美文网首页
kerberos命令.md

kerberos命令.md

作者: 未然猜 | 来源:发表于2019-10-10 10:30 被阅读0次

    普通用户命令

    登录(账号密码登陆)

    kinit etluser
Password for etluser@DEVTEST.COM: ******

    通过keytab文件认证,获取用户princpal

    kinit -kt dengsc.keytab dengsc@JIGUANG.CN

    查看当前生效票据

    # -e 显示加密方式, 如果expired值与renew until值相同,则表示该principal的ticket 不是 renwable
klist -e

    销毁当前票据

    kdestroy

    修改密码

    kpasswd <username>

    登录管理KDC服务器后台(管理员命令)

    kadmin.local

    查看用户列表

    [root@devtest-3 ~]# kadmin.local
Authenticating as principal etluser/admin@DEVTEST.COM with password.
kadmin.local:  listprincs
HTTP/devtest-1@DEVTEST.COM
HTTP/devtest-2@DEVTEST.COM
HTTP/devtest-3@DEVTEST.COM
K/M@DEVTEST.COM
MMPlatform@DEVTEST.COM
...

    修改帐号密码

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  change_password admin/admin@EXAMPLE.COM
Enter password for principal "admin/admin@EXAMPLE.COM": ******
Re-enter password for principal "admin/admin@EXAMPLE.COM": ******
Password for "admin/admin@EXAMPLE.COM" changed.

    创建用户

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  add_principal test1
WARNING: no policy specified for test1@EXAMPLE.COM; defaulting to no policy
Enter password for principal "test1@EXAMPLE.COM": ******
Re-enter password for principal "test1@EXAMPLE.COM": ******
Principal "test1@EXAMPLE.COM" created.

    删除用户

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  delete_principal test1
Are you sure you want to delete the principal "test1@EXAMPLE.COM"? (yes/no): yes
Principal "test1@EXAMPLE.COM" deleted.
Make sure that you have removed this principal from all ACLs before reusing

    导出用户keytab文件

    [root@dounine ~]# kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:  xst -k admin.keytab -norandkey admin/admin@EXAMPLE.COM
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des3-cbc-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type arcfour-hmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type camellia256-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type camellia128-cts-cmac added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des-hmac-sha1 added to keytab WRFILE:admin.keytab.
Entry for principal admin/admin@EXAMPLE.COM with kvno 6, encryption type des-cbc-md5 added to keytab WRFILE:admin.keytab.
kadmin.local:  exit

    帮助命令

    [root@devtest-3 ~]# kadmin.local
Authenticating as principal etluser/admin@DEVTEST.COM with password.
kadmin.local:  ?
Available kadmin.local requests:

add_principal, addprinc, ank
                         Add principal             - 添加用户
# 例: ank dengsc@JIGUANG.CN
delete_principal, delprinc
                         Delete principal          - 删除用户
# 例: delprinc dengsc@JIGUANG.CN
modify_principal, modprinc
                         Modify principal          - 修改票据属性
# 例: modprinc -maxrenewlife 1week dengsc@JIGUANG.CN(修改票据可在一周内renew)
rename_principal, renprinc
                         Rename principal          - 修改用户名
change_password, cpw     Change password           - 修改用户密码
# 例: cpw dengsc@HADOOP.COM
get_principal, getprinc  Get principal             - 查看票据信息
# 例: getprinc dengsc@JIGUANG.CN
list_principals, listprincs, get_principals, getprincs
                         List principals           - 查看所有用户
# 例: listprincs
add_policy, addpol       Add policy
modify_policy, modpol    Modify policy
delete_policy, delpol    Delete policy
get_policy, getpol       Get policy
list_policies, listpols, get_policies, getpols
                         List policies
get_privs, getprivs      Get privileges
ktadd, xst               Add entry(s) to a keytab  - 导出keytab文件
# 例: xst -e aes128-cts-hmac-sha1-96:normal -k /home/dengsc/dengsc.keytab dengsc@JIGUANG.CN
# -e 执定加密方式
# -k 指定keytab文件名
# 注:导出keytab文件时会重新生成密码.
# kadmin.local模式下可添加参数'-norandkey',导出keytab文件时不重置密码.
# egg: xst -norandkey -k /home/dengsc/dengsc.keytab
ktremove, ktrem          Remove entry(s) from a keytab
lock                     Lock database exclusively (use with extreme caution!)
unlock                   Release exclusive database lock
purgekeys                Purge previously retained old keys from a principal
get_strings, getstrs     Show string attributes on a principal
set_string, setstr       Set a string attribute on a principal
del_string, delstr       Delete a string attribute on a principal
list_requests, lr, ?     List available requests. - 帮助命令
quit, exit, q            Exit program.            - 退出程序

    登录管理本地主机后台

    ktutil

    帮助命令

    [root@devtest-1 ~]# ktutil
ktutil:  ?
Available ktutil requests:

clear_list, clear        Clear the current keylist.                    - 清理当前keylist
read_kt, rkt             Read a krb5 keytab into the current keylist.  - 从keylist读取krb5的keytab
read_st, rst             Read a krb4 srvtab into the current keylist.  - 从keylist读取krb4的srvtab
write_kt, wkt            Write the current keylist to a krb5 keytab.   - 将当前keylist写入krb5的keytab
# 例子: write_kt /hadoop-data/etc/hadoop/hadoop.keytab
write_st, wst            Write the current keylist to a krb4 srvtab.   - 将当前keylist写入krb4的srvtab
add_entry, addent        Add an entry to the current keylist.          - 添加一个kerberos用户到keylist
# 例子: add_entry -password -p <username> -k 3 -e aes256-cts-hmac-sha1-96
# 解释: -k 指编号 -e指加密方式 -password 指使用密码的方式
delete_entry, delent     Delete an entry from the current keylist.     - 从keylist中删除一个kerberos用户
list, l                  List the current keylist.                     - 查看当前keylist
list_requests, lr, ?     List available requests.                      - 帮助命令
quit, exit, q            Exit program.                                 - 退出程序

    相关文章

      网友评论

          本文标题:kerberos命令.md

          本文链接:https://www.haomeiwen.com/subject/lrfcuctx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|kerberos命令.md|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!