Kerberos Server Profile¶
Kerberos server profiles configure KDC (Key Distribution Center) server connections for Kerberos authentication in Strata Cloud Manager. The scm CLI provides commands to create, update, delete, and bulk manage Kerberos server profiles.
Overview¶
The kerberos-server-profile commands allow you to:
- Create Kerberos server profiles with KDC server configurations
- Update existing profile server lists and settings
- Delete profiles that are no longer needed
- Bulk import profiles from YAML files
- Export profiles for backup or migration
Set Kerberos Server Profile¶
Create or update a Kerberos server profile.
Syntax¶
Options¶
| Option | Description | Required |
|---|---|---|
--name TEXT |
Profile name | Yes |
--folder TEXT |
Folder location | No* |
--snippet TEXT |
Snippet location | No* |
--device TEXT |
Device location | No* |
--servers TEXT |
Server list as JSON | No |
* One of --folder, --snippet, or --device is required.
Examples¶
Create Kerberos Server Profile¶
$ scm set identity kerberos-server-profile \
--folder Texas \
--name corp-kerberos \
--servers '[{"name": "kdc1", "host": "kdc1.example.com", "port": 88}]'
---> 100%
Created kerberos-server-profile: corp-kerberos in folder Texas
Create Profile with Multiple KDC Servers¶
$ scm set identity kerberos-server-profile \
--folder Texas \
--name corp-kerberos-ha \
--servers '[{"name": "kdc1", "host": "kdc1.example.com", "port": 88}, {"name": "kdc2", "host": "kdc2.example.com", "port": 88}]'
---> 100%
Created kerberos-server-profile: corp-kerberos-ha in folder Texas
Delete Kerberos Server Profile¶
Delete a Kerberos server profile from SCM.
Syntax¶
Options¶
| Option | Description | Required |
|---|---|---|
--name TEXT |
Profile name | Yes |
--folder TEXT |
Folder location | No* |
--snippet TEXT |
Snippet location | No* |
--device TEXT |
Device location | No* |
--force |
Skip confirmation prompt | No |
* One of --folder, --snippet, or --device is required.
Example¶
$ scm delete identity kerberos-server-profile \
--folder Texas \
--name corp-kerberos \
--force
---> 100%
Deleted kerberos-server-profile: corp-kerberos from folder Texas
Load Kerberos Server Profile¶
Load multiple Kerberos server profiles from a YAML file.
Syntax¶
Options¶
| Option | Description | Required |
|---|---|---|
--file TEXT |
Path to YAML file | Yes |
--folder TEXT |
Folder location override | No |
--snippet TEXT |
Snippet location override | No |
--device TEXT |
Device location override | No |
--dry-run |
Preview changes without applying | No |
YAML File Format¶
---
kerberos_server_profiles:
- name: corp-kerberos
folder: Texas
servers:
- name: kdc1
host: kdc1.example.com
port: 88
- name: branch-kerberos
folder: Texas
servers:
- name: kdc-branch1
host: kdc-branch1.example.com
port: 88
- name: kdc-branch2
host: kdc-branch2.example.com
port: 88
Examples¶
Load with Original Locations¶
$ scm load identity kerberos-server-profile --file kerberos.yml
---> 100%
✓ Loaded kerberos-server-profile: corp-kerberos
✓ Loaded kerberos-server-profile: branch-kerberos
Successfully loaded 2 out of 2 kerberos-server-profiles from 'kerberos.yml'
Load with Folder Override¶
$ scm load identity kerberos-server-profile \
--file kerberos.yml \
--folder Austin
---> 100%
✓ Loaded kerberos-server-profile: corp-kerberos
✓ Loaded kerberos-server-profile: branch-kerberos
Successfully loaded 2 out of 2 kerberos-server-profiles from 'kerberos.yml'
Note
When using container override options (--folder, --snippet, --device), all Kerberos server profiles will be loaded into the specified container, ignoring the container specified in the YAML file.
Show Kerberos Server Profile¶
Display Kerberos server profile objects.
Syntax¶
Options¶
| Option | Description | Required |
|---|---|---|
--name TEXT |
Profile name | No |
--folder TEXT |
Folder location | No* |
--snippet TEXT |
Snippet location | No* |
--device TEXT |
Device location | No* |
* One of --folder, --snippet, or --device is required.
Note
When no --name is specified, all items are listed by default.
Examples¶
Show Specific Kerberos Server Profile¶
$ scm show identity kerberos-server-profile \
--folder Texas \
--name corp-kerberos
---> 100%
Kerberos Server Profile: corp-kerberos
Location: Folder 'Texas'
Servers:
- kdc1 (kdc1.example.com:88)
List All Kerberos Server Profiles (Default Behavior)¶
$ scm show identity kerberos-server-profile --folder Texas
---> 100%
Kerberos Server Profiles in folder 'Texas':
------------------------------------------------------------
Name: corp-kerberos
Servers: kdc1 (kdc1.example.com:88)
------------------------------------------------------------
Name: branch-kerberos
Servers: kdc-branch1 (kdc-branch1.example.com:88), kdc-branch2 (kdc-branch2.example.com:88)
------------------------------------------------------------
Backup Kerberos Server Profiles¶
Backup all Kerberos server profile objects from a specified location to a YAML file.
Syntax¶
Options¶
| Option | Description | Required |
|---|---|---|
--folder TEXT |
Folder location | No* |
--snippet TEXT |
Snippet location | No* |
--device TEXT |
Device location | No* |
--file TEXT |
Custom output filename | No |
* One of --folder, --snippet, or --device is required.
Examples¶
Backup from Folder¶
$ scm backup identity kerberos-server-profile --folder Texas
---> 100%
Successfully backed up 3 kerberos-server-profiles to kerberos_server_profile_folder_texas_20240115_120530.yaml
Backup with Custom Filename¶
$ scm backup identity kerberos-server-profile \
--folder Texas \
--file texas-kerberos.yaml
---> 100%
Successfully backed up 3 kerberos-server-profiles to texas-kerberos.yaml
Best Practices¶
- Use Descriptive Profile Names: Name profiles by environment or location (e.g.,
corp-kerberos,branch-kerberos) for easy identification. - Configure Multiple KDC Servers: Add redundant KDC servers to ensure high availability for Kerberos authentication.
- Use Standard Ports: Use port 88 (the Kerberos default) unless your environment requires a non-standard configuration.
- Backup Before Changes: Export existing profiles before making modifications to enable quick rollback if needed.
- Use YAML for Bulk Operations: Manage multiple Kerberos server profiles through YAML files to ensure consistency across environments.