| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Add Kerberos Keytab Entry (ADDKRBKTE) command is used to add an entry to the Kerberos keytab file for a specified principal name. A principal name consists of the user name or service name and the name of the realm in which that user or service belongs. If keytab entries exist for the specified principal name, the default is to add one to the largest version number of the existing entries.
Restrictions:
The Network Authentication Service Commands and APIs support job environments for most EBCDIC CCSIDs. CCSID 290 and 5026 are not supported because of the variance of lower-case letters a to z.
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| PRINCIPAL | Principal | Element list | Required, Positional 1 |
| Element 1: Name | Character value | ||
| Element 2: Realm | Character value, *DFT | ||
| PASSWORD | Password | Character value | Required, Positional 2 |
| KEYTABFILE | Keytab file | Path name, *DFT | Optional |
| VERSION | Version | 1-255, *GEN | Optional |
| Top |
Specifies the principal name of a user or service principal on a host name in a Kerberos network. The principal and key pairs in the keytab file allow services running on the host to be authenticated by a Key Distribution Center (KDC). All the principals are added to the Kerberos server which maintains a database of all users and services within a Kerberos realm.
This is a required parameter.
Element 1: Name
Specifies the principal name or service principal on a specified host name.
The Kerberos principal has a minimum length of 1 character and a maximum length of 256 characters. Valid characters are case sensitive and include all alpha-numeric characters (a-z, A-Z, 0-9) and any printable ASCII character. The principal name format is taken from the Kerberos 5 GSS-API mechanism (RFC 1964).
Special characters allowed:
/ - delimit name components.
Element 2: Realm
Specifies the realm in which the Kerberos user is registered and in which initial authentication took place.
The name has a minimum length of 1 character and a maximum length of 256 characters. Valid characters are case sensitive and include all alpha-numeric characters (a-z, A-Z, 0-9) and any printable ASCII character. The principal name format is taken from the Kerberos 5 GSS-API mechanism (RFC 1964).
Special characters allowed:
@ - start realm.
| Top |
Specifies the password that allows the principal to authenticate in the Key Distribution Center (KDC).
This is a required parameter.
| Top |
Specifies the Kerberos keytab file where the group of principals and its keys are stored.
| Top |
Specifies the key version number of the keytab entry.
| Top |
Example 1: Adding a Service Principal Keytab Entry
ADDKRBKTE PRINCIPAL('krbsvr400/camolts.myco.com' MYCO.COM)
PASSWORD(uneed2chg) VERSION(*GEN) KEYTABFILE(*DFT)
This command adds a service principal entry into the default Key Table file.
Example 2: Adding a Principal Name Keytab Entry
ADDKRBKTE PRINCIPAL('julius' GUADA.LAJARA.COM)
PASSWORD(uneed2chg) VERSION(4) KEYTABFILE(*DFT)
This command adds a principal name entry into the default Key Table file.
| Top |
*ESCAPE Messages
| Top |