欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Kerberos常用操作

程序员文章站 2024-02-28 11:49:52
...

登录Kerberos: kadmin.local

  • 使用kadmin.local命令登录
[[email protected] ~]# kadmin.local 
Authenticating as principal root/[email protected] with password.
kadmin.local:  ?	# 查看命令列表i
Available kadmin.local requests:

add_principal, addprinc, ank
                         Add principal
delete_principal, delprinc
                         Delete principal
modify_principal, modprinc
                         Modify principal
rename_principal, renprinc
                         Rename principal
change_password, cpw     Change password
get_principal, getprinc  Get principal
list_principals, listprincs, get_principals, getprincs
                         List principals
add_policy, addpol       Add policy
modify_policy, modpol    Modify policy
delete_policy, delpol    Delete policy
get_policy, getpol       Get policy
list_policies, listpols, get_policies, getpols
                         List policies
get_privs, getprivs      Get privileges
ktadd, xst               Add entry(s) to a keytab
ktremove, ktrem          Remove entry(s) from a keytab
lock                     Lock database exclusively (use with extreme caution!)
unlock                   Release exclusive database lock
purgekeys                Purge previously retained old keys from a principal
get_strings, getstrs     Show string attributes on a principal
set_string, setstr       Set a string attribute on a principal
del_string, delstr       Delete a string attribute on a principal
list_requests, lr, ?     List available requests.
quit, exit, q            Exit program.

查看已存在凭据:list_principals, listprincs, get_principals, getprincs

kadmin.local:  listprincs
HTTP/[email protected]
HTTP/[email protected]
HTTP/[email protected]
K/[email protected]
activity_analyzer/[email protected]
activity_explorer/[email protected]
admin/[email protected]
[email protected]
[email protected]
……

添加凭据:add_principal, addprinc, ank

kadmin.local:  ank [email protected]
WARNING: no policy specified for [email protected]; defaulting to no policy
Enter password for principal "[email protected]": 
Re-enter password for principal "[email protected]": 
Principal "[email protected]" created.

修改凭据密码:change_password, cpw

kadmin.local:  cpw [email protected]
Enter password for principal "[email protected]": 
Re-enter password for principal "[email protected]": 
Password for "[email protected]" changed.

删除凭据:delete_principal, delprinc

kadmin.local:  delprinc [email protected]
Are you sure you want to delete the principal "[email protected]"? (yes/no): yes
Principal "[email protected]" deleted.
Make sure that you have removed this principal from all ACLs before reusing.

认证用户:kinit

[[email protected] ~]# kinit admin/[email protected]
Password for admin/[email protected]:

查看当前认证用户:klist

[[email protected] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/[email protected]

Valid starting       Expires              Service principal
10/30/2019 00:21:12  10/31/2019 00:21:12  krbtgt/[email protected]
	renew until 11/06/2019 00:21:12

删除当前认证的缓存

[[email protected] ~]# kdestroy
[[email protected] ~]# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
相关标签: Kerberos