What follows are step-by-step instructions on how to create a Cross-Domain Realm PennKey and password in Penn's KDC using the kadmin program.
You first need a KAdmin PennKey and password, which allows you to manage PennKeys for the Microsoft realm or the Penn DNS domain name named in the PennKey. To acquire a KAdmin PennKey, see the central IT contact for your school or center who issues KAdmin PennKeys.
Getting Started with kadmin
Make sure you have:
A KAdmin PennKey and password.
Download the Windows version of the kadmin installer and execute kadmsetup to initiate the installation.
Create a Cross-Realm Trust PennKey
Run kadmin. Use your new KAdmin PennKey and password to authenticate to the kadmin session. At the kadmin prompt type:addprinc +allow_svr krbtgt/MSDomainName@UPENN.EDUExample:
addprinc +allow_svr krbtgt/ISC-KERBTEST.UPENN.EDU@UPENN.EDU
You'll be prompted for a password please select a secure password. Please remember this password, you will need to use it later. Also note that the password is subject to our the password-checking rules.
While the principal is being created, you should see something similar to:
"No policy specified for krbtgt/ISC-KERBTEST.UPENN.EDU@UPENN.EDU
assigning default. Principal created."
At the kadm.exe prompt type: exit.