Page MenuHomeFreeBSD
Files F103761471

D23596.id68040.diff
No OneTemporary
Actions

D23596.id68040.diff
View Options

Index: en_US.ISO8859-1/books/handbook/security/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -1207,11 +1207,11 @@
<acronym>KDC</acronym> is recommended for security
reasons.</para>
- <para>To begin setting up a <acronym>KDC</acronym>, add these
- lines to <filename>/etc/rc.conf</filename>:</para>
+ <para>To begin setting up a <acronym>KDC</acronym>, update
+ <filename>/etc/rc.conf</filename> using <command>sysrc</command> as follows:</para>
- <programlisting>kdc_enable="YES"
-kadmind_enable="YES"</programlisting>
+ <screen>&prompt.root; <userinput>sysrc kdc_enable="YES"</userinput>
+&prompt.root; <userinput>sysrc kadmind_enable="YES"</userinput></screen>
<para>Next, edit <filename>/etc/krb5.conf</filename> as
follows:</para>
@@ -1292,13 +1292,26 @@
kadmin&gt; <userinput>init <replaceable>EXAMPLE.ORG</replaceable></userinput>
Realm max ticket life [unlimited]:</screen>
- <para>Lastly, while still in <command>kadmin</command>, create
- the first principal using <command>add</command>. Stick to
- the default options for the principal for now, as these can be
+
+ <para>Next, add the root user as the administrator user using
+ <command>kadmin</command>, using the <command>add</command>.
+ Stick to the default options for the admin principal for now, as these can be
changed later with <command>modify</command>. Type
<literal>?</literal> at the prompt to see the available
options.</para>
+ <screen>kadmin&gt; <userinput>add root/admin</userinput>
+Max ticket life [unlimited]:
+Max renewable life [unlimited]:
+Attributes []:
+Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
+Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
+
+
+ <para>Lastly, still in <command>kadmin</command>, create
+ the first principal using <command>add</command>.
+ </para>
+
<screen>kadmin&gt; <userinput>add <replaceable>tillman</replaceable></userinput>
Max ticket life [unlimited]:
Max renewable life [unlimited]:
@@ -1306,13 +1319,15 @@
Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput>
Verifying password - Password: <userinput><replaceable>xxxxxxxx</replaceable></userinput></screen>
- <para>Next, start the <acronym>KDC</acronym> services by running
- <command>service kdc start</command> and
- <command>service kadmind start</command>. While there will
- not be any kerberized daemons running at this point, it is
- possible to confirm that the <acronym>KDC</acronym> is
- functioning by obtaining a ticket for the
- principal that was just created:</para>
+ <para>Next, start the <acronym>KDC</acronym> services by running:</para>
+
+ <screen>&prompt.root; <userinput>service kdc start</userinput>
+&prompt.root; <userinput>service kadmind start</userinput></screen>
+
+ <para>While there will not be any kerberized daemons running at this point,
+ it is possible to confirm that the <acronym>KDC</acronym> is functioning by
+ obtaining a ticket for the principle that was just created:
+ </para>
<screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
tillman@EXAMPLE.ORG's Password:</screen>

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 30, 2:15 AM (20 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
14934968
Default Alt Text
D23596.id68040.diff (3 KB)

Event Timeline