 |
» |
|
|
|
An automated
tool named krbsetup is provided to autoconfigure your Kerberos server. Use
this tool to: Configure the
Kerberos Server with either LDAP or C-Tree as the backend database. Stop the kdcd, kadmind, and kpropd daemons.
The krbsetup tool is installed in the following directory: /opt/krb5/sbin This tool automatically creates the following files and places
them in the /opt/krb5 directory: This tool allows you to: Specify
whether you want to configure your Kerberos server with either LDAP
or C-Tree as the backend database. Specify whether you want
to configure your Kerberos server as either a primary security server
or a secondary security server. Customize your realm name. Provide an option to create
a stash file. Specify the encryption type. Specify a different location
for the log messages if you do not want to store the log messages
in the default syslog file. Specify the security mechanism
for your LDAP-based Kerberos server. Specify the Directory server
host name of the LDAP-based Kerberos server. Specify the TCP port number
of the LDAP-based Kerberos server. Specify the Proxy user DN
of your LDAP-based Kerberos server. Extend your Kerberos schema
on the Directory server. Specify the Default base
DN for search of the LDAP-based Kerberos server. Specify the default principal
subtree DN of the LDAP-based Kerberos server. Specify the object class
template of the LDAP-based Kerberos server.
The other sections in the configuration files are set to the
default values. If you want to customize these sections, manually
edit the configuration files and restart the kdcd and kadmind daemons using this tool. | | | |  | NOTE: HP recommends that you use the krbsetup tool to configure your basic Kerberos server. | | | | |
Following steps show you how to autoconfigure your Kerberos
server: Run the /opt/krb5/sbin/krbsetup utility. Select one of the following options: 1) Configure the server
2) Start the Kerberos daemons
3) Stop the Kerberos daemons
4) Un-configure the Server
5) Exit
6) Help |
To configure the server, select
option 1. The following output is displayed: 1) Configure the Server with LDAP backend
2) Configure the Server with C-Tree backend
0) Return to Previous Menu
Selection: [0] |
To start the Kerberos daemons,
kadmind and kdcd, select option 2. You must manually start the
kpropd daemon. Press Return to return to the main menu. To stop the Kerberos daemons,
select option 3. Press Return to return to the main menu. To unconfigure the Kerberos daemons,
select option 4. You are prompted with a message to confirm this
action. Press y to unconfigure the Kerberos server and
n to return to the main menu. To exit the tool, select option 5. To view the help contents, select
option 6.
Configuring
the Kerberos Server with C-Tree | |
Complete the following procedure to autoconfigure your Kerberos
server with C-Tree: Run the /opt/krb5/sbin/krbsetup utility. Select one of the following options: 1) Configure the server
2) Start the Kerberos daemons
3) Stop the Kerberos daemons
4) Un-configure the Server
5) Exit
6) Help |
To configure the Kerberos Server,
select option 1. The following output is displayed: 1) Configure the Server with LDAP backend
2) Configure the Server with C-Tree backend
0) Return to Previous Menu
Selection: [0] |
To configure the Kerberos Server
with C-Tree backend, select option 2. To remove the existing Kerberos
server configuration, press y and
press n to retain the existing
database. Configure your Kerberos server
as either a primary security server or a secondary security server: To configure
your Kerberos server as a primary security server, select option
1. To configure your Kerberos
server as a secondary security server, select option 2. Before you log on to the Remote
Administrator, stop the daemons that are already running on the
secondary security server.
Specify the encryption type.
If you do not specify a value, the default value, DES-MD5, is selected. To stash the principal database
key file on your local disk, press y at
the prompt. Press n if you do
not want to stash the principal database key file. Enter names for other servers: If you had
chosen to configure your primary security server, you are prompted
for the names of your secondary security servers. If you had chosen to configure
your secondary security server, you are prompted for the name of
your primary security server.
Enter the realm name. The default
value is displayed. To use the default, press Return;
otherwise, enter your realm name. Enter the location where you
want to store log messages. By default, log messages are stored
in the syslog file. To change the default location, enter
y and specify the absolute directory
name for the log messages. Enter the database master password. Re-enter the database master
password to verify the password. Your configuration is now complete
and your Kerberos daemons are up and running. To return to the main
menu, press Return.
|
Printable version
