HP Open Source Security for OpenVMS Volume 3: Kerberos

Chapter 3 Kerberos Client Programs

  Table of Contents

  Glossary

  Index

In addition to the Kerberos database and Key Distribution Center, there are a number of user and administrative programs that allow interaction with Kerberos. This chapter will detail the use of those programs.

The Kerberos user client programs include the following:

  • kinit - Obtains a Kerberos ticket-granting ticket

  • klist - Lists cached Kerberos tickets

  • kdestroy - Destroys Kerberos tickets

  • kpasswd - Changes a user’s Kerberos password

The Kerberos administrative client programs include the following:

  • kadmin and kadmin_local - Administers the Kerberos database

  • kdb5_util - Dumps and restores the Kerberos database

  • ktutil - Reads, writes, or edits entries in a Kerberos V5 keytab or V4 srvtab file

  • kprop - Propagates the master KDC database to slave KDCs

The symbols for these programs are defined by SYS$MANAGER:KRB$SYMBOLS.COM.

On OpenVMS, these programs are located in the system directory and are prefaced by KRB$; for example, SYS$SYSTEM:KRB$KINIT.EXE.

NOTE: All options for the client programs are case sensitive. Uppercase options should be enclosed in double quotation marks. For example:
$ kinit “-R”