Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 6 Configuring the Kerberos Server with LDAP

Autoconfiguring the Kerberos Server With LDAP Integration
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

An automated tool named krbsetup is provided to autoconfigure your Kerberos server. For more information on the krbsetup tool, see “Autoconfiguring the Kerberos Server ”.

Configuring the Kerberos Server with LDAP

Complete the following procedure to autoconfigure your Kerberos server with LDAP:

  1. Run the /opt/krb5/sbin/krbsetup utility.

  2. Select one of the following options:

      1) Configure the Server
      2) Start the Kerberos daemons
      3) Stop the Kerberos daemons
      4) Un-configure the Server
      5) Exit
     
      6) Help
     
    Selection:

  3. To configure the Kerberos Server, select option 1.

    The following output is displayed:

    1) Configure the Server with LDAP backend
    2) Configure the Server with C-Tree backend
    3) Return to Previous Menu
     
    Selection: [0]

  4. To configure the Kerberos Server with LDAP backend, select option 1.

  5. If there is an existing Kerberos server configuration, press y and press n to retain the existing database.

    NOTE: Ensure that you have a dump of the existing Kerberos database, before you configure the Kerberos server with LDAP. Chapter 3 “Migrating to a Newer Version of the Kerberos Server”, for more information.

  6. Select one of the following options to configure the security mechanism of your LDAP-based Kerberos server:

    1. SSL

    2. Password

  7. Enter the host name of the directory server. The default value is displayed. To use the default, press Return; otherwise, enter your fully qualified host name or the IP address.

  8. Enter the port number of the directory server. If you do not specify any value the following default values are selected:

    • If you have opted for SSL as the security mechanism the default value 636 is selected.

    • If you have opted for Password as the security mechanism the default value 389 is selected.

  9. Enter the DN of the proxy user. The default value is displayed. To use the default, press Return.

    NOTE: The proxy user must have the privileges to add, modify, and delete Kerberos information on the Directory server.

  10. Enter the Proxy User password.

  11. If you have opted to configure SSL as the security mechanism of your LDAP-based Kerberos Server, enter the Certificate db path.

  12. If you have opted to configure Password as the security mechanism of your LDAP-based Kerberos Server, enter the directory path where the certificates are located. The default path /etc/opt/ldapux is displayed. To use the default, press Return.

  13. To extend the existing schema in the directory, press y. Press n if you do not want to extend the schema.

    NOTE: You must have administrative privileges to extend the schema. Contact your LDAP administrator if you do not have these privileges.

    If you have pressed y, that is, opted to extend the schema, you are prompted for the following input:

    1. Enter the DN of the Admin user. The default value is displayed. To use the default, press Return; otherwise, enter your DN name.

    2. Enter the password.

    3. Select the following object classes to remap the attributes:

      1. hpKrbPrincipal

      2. hpKrbKey

      To remap the attributes of the object class hpKrbPrincipal, select option 1.

      To remap the attributes of the object class hpKrbKey, select option 2.

      NOTE: HP recommends that you use the default attributes of the hpKrbPrincipal and hpKrbKey object classes.

  14. Enter the default base DN for search. The default value is displayed. To use the default, press Return.

  15. Enter the default principal subtree DN. The default value is displayed. To use the default, press Return.

  16. Enter the default template object class. The default value is displayed. To use the default, press Return.

  17. Configure your Kerberos server as either a primary security server or a secondary security server:

    1. To configure your Kerberos server as a primary security server, select option 1.

    2. To configure your Kerberos server as a secondary security server, select option 2. Before you log on to the Remote Administrator, stop the daemons that are already running on the secondary security server.

  18. Specify the encryption type. If you do not specify a value, the default value, DES-MD5, is selected.

  19. To stash the principal database key file on your local disk, press y at the prompt. Press n if you do not want to stash the principal database key file.

  20. Enter names for other servers:

    • If you chose to configure your primary security server, you are prompted for the names of your secondary security servers.

    • If you chose to configure your secondary security server, you are prompted for the name of your primary security server.

  21. Enter the realm name. The default value is displayed. To use the default, press Return; otherwise, enter your realm name.

  22. Enter the location where you want to store log messages. By default, log messages are stored in the syslog file. To change the default location, enter y and specify the absolute directory name where you want to store the log messages.

  23. Enter the database master password.

  24. Re-enter the database master password to verify the password.

  25. Your configuration is now complete and your Kerberos daemons are up and running. To return to the main menu, press Return.



Setting up Your LDAP Configuration
  		 


Manually Configuring the Kerberos Server with LDAP  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.