aaa kcdAccount¶
The following operations can be performed on "aaa kcdAccount":
add aaa kcdAccount¶
Add a Kerberos constrained delegation account.
Synopsys¶
add aaa kcdAccount <kcdAccount> {-keytab <string>} {-realmStr <string>} {-delegatedUser <string>} {-kcdPassword } {-usercert <string>} {-cacert <string>} [-userRealm <string>] [-enterpriseRealm <string>] [-serviceSPN <string>]
Arguments¶
kcdAccount
The name of the KCD account.
keytab
The path to the keytab file. If specified other parameters in this command need not be given
realmStr
Kerberos Realm.
delegatedUser
Username that can perform kerberos constrained delegation.
kcdPassword
Password for Delegated User.
usercert
SSL Cert (including private key) for Delegated User.
cacert
CA Cert for UserCert or when doing PKINIT backchannel.
userRealm
Realm of the user
enterpriseRealm
Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN
Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Netscaler will construct SPN using service fqdn
Example¶
add aaa kcdaccount my_kcd_acct -keytab /var/mykcd.keytabadd aaa kcdaccount my_kcd_acct -keytabThe above example adds a Kerberos constrained delegation account my_kcd_acct, with the keytab file located at /var/mykcd.keytab
rm aaa kcdAccount¶
Remove the KCD account.
Synopsys¶
rm aaa kcdAccount <kcdAccount>
Arguments¶
kcdAccount
The KCD account name.
set aaa kcdAccount¶
Set the KCD account information.
Synopsys¶
set aaa kcdAccount <kcdAccount> [-keytab <string>] [-realmStr <string>] [-delegatedUser <string>] [-kcdPassword ] [-usercert <string>] [-cacert <string>] [-userRealm <string>] [-enterpriseRealm <string>] [-serviceSPN <string>]
Arguments¶
kcdAccount
The name of the KCD account.
keytab
The path to the keytab file. If specified other parameters in this command need not be given
realmStr
Kerberos Realm.
delegatedUser
Username that can perform kerberos constrained delegation.
kcdPassword
Password for Delegated User.
usercert
SSL Cert (including private key) for Delegated User.
cacert
CA Cert for UserCert or when doing PKINIT backchannel.
userRealm
Realm of the user
enterpriseRealm
Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN
Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Netscaler will construct SPN using service fqdn
Example¶
set aaa kcdaccount my_kcd_acct -keytab /var/hiskcd.keytabThe above command sets the keytab location for KCD account my_kcd_acct to /var/hiskcd.keytab
unset aaa kcdAccount¶
Unset the KCD account information..Refer to the set aaa kcdAccount command for meanings of the arguments.
Synopsys¶
unset aaa kcdAccount <kcdAccount> [-usercert] [-cacert] [-userRealm] [-enterpriseRealm] [-serviceSPN]
show aaa kcdAccount¶
Display KCD accounts.
Synopsys¶
show aaa kcdAccount [<kcdAccount>]
Arguments¶
kcdAccount
The KCD account name.
Outputs¶
keytab
The path to the keytab file. If specified other parameters in this command need not be given
principle
SPN extracted from keytab file.
kcdSPN
Host SPN extracted from keytab file.
realmStr
Kerberos Realm.
delegatedUser
Username that can perform kerberos constrained delegation.
kcdPassword
Password for Delegated User.
usercert
SSL Cert (including private key) for Delegated User.
cacert
CA Cert for UserCert or when doing PKINIT backchannel.
userRealm
Realm of the user
enterpriseRealm
Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN
Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Netscaler will construct SPN using service fqdn
stateflag
devno
count
Example¶
Example> show aaa kcdaccount my_kcd_acct KcdAccount: my_kcd_acct Keytab: /var/mykcd.keytab Done>