This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
aaa-kcdAccount
The following operations can be performed on “aaa-kcdAccount”:
show | unset | rm | check | set | add |
show aaa kcdAccount
Display KCD accounts.
Synopsis
show aaa kcdAccount [
Arguments
kcdAccount The KCD account name.
Output
keytab The path to the keytab file. If specified other parameters in this command need not be given
principle SPN extracted from keytab file.
kcdSPN Host SPN extracted from keytab file.
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
stateflag devno count
Example
Example
show aaa kcdaccount my_kcd_acct KcdAccount: my_kcd_acct Keytab: /var/mykcd.keytab Done
unset aaa kcdAccount
Unset the KCD account information..Refer to the set aaa kcdAccount command for meanings of the arguments.
Synopsis
unset aaa kcdAccount
rm aaa kcdAccount
Remove the KCD account.
Synopsis
rm aaa kcdAccount
Arguments
kcdAccount The KCD account name.
check aaa kcdAccount
Check Kerberos configuration.
Synopsis
check aaa kcdAccount -realmStr
Arguments
realmStr Active Directory Domain
delegatedUser Service Account Name
kcdPassword Service Account Password
serviceSPN Service FQDN
userRealm Impersonate user
Example
check aaa kcdAccount -realmStr AAA.LOCAL -delegatedUser svc_iis3 -kcdPassword
set aaa kcdAccount
Set the KCD account information.
Synopsis
set aaa kcdAccount
Arguments
kcdAccount The name of the KCD account.
keytab The path to the keytab file. If specified other parameters in this command need not be given
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
Example
set aaa kcdaccount my_kcd_acct -keytab /var/hiskcd.keytab The above command sets the keytab location for KCD account my_kcd_acct to /var/hiskcd.keytab
add aaa kcdAccount
Add a Kerberos constrained delegation account.
Synopsis
add aaa kcdAccount
Arguments
kcdAccount The name of the KCD account.
keytab The path to the keytab file. If specified other parameters in this command need not be given
realmStr Kerberos Realm.
delegatedUser Username that can perform kerberos constrained delegation.
kcdPassword Password for Delegated User.
usercert SSL Cert (including private key) for Delegated User.
cacert CA Cert for UserCert or when doing PKINIT backchannel.
userRealm Realm of the user
enterpriseRealm Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name
serviceSPN Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn
Example
add aaa kcdaccount my_kcd_acct -keytab /var/mykcd.keytab add aaa kcdaccount my_kcd_acct -keytab The above example adds a Kerberos constrained delegation account my_kcd_acct, with the keytab file located at /var/mykcd.keytab
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.