You want to add a new user to an existing MIT Kerberos-5 realm.
Use kadmin on any realm host:
$ kadmin Authenticating as principal pat/admin@DOGOOD.ORG with password.
To add the user named joe:
kadmin: ank -policy users joe Enter password for principal "joe@DOGOOD.ORG": ******** Re-enter password for principal "joe@DOGOOD.ORG": ******** Principal "joe@DOGOOD.ORG" created.
To give joe administrative privileges:
kadmin: ank -policy admin joe/admin Enter password for principal "joe/admin@DOGOOD.ORG": ******** Re-enter password for principal "joe/admin@DOGOOD.ORG": ******** Principal "joe/admin@DOGOOD.ORG" created.
and tell Joe his temporary user and admin passwords, which he should immediately change with kpasswd . When finished:
kadmin: quit
This is the same procedure we used while setting up your KDC. [Recipe 4.11] You need not be on the KDC to do administration; you can do it remotely with kadmin. The program kadmin.local, which we used before, is only for bootstrapping or other exceptional situations.
kadmin(8).