1 CREATE The CREATE command is used to create the key table, policy, or principal data. 2 KEYTAB service_name The CREATE KEYTAB command is used to create a key table entry for a given service. 3 Qualifiers 3 /FILE /FILE=[(output key table file)] Specifies the output key table file. 3 /QUIET /QUIET Specifies that the command should not echo any output. 3 Examples KerberosAdmin> Create Keytab "HOST/node" Requests that the HOST entry for "node" be entered in the keytab file. 2 POLICY policy_name The CREATE POLICY command is used to create a password policy entry. 3 Qualifiers 3 /LIFETIME /LIFETIME=(field [,...]) Specifies the password lifetimes for the created policy. 4 Fields MIN:delta-time Specifies the minimum password lifetime for the created policy. MAX:delta-time Specifies the maximum password lifetime for the created policy. 3 /LENGTH /LENGTH=(field [,...]) Specifies the password length for the created policy. 4 Fields MIN:n Specifies the minimum password length for the created policy. 3 /CLASSES /CLASSES=(field [,...]) Specifies the password classes for the created policy. 4 Fields MIN:n Specifies the minimum password classes for the created policy. 3 /HISTORY /HISTORY=(field [,...]) Specifies the password history for the created policy. 4 Fields MIN:n Specifies the minimum password history for the created policy. 3 Examples KerberosAdmin> Create Policy TestPolicy Requests the creation of the TestPolicy policy. 2 PRINCIPAL principal_name The CREATE PRINCIPAL command is used to create a principal entry. 3 Qualifiers 3 /PASSWORD /PASSWORD=password Specifies the password for the created principal. 3 /POLICY /POLICY[=policy] /[NO]POLICY (default) Specifies the policy for the created principal. 3 /EXPIRATION /EXPIRATION=date-time Specifies the expiration for the created principal. 3 /PWD_EXPIRATION /PWD_EXPIRATION=date-time Specifies the expiration for the created principal's password. 3 /TICKET_LIFETIME /TICKET_LIFETIME=(field [,...]) Specifies the ticket lifetime for the created principal. 4 Fields MAX:delta-time Specifies the maximum ticket lifetime for the created principal. 3 /RENEWAL_LIFETIME /RENEWAL_LIFETIME=(field [,...]) Specifies the ticket renewal lifetime for the created principal. 4 Fields MAX:delta-time Specifies the maximum ticket renewal lifetime for the created principal. 3 /KEY_VERSION /KEY_VERSION=number Specifies the key version number associated with the created principal. This value must be in the range of 0 through 255. 3 /RANDOM /RANDOM Specifies the random key generation for the created principal. 3 /ATTRIBUTES /ATTRIBUTES=([NO]attrname[,...]) Specifies the attributes associtated with the created principal. Keyword Description DISALLOW_POSTDATED Disallows postdated tickets for this principal. DISALLOW_FORWARDABLE Disallows forwardable tickets for this principal. DISALLOW_TGT_BASED Disallows Ticket-Granting-Service based issuances for this server. DISALLOW_RENEWABLE Disallows renewable tickets for this principal. DISALLOW_PROXIABLE Disallows proxiable tickets for this principal. DISALLOW_DUP_SKEY Disallows duplicate SKEY for this principal. DISALLOW_ALL_TIX Disallows all tickets for this principal. The client or server is locked out. REQUIRES_PRE_AUTH Pre-Authentication is required for this principal. REQUIRES_HW_AUTH Hardware Pre-Authentication is required for this principal. REQUIRES_PWCHANGE Password change is required for this principal. DISALLOW_SVR Disallows service on this server. PWCHANGE_SERVICE The server provides password changing service. SUPPORT_DESMD5 RSA-MD5 with DES cbc mode is supported by this principal. 3 Examples KerberosAdmin> Create Principal TestPrincipal /Password=NewPassword Requests the creation of a new principal.