Q: How to list Kerberos Principals on OD Master
I'm curious with the switch to Heimdal Kerberos how one lists all the principals in a realm? I remember under Snow Leopard server I was able to list all the Kerberos principals, but so far with Lion I haven't had any luck. I've tried:
sudo kadmin -l
Which brings me to the kadmin interactive mode. From there I can list individual principals with:
kadmin> list -l user@HOSTNAME.EXAMPLE.COM
I get the following output:
Principal: user@HOSTNAME.EXAMPLE.COM Principal expires: never Password expires: never Last password change: never Max ticket life: unlimited Max renewable life: unlimited Kvno: 2 Mkvno: unknown Last successful login: never Last failed login: never Failed login count: 0 Last modified: 2012-05-08 19:20:52 UTC Modifier: hdb/od@WELL-KNOWN:OD-BACKEND Attributes: disallow-svr, requires-pre-auth, disallow-renewable, disallow-postdated Keytypes: aes256-cts-hmac-sha1-96(pw-salt), aes128-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt) PK-INIT ACL: Aliases:
However if I try something like:
kadmin> list -l *
I get:
kadmin: kadm5_get_principals: iteration over database only supported for DSLocal
Is there anyway to get a list of all the Kerberos principals instead of just one at a time?
Posted on May 8, 2012 12:25 PM