The CREATE command is used to create the key table, policy, or
principal data.
1 – KEYTAB
service_name
The CREATE KEYTAB command is used to create a key table entry for a
given service.
1.1 – Qualifiers
1.2 /FILE
/FILE=[(output key table file)]
Specifies the output key table file.
1.3 /QUIET
/QUIET
Specifies that the command should not echo any output.
1.4 – Examples
KerberosAdmin> Create Keytab "HOST/node"
Requests that the HOST entry for "node" be entered in the keytab
file.
2 – POLICY
policy_name
The CREATE POLICY command is used to create a password policy
entry.
2.1 – Qualifiers
2.2 /LIFETIME
/LIFETIME=(field [,...])
Specifies the password lifetimes for the created policy.
2.2.1 – Fields
MIN:delta-time
Specifies the minimum password lifetime for the created policy.
MAX:delta-time
Specifies the maximum password lifetime for the created policy.
2.3 /LENGTH
/LENGTH=(field [,...])
Specifies the password length for the created policy.
2.3.1 – Fields
MIN:n
Specifies the minimum password length for the created policy.
2.4 /CLASSES
/CLASSES=(field [,...])
Specifies the password classes for the created policy.
2.4.1 – Fields
MIN:n
Specifies the minimum password classes for the created policy.
2.5 /HISTORY
/HISTORY=(field [,...])
Specifies the password history for the created policy.
2.5.1 – Fields
MIN:n
Specifies the minimum password history for the created policy.
2.6 – Examples
KerberosAdmin> Create Policy TestPolicy
Requests the creation of the TestPolicy policy.
3 – PRINCIPAL
principal_name
The CREATE PRINCIPAL command is used to create a principal entry.
3.1 – Qualifiers
3.2 /PASSWORD
/PASSWORD=password
Specifies the password for the created principal.
3.3 /POLICY
/POLICY[=policy]
/[NO]POLICY (default)
Specifies the policy for the created principal.
3.4 /EXPIRATION
/EXPIRATION=date-time
Specifies the expiration for the created principal.
3.5 /PWD_EXPIRATION
/PWD_EXPIRATION=date-time
Specifies the expiration for the created principal's password.
3.6 /TICKET_LIFETIME
/TICKET_LIFETIME=(field [,...])
Specifies the ticket lifetime for the created principal.
3.6.1 – Fields
MAX:delta-time
Specifies the maximum ticket lifetime for the created principal.
3.7 /RENEWAL_LIFETIME
/RENEWAL_LIFETIME=(field [,...])
Specifies the ticket renewal lifetime for the created principal.
3.7.1 – Fields
MAX:delta-time
Specifies the maximum ticket renewal lifetime for the created
principal.
3.8 /KEY_VERSION
/KEY_VERSION=number
Specifies the key version number associated with the created
principal. This value must be in the range of 0 through 255.
3.9 /RANDOM
/RANDOM
Specifies the random key generation for the created principal.
3.10 /ATTRIBUTES
/ATTRIBUTES=([NO]attrname[,...])
Specifies the attributes associtated with the created principal.
Keyword Description
DISALLOW_POSTDATED Disallows postdated tickets for this
principal.
DISALLOW_FORWARDABLE Disallows forwardable tickets for this
principal.
DISALLOW_TGT_BASED Disallows Ticket-Granting-Service based
issuances for this server.
DISALLOW_RENEWABLE Disallows renewable tickets for this
principal.
DISALLOW_PROXIABLE Disallows proxiable tickets for this
principal.
DISALLOW_DUP_SKEY Disallows duplicate SKEY for this
principal.
DISALLOW_ALL_TIX Disallows all tickets for this principal.
The client or server is locked out.
REQUIRES_PRE_AUTH Pre-Authentication is required for this
principal.
REQUIRES_HW_AUTH Hardware Pre-Authentication is required for
this principal.
REQUIRES_PWCHANGE Password change is required for this
principal.
DISALLOW_SVR Disallows service on this server.
PWCHANGE_SERVICE The server provides password changing
service.
SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by
this principal.
3.11 – Examples
KerberosAdmin> Create Principal TestPrincipal /Password=NewPassword
Requests the creation of a new principal.