aaa-kcdAccount¶
The following operations can be performed on "aaa-kcdAccount":
check| set| rm| unset| add| show|
check aaa kcdAccount¶
Check Kerberos configuration.
Synopsis¶
check aaa kcdAccount -realmStr
Arguments¶
realmStr Active Directory Domain
delegatedUser Service Account Name
kcdPassword Service Account Password
serviceSPN Service FQDN
userRealm Impersonate user
Example¶
check aaa kcdAccount -realmStr AAA.LOCAL -delegatedUser svc_iis3 -kcdPassword
set aaa kcdAccount¶
Set the KCD account information.
Synopsis¶
set aaa kcdAccount
Arguments¶
kcdAccount The name of the KCD account.
keytab The path to the keytab file. If specified other parameters in this command need not be given
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
Example¶
set aaa kcdaccount my_kcd_acct -keytab /var/hiskcd.keytab The above command sets the keytab location for KCD account my_kcd_acct to /var/hiskcd.keytab
rm aaa kcdAccount¶
Remove the KCD account.
Synopsis¶
rm aaa kcdAccount
Arguments¶
kcdAccount The KCD account name.
unset aaa kcdAccount¶
Unset the KCD account information..Refer to the set aaa kcdAccount command for meanings of the arguments.
Synopsis¶
unset aaa kcdAccount
add aaa kcdAccount¶
Add a Kerberos constrained delegation account.
Synopsis¶
add aaa kcdAccount
Arguments¶
kcdAccount The name of the KCD account.
keytab The path to the keytab file. If specified other parameters in this command need not be given
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
Example¶
add aaa kcdaccount my_kcd_acct -keytab /var/mykcd.keytab add aaa kcdaccount my_kcd_acct -keytab The above example adds a Kerberos constrained delegation account my_kcd_acct, with the keytab file located at /var/mykcd.keytab
show aaa kcdAccount¶
Display KCD accounts.
Synopsis¶
show aaa kcdAccount [
Arguments¶
kcdAccount The KCD account name.
Output¶
keytab The path to the keytab file. If specified other parameters in this command need not be given
principle SPN extracted from keytab file.
kcdSPN Host SPN extracted from keytab file.
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
stateflag devno count
Example¶
Example
show aaa kcdaccount my_kcd_acct KcdAccount: my_kcd_acct Keytab: /var/mykcd.keytab Done