Setting up Kerberos principals in UFL.EDU realm

1. Start the kadmin application

   asr@cornpone:4 $/local/sbin/kadmin
   Enter password:
   

2. Create the principal definition

   kadmin:  add_principal user/example           
   Enter password for principal "user/example@UFL.EDU": [password]
   Re-enter password for principal "user/example@UFL.EDU": [password]
   Principal "user/example@UFL.EDU" created.
          

3. At this point, you can look at the principal.

   kadmin:  getprinc user/example
   Principal: user/example@UFL.EDU
   Expiration date: [never]
   Last password change: Tue Jul 15 12:19:57 EDT 1997
   Password expiration date: [none]
   Maximum ticket life: 0 days 08:00:00
   Maximum renewable life: 7 days 00:00:00
   Last modified: Tue Jul 15 12:19:57 EDT 1997 (test/admin@UFL.EDU)
   Last successful authentication: [never]
   Last failed authentication: [never]
   Failed password attempts: 0
   Number of keys: 1
   Key: vno 1, DES cbc mode with CRC-32, no salt
   Attributes:
   Policy: [none]
          

4. Set the principal to require a password change.

   kadmin:  modprinc +needchange user/example
   Principal "user/example@UFL.EDU" modified.
          

5. Note that the principal now has the REQUIRES_PWCHANGE attribute set.

   kadmin:  getprinc
   usage: get_principal [-terse] principal
   kadmin:  getprinc user/example
   Principal: user/example@UFL.EDU
   Expiration date: [never]
   Last password change: Tue Jul 15 12:19:57 EDT 1997
   Password expiration date: [none]
   Maximum ticket life: 0 days 08:00:00
   Maximum renewable life: 7 days 00:00:00
   Last modified: Tue Jul 15 12:20:33 EDT 1997 (test/admin@UFL.EDU)
   Last successful authentication: [never]
   Last failed authentication: [never]
   Failed password attempts: 0
   Number of keys: 1
   Key: vno 1, DES cbc mode with CRC-32, no salt
   Attributes: REQUIRES_PWCHANGE
   Policy: [none]
          

6. Assign the user a policy. (Once decisions have been made about defult policies, these may be specified on the add_principal command line.)

   kadmin:  modprinc -policy STANDARD user/example
   Principal "user/example@UFL.EDU" modified.
          

7. Note that the principal now has a defined policy.

          
   kadmin:  getprinc user/example
   Principal: user/example@UFL.EDU
   Expiration date: [never]
   Last password change: Tue Jul 15 12:19:57 EDT 1997
   Password expiration date: Sun Jan 11 11:19:57 EST 1998
   Maximum ticket life: 0 days 08:00:00
   Maximum renewable life: 7 days 00:00:00
   Last modified: Tue Jul 15 12:29:23 EDT 1997 (test/admin@UFL.EDU)
   Last successful authentication: [never]
   Last failed authentication: [never]
   Failed password attempts: 0
   Number of keys: 1
   Key: vno 1, DES cbc mode with CRC-32, no salt
   Attributes: REQUIRES_PWCHANGE
   Policy: STANDARD
   

   ---

   Allen S. Rout, asr@nersp.nerdc.ufl.edu
   Last modified on Tue Jul 15 12:33:03 1997 by Allen S. Rout