KAdmin HOWTO: Managing and Administering Non-User PennKeys

Non-User PennKeys include service principals, cross-realm trust principals, and Kerberos administration (KAdmin) principals. KAdmin principals are tied to third-level domains (e.g. "isc.upenn.edu"), and control the creation and management of non-user PennKeys within that domain.

Once a school or center has a KAdmin for their domain, that principal is used to create and manage other KAdmin principals for the same domain. If your school or center already has a Kerberos administrator, you should ask that person for help. If you don't know who your Kerberos administrator is, contact ISC Client Care.

If your domain does not already have a KAdmin, you will need to obtain approval from your school or center's IT Director. Then complete a request form, and coordinate the request via ISC Client Care. Please note, if the request sent via email, you must encrypt it using a trusted PGP key.

If your school or center does not currently have a KAdmin contact or if a new Domain has been created you will need to obtain approval from your school or center's IT Director. Then complete a request form, and coordinate the request via ISC Client Care. Please note, if the request is sent via email, you must encrypt it using a trusted PGP key.

Quick Links:

HOME...