principal "admin/admin@EXAMPLE.COM": 123456
Password for "admin/admin@EXAMPLE.COM" changed.

    创建用户

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  add_principal test1
WARNING: no policy specified for test1@EXAMPLE.COM; defaulting to no policy
Enter password for principal "test1@EXAMPLE.COM": 123456
Re-enter password for principal "test1@EXAMPLE.COM": 123456
Principal "test1@EXAMPLE.COM" created.

    删除用户

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  delete_principal test1
Are you sure you want to delete the principal "test1@EXAMPLE.COM"? (yes/no): yes
Principal "test1@EXAMPLE.COM" deleted.
Make sure that you have removed this principal from all ACLs before reusing.

    只导出用户keytab文件(并且不要修改密码)

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  xst -k admin.keytab -norandkey admin/admin@EXAMPLE.COM
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des3-cbc-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type arcfour-hmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type camellia256-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type camellia128-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des-hmac-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des-cbc-md5 added to keytab WRFILE:admin.keytab.
kadmin.local:  exit

    PS:有些教程说是ktadd,其实它们是一样的效果,在命令使用帮助中我们可以查询到哪些命令是一样的。

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  ? #是查看帮助命令
Available kadmin.local requests:

add_principal, addprinc, ank
                         Add principal
delete_principal, delprinc
                         Delete principal
modify_principal, modprinc
                         Modify principal
rename_principal, renprinc
                         Rename principal
change_password, cpw     Change password
get_principal, getprinc  Get principal
list_principals, listprincs, get_principals, getprincs
                         List principals
add_policy, addpol       Add policy
modify_policy, modpol    Modify policy
delete_policy, delpol    Delete policy
get_policy, getpol       Get policy
list_policies, listpols, get_policies, getpols
                         List policies
get_privs, getprivs      Get privileges
ktadd, xst               Add entry(s) to a keytab
ktremove, ktrem          Remove entry(s) from a keytab
lock                     Lock database exclusively (use with extreme caution!)
unlock                   Release exclusive database lock
purgekeys                Purge previously retained old keys from a principal
get_strings, getstrs     Show string attributes on a principal
set_string, setstr       Set a string attribute on a principal
del_string, delstr       Delete a string attribute on a principal
list_requests, lr, ?     List available requests.
quit, exit, q            Exit program.

    用逗号分隔的命令就是相等的,例如

    add_principal, addprinc, ank
delete_principal, delprinc
ktadd, xst
...等等

    使用Keytab验证是否可以登录(无错误输出即可)

    kinit -kt /etc/security/keytabs/admin.keytab admin/admin@EXAMPLE.COM

    相关文章

      网友评论

        本文标题:Kerberos 命令使用

        本文链接:https://www.haomeiwen.com/subject/bytlpftx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        大数据 爬虫Python AI Sql

        大数据

        玩转大数据

        大数据,机器学习,人工智能

        大数据分析

        Hadoop大数据

        关于我们|服务条款|联系我们|Kerberos 命令使用|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!