Mr Beardsley

Q: How to list Kerberos Principals on OD Master

I'm curious with the switch to Heimdal Kerberos how one lists all the principals in a realm?  I remember under Snow Leopard server I was able to list all the Kerberos principals, but so far with Lion I haven't had any luck.  I've tried:

 

sudo kadmin -l

 

Which brings me to the kadmin interactive mode.  From there I can list individual principals with:

 

kadmin> list -l user@HOSTNAME.EXAMPLE.COM

 

I get the following output:

 

Principal: user@HOSTNAME.EXAMPLE.COM
    Principal expires: never
     Password expires: never
 Last password change: never
      Max ticket life: unlimited
   Max renewable life: unlimited
                 Kvno: 2
                Mkvno: unknown
Last successful login: never
    Last failed login: never
   Failed login count: 0
        Last modified: 2012-05-08 19:20:52 UTC
             Modifier: hdb/od@WELL-KNOWN:OD-BACKEND
           Attributes: disallow-svr, requires-pre-auth, disallow-renewable, disallow-postdated
             Keytypes: aes256-cts-hmac-sha1-96(pw-salt), aes128-cts-hmac-sha1-96(pw-salt), des3-cbc-sha1(pw-salt)
          PK-INIT ACL: 
              Aliases:

 

However if I try something like:

 

kadmin> list -l *

 

I get:

 

kadmin: kadm5_get_principals: iteration over database only supported for DSLocal

 

Is there anyway to get a list of all the Kerberos principals instead of just one at a time?

Posted on May 8, 2012 12:25 PM

Close

Q: How to list Kerberos Principals on OD Master

  • All replies
  • Helpful answers

  • by Dirk Thannhäuser,

    Dirk Thannhäuser Dirk Thannhäuser Aug 8, 2013 8:25 AM in response to Mr Beardsley
    Level 1 (0 points)
    Aug 8, 2013 8:25 AM in response to Mr Beardsley

    I came across the same problem and I helped myself by listing the current keytab.

     

     

    ktutil list

     

    FILE:/etc/krb5.keytab:

     

     

    Vno  Type                     Principal                                                                                                         Aliases

      1  aes256-cts-hmac-sha1-96  host/host.realm.biz@HOST.REALM.BIZ                                          

      1  aes128-cts-hmac-sha1-96  host/host.realm.biz@HOST.REALM.BIZ                                          

      1  des3-cbc-sha1            host/host.realm.biz@HOST.REALM.BIZ  


    ...