Manage Kerberos service entries in LDAP directories

The ksetup command manages Kerberos service entries in the LDAP server directory.

Purpose

The ksetup command manages Kerberos service entries in the LDAP server directory. The following subcommands are supported:

addhost host-name realm-name
This subcommand adds a host entry for the specified realm. The fully qualified host name should be used so that it resolves correctly no matter what default DNS domain is in effect on the Kerberos clients. If no realm name is specified, the default realm name is used.
addkdc host-name:port-number realm-name
This subcommand adds an entry in the Kerberos server for the specified realm. If a host entry does not already exist, one is created. If a port number is not specified, it is set to 88 . Use the fully qualified host name so that it resolves correctly no matter what default DNS domain is in effect on the Kerberos clients. If no realm name is specified, the default realm name is used.
delhost host-name realm-name
This subcommand deletes a host entry and any associated specification for the Kerberos server from the specified realm. If no realm name is specified, the default realm name is used.
delkdc host-name realm-name
This subcommand deletes an entry in the Kerberos server for the specified host. The host entry itself is not deleted. If no realm name is specified, the default realm name is used.
listhost realm-name
This subcommand lists the entries in the Kerberos server for a realm. If no realm name is specified, the default realm name is used.
exit
This subcommand ends the ksetup command.
Restriction: Start of changeiSeries™ supports LDAP clients in the character-based interface, but not in i5/OS™ PASE.End of change

Examples

To add the host, kdc1.myco.com, to the server, ldapserv.myco.com, as the Kerberos server for realm MYCO.COM, using an Directory Services (LDAP) administrator ID of Administrator and a password of verysecret, complete the following steps:

On a Qshell command line, enter: ksetup -h ldapserv.myco.com -n CN=Administrator -p verysecret

Or

  1. On an i5/OS control language (CL) command line, enter:

    call qsys/qkrbksetup parm('-h' 'ldapserv.myco.com' '-n' 'CN=Administrator' '-p' 'verysecret')

  2. When the Directory Services (LDAP) server is successfully contacted, a subcommand prompt is displayed. Enter

    addkdc kdc1.myco.com MYCO.COM

See the ksetup usage notes on this Qshell command for specifics on its usage and restrictions.

Parent topic: Manage network authentication service