Skip to content

aaa kcdAccount

The following operations can be performed on "aaa kcdAccount":

add| rm| set| unset| show

add aaa kcdAccount

p{white-space: pre-wrap;}

Add a Kerberos constrained delegation account.

Synopsys

add aaa kcdAccount <kcdAccount> {-keytab <string>} {-realmStr <string>} {-delegatedUser <string>} {-kcdPassword } {-usercert <string>} {-cacert <string>} [-userRealm <string>] [-enterpriseRealm <string>] [-serviceSPN <string>]

Arguments

kcdAccount

The name of the KCD account.

keytab

The path to the keytab file. If specified other parameters in this command need not be given

realmStr

Kerberos Realm.

delegatedUser

Username that can perform kerberos constrained delegation.

kcdPassword

Password for Delegated User.

usercert

SSL Cert (including private key) for Delegated User.

cacert

CA Cert for UserCert or when doing PKINIT backchannel.

userRealm

Realm of the user

enterpriseRealm

Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name

serviceSPN

Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn

Example

add aaa kcdaccount my_kcd_acct -keytab /var/mykcd.keytab add aaa kcdaccount my_kcd_acct -keytab The above example adds a Kerberos constrained delegation account my_kcd_acct, with the keytab file located at /var/mykcd.keytab

rm aaa kcdAccount

p{white-space: pre-wrap;}

Remove the KCD account.

Synopsys

rm aaa kcdAccount <kcdAccount>

Arguments

kcdAccount

The KCD account name.

set aaa kcdAccount

p{white-space: pre-wrap;}

Set the KCD account information.

Synopsys

set aaa kcdAccount <kcdAccount> [-keytab <string>] [-realmStr <string>] [-delegatedUser <string>] [-kcdPassword ] [-usercert <string>] [-cacert <string>] [-userRealm <string>] [-enterpriseRealm <string>] [-serviceSPN <string>]

Arguments

kcdAccount

The name of the KCD account.

keytab

The path to the keytab file. If specified other parameters in this command need not be given

realmStr

Kerberos Realm.

delegatedUser

Username that can perform kerberos constrained delegation.

kcdPassword

Password for Delegated User.

usercert

SSL Cert (including private key) for Delegated User.

cacert

CA Cert for UserCert or when doing PKINIT backchannel.

userRealm

Realm of the user

enterpriseRealm

Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name

serviceSPN

Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn

Example

set aaa kcdaccount my_kcd_acct -keytab /var/hiskcd.keytab The above command sets the keytab location for KCD account my_kcd_acct to /var/hiskcd.keytab

unset aaa kcdAccount

p{white-space: pre-wrap;}

Unset the KCD account information..Refer to the set aaa kcdAccount command for meanings of the arguments.

Synopsys

unset aaa kcdAccount <kcdAccount> [-usercert] [-cacert] [-userRealm] [-enterpriseRealm] [-serviceSPN]

show aaa kcdAccount

p{white-space: pre-wrap;}

Display KCD accounts.

Synopsys

show aaa kcdAccount [<kcdAccount>]

Arguments

kcdAccount

The KCD account name.

Outputs

keytab

The path to the keytab file. If specified other parameters in this command need not be given

principle

SPN extracted from keytab file.

kcdSPN

Host SPN extracted from keytab file.

realmStr

Kerberos Realm.

delegatedUser

Username that can perform kerberos constrained delegation.

kcdPassword

Password for Delegated User.

usercert

SSL Cert (including private key) for Delegated User.

cacert

CA Cert for UserCert or when doing PKINIT backchannel.

userRealm

Realm of the user

enterpriseRealm

Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name

serviceSPN

Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn

stateflag

devno

count

Example

Example > show aaa kcdaccount my_kcd_acct KcdAccount: my_kcd_acct Keytab: /var/mykcd.keytab Done >