Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

How to use kadmin in a Windows environment

What follow are step-by-step instructions on how to create a Cross-Domain Realm PennKey and password in Penn's KDC using the kadmin program.

You first need a KAdmin PennKey and password, which allows you to manage PennKeys for the Microsoft realm or the Penn DNS domain name named in the PennKey. To acquire a KAdmin PennKey, see the central IT contact for your school or center who issues KAdmin PennKeys.

Getting Started with kadmin

Make sure you have:

  1. A KAdmin PennKey and password.

  2. Download the Windows version of the kadmin installer and execute kadmsetup to initiate the installation.

Create a Cross-Realm Trust PennKey

  1. Run kadmin. Use your new KAdmin PennKey and password to authenticate to the kadmin session. At the kadmin prompt type:

    addprinc -e des-cbc-crc:normal +allow_svr krbtgt/MSDomainName@UPENN.EDU

    Example:
    addprinc -e des-cbc-crc:normal +allow_svr krbtgt/ISC-KERBTEST.UPENN.EDU@UPENN.EDU

    You'll be prompted for a password please select a secure password. Please remember this password, you will need to use in Section II item 7 of the "How to Configure Windows 2000 to trust Penn's KDCs" document. Also note that the password is subject to our the password-checking rules.

  2. While the principal is being created, you should see something similar to:

    "No policy specified for krbtgt/ISC-KERBTEST.UPENN.EDU@UPENN.EDU
    assigning default. Principal created."

  3. At the kadm.exe prompt type: exit.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania