| 
        creacct  -  Creates computer and user accounts on the Windows
 2000 server (Active Directory),  extracts  DNS  hostnames
  and  service  principal  names,  and sets principal
       passwords.
       /usr/sbin/creacct [-a principal] [-h hostname] [-s principal]
 [-t keytable] [-u] [-x service]
        Adds  a  user account to the current domain of the Windows
       2000 server and sets its password.
              When adding a new user account, creacct prompts you
              for  the  username and password of a principal that
              has administrator privileges.  The Active Directory
              is  searched  first  for the given principal. If an
              entry is found, creacct prompts you to  replace  or
              modify the existing entry. If you choose to replace
              the entry, the current entry will be deleted and  a
              new entry will be added.
              When  adding  a  new user account, creacct searches
              the security database on the  UNIX  host  for  that
              user  to  retrieve  the  UNIX attributes (username,
              UID, GID, gecos, home  directory,  and  shell).  It
              prompts   you   to  modify  or  keep  the  existing
              attributes. It also prompts you for a password.
              When replacing a specified  user  account,  creacct
              searches  the  Active  Directory for that principal
              name and its UNIX attributes.  It  prompts  you  to
              modify  or  keep  the  existing attributes. It also
              prompts you for a password.
              A password must be typed twice to prevent mistakes.
              You can choose not to set a password when adding or
              modifying a user account. To  do  this,  press  the
              Return key without entering any values at the first
              password prompt.
              All new user accounts will be added to the  current
              domain  in  the  Active  Directory  under the Users
              group. All modified user accounts will be  replaced
              in  their corresponding groups. The UNIX attributes
              are set for the user account under the  Tru64  UNIX
              tab  of  the  Active  Directory.  Tru64  UNIX  user
              restrictions apply. See the  System  Administration
              guide  for  more  information  on  Tru64  UNIX user
              account restrictions.  Adds a computer  (UNIX  host
              or  cluster alias) account to the current domain of
              the Windows 2000 server.
              When adding a new host account, creacct prompts you
              for  the user name and password of a principal that
              has administrator privileges.  The Active Directory
              is  searched  first for the given host. If an entry
              is found, creacct prompts you to replace or  modify
              the  existing  entry.  If you choose to replace the
              entry, the current entry will be deleted and a  new
              entry will be added.
              If  you  add  a new host account without specifying
              the DNS suffix (to create a fully qualified  name),
              creacct  will  construct  one  for you based on the
              local DNS name for the current UNIX host.
              When replacing an existing  host  account,  creacct
              searches  the Active Directory for that computer to
              retrieve the DNS host name.  It then prompts you to
              modify  the DNS host name. You must specify a valid
              DNS host name. You can also keep the existing  host
              name  by  reentering  it  at the prompt. All new or
              existing host accounts will be added to the current
              domain  in the Active Directory under the Computers
              group.
              The -h option does not require that the -t  or  the
              -u  options be specified. However, if the -t option
              is not specified, creacct attempts to add the  host
              service  key entry to the default service key table
              file, /krb5/v5srvtab. If the -u option is not specified,
  the new host entry will not be added to the
              /etc/ldapcd.conf     file.       Modifying      the
              /etc/ldapcd.conf  and /krb5/v5srvtab files requires
              Tru64 UNIX root access. Root owns both files.  Sets
              the  password associated with the specified principal.
              If you are changing a password, creacct prompts you
              for  the user name and password of a principal that
              has administrator privileges.  Then it prompts  you
              for  the  new  password.  The  new password must be
              typed twice to prevent mistakes.  Specifies a  service
  key  table file other than the default, which
              is /krb5/v5srvtab, unless the CSFC5KTNAME  environment
 variable is set to an alternate key table file
              name. You can use the -t option only  with  the  -h
              and  the  -x options.  Updates the ldapcd.conf configuration
 file with the host entry for the  Single
              Sign  On  daemon.   Extracts a key from the Windows
              2000 server for the UNIX host service principal  or
              another  service  principal. It adds the key to the
              default service key table file  or  the  designated
              key table file specified by the -t option.
              The  creacct  command prompts you for the user name
              and password of a principal that has  administrator
              privileges.  When  extracting  a  key for host services,
 use the host/ prefix and the fully qualified
              name  of your UNIX host. You must specify a service
              principal name.
              For example, the following  command obtains a  service
  ticket for the host/server1.company.com principal
 in the COMPANY.COM realm. (Refer to ktutil(1)
              to manage the newly extracted service key).
              # creacct -x host/server1.company.com
              When  extracting  a  principal service key from the
              security server, the full principal  name  must  be
              specified  including  the  host name of the Windows
              2000 Active Directory host and its DNS suffix.  For
              example,  the  following  command obtains a service
              ticket  for   the   user1/w2kserverhost.company.com
              principal in the COMPANY.COM realm:
              # creacct -x user1/w2kserverhost.company.com
              We recommend that the -x option be used with the -t
              option to extract the key to a temporary key  table
              file  before  adding  it  to  the default key table
              file, /krb5/v5srvtab.  Use ktutil to view and  manage
 the key table file.
                                     Note
              The  -x  option  will set a random password for the
              given principal or service.
       The creacct command adds computers and users to  the  Windows
  2000  server,  extracts  DNS  host names and service
       principal names, sets principal passwords,  extracts  service
  tickets,  creates  Kerberos  key  table  files,  and
       updates the /etc/ldapcd.conf configuration file.
       Before you can perform any creacct operation, the Kerberos
       environment  must  be  set  up.  You  also must be able to
       authenticate yourself to  the  Kerberos  server  and  have
       appropriate permissions.
       All creacct operations require a valid user in the Windows
       2000 server with administrator  privileges.  Some  creacct
       operations  (-h,  -x,  and -u) require write access to the
       /krb5/v5srvtab (service key  table)  and  /etc/ldapcd.conf
       (configuration)  files.  Because  these files are owned by
       root, you must log on as root to  access  them.  All  user
       accounts  must  comply  with  the Tru64 UNIX user restrictions.
       All new user accounts will be added to the current  domain
       in  the  Active  Directory  under  the  Users  group. When
       prompted for a user with administrator privileges, do  not
       enter  the  administrator  principal  of your Windows 2000
       server. This is a restriction by the Windows 2000 security
       paradigm.  Refer  to  the  System Administration guide for
       more information on Tru64 UNIX user account  restrictions.
       To  add a user account called usera to the security server
       COMPANY.COM, enter:
              # creacct -a usera Enter Admin principal:  adminprn
              Password for adminprn@COMPANY.COM: password
              Adding usera to directory...
              Enter   the  UNIX  user  attributes  for  the  KDC:
                   Enter comments: testing      Enter home directory:
  /usr/users/usera       Enter shell: /bin/ksh
                   Enter GID (i.e. 15): 15      Enter  UID  (i.e.
              200):  333       Enter  the  new  password for user
              (usera): password  Confirm  password:  password  To
              modify  the  Tru64 UNIX attribute of a user account
              called usera in  the  security  server  COMPANY.COM
              without changing the password, enter:
              #  creacct -a usera Enter Admin principal: adminprn
              Password for adminprn@COMPANY.COM: [Return]
              Adding usera to directory...
              Found an existing entry. Replace/Modify? [r/m] m
              User usera has the following attributes:       comments:
      (testing)           home     directory:
              (/usr/users/usera)      shell: (/bin/ksh)      GID:
              (15)      UID: (333)
              These  attributes are required for the KDC. Modify?
              [y/n] n
              Enter the new password for user  (usera):  [Return]
                   Password  will  not be set.  To add a computer
              host account to the security server COMPANY.COM and
              update    the    /krb5/v5srvtab    file   and   the
              /etc/ldapcd.conf file, enter:
              # creacct -h hosta -u Enter Admin principal: adminprn
 Password for adminprn@COMPANY.COM: password
              Adding hosta.unix.com to directory...
              Extracting host/hosta.unix.com key...
              Updating /etc/ldapcd.conf...
              To  view the service key for hosta in the key table
              file, enter:
              # ktutil Keytab name:  /krb5/v5srvtab  KVNO  Timestamp
                Principal
              -----------------------------------------------------
              1         Mon         Mar        12        13:38:42
              2001         host/hosta.unix.com@COMPANY.COM     To
              modify  the  DNS  attribute  of  a UNIX host in the
              security server, enter:
              # creacct -h hosta.unix.com -u Enter Admin  principal:
  adminprn  Password  for adminprn@COMPANY.COM:
              password
              Adding hosta.unix.com to directory...
              Found an existing entry.  Replace/Modify?  [r/m]  m
              Current  DNS  is  hosta.unix.com,  enter  new name:
              hosta.unix1.com
              Extracting host/hosta.unix.com key...
              Updating /etc/ldapcd.conf...
              To view the service key for hosta in the key  table
              file, enter:
              #  ktutil  Keytab  name: /krb5/v5srvtab KVNO Timestamp
                Principal
              -----------------------------------------------------
              1        Mon        Mar         12         13:38:42
              2001         host/hosta.unix.com@COMPANY.COM
              In  this  example, only the DNS host value changed.
              The UNIX host  service  key  did  not  change.   To
              extract  a service key from the security server and
              add  it   to   the   service   key   table   called
              /krb5/srvtable, enter:
              # creacct -x host/hosta.unix.com -t /krb5/srvtable
              If  the  -t option is not used to specify the file,
              the default key table file will be used.
ENVIRONMENT VARIABLES    [Toc]    [Back]       Controls the service key table file.
        Default service key table file.  Configuration file.
 
       Commands: kdestroy(1), kinit(1), klist(1), ktutil(1)
       SSO Installation and Administration Guide
                                                       creacct(1)
[ Back ] |