> ABSTRACT
> --------
>
> Some customers find the manual way of configuring Key Distribution Center
> (KDC) servers tedious and is prone to error for them. This represents
> dissatisfaction and increase in support costs to Sun. But more importantly,
> administrators have come to expect simple interfaces for configuring servers.
>
> This project will provide a CLI to administrators for configuring
> Kerberos Key Distribution Center (KDC) servers. The CLI will supply
> options for configuring a master KDC and slave KDC.
>
> PROPOSAL
> --------
>
> This will be implemented in a scripting language (ksh) that will
> make calls to Kerberos utilities to configure the master and slave
> KDC servers. These Kerberos and system utilities include:
>
> kdb5_util(1M)
Though I see no mention of it in this case, I presume
this new command will be added to the appropritat Rights Profile
(Kerberos Server Management?).
> kadmin(1M)
> kadmin.local(1M)
> svcadm(1M)
Speaking of Rights Profiles, it seems that appropriate privileges
are not provided to manage the services. Please log a P3 bug
or fix with this change.
> The utility needs to be run as root on the server from which it is
> invoked. Note that kdcmgr requires the user to enter sensitive
Can we please stop talking about Root and start talking about
RBAC. RBAC has been shipping since S8.
> -p pwfile
>
> Provides the location of the password file that contains the
> password
> used to create the administrative principal and/or master key.
>
> WARNING: This option should be used with great care to make sure
> that this pwfile is accessible only by the root user and on a
Ditto. How about "... is accessible only to authorized users and ..."
> local file system. Once the KDC has been configured removal of
> the file should be performed.
Gary..
