Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 6 Configuring the Kerberos Server with LDAP

Manually Configuring the Kerberos Server with LDAP
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This section describes how to manually configure your Kerberos server with LDAP. HP recommends that you use the autoconfiguration tool to set up your basic Kerberos security server with LDAP. For more information on autoconfiguration, see “Autoconfiguring the Kerberos Server With LDAP Integration”.

The subsequent sections describe the configuration files and the steps required to manually configure your Kerberos security server with LDAP.

Editing the Configuration Files

You can manually edit the following files to configure the Kerberos security server with LDAP:

  • LDAP-based Kerberos configuration file - krb5_ldap.conf.

  • Kerberos schema file - krb5_schema.conf.

  • Kerberos mapping file krb5_map.conf.

  • Kerberos configuration file - krb.conf.

  • Kerberos realms file - krb.realms.

The krb5_ldap.conf configuration file specifies the LDAP configuration information. See “The krb5_ldap.conf File” for more information on the configuration parameters.

NOTE: You must use the krb5_encrypt tool to set the value of proxy_user_password field. Refer the krb5_encrypt(1m) manpage for more information on the krb5_encrypt tool.

The krb5_schema.conf schema file is the default schema. HP recommends keeping the default schema. If you choose to extend the Kerberos schema, follow the guidelines listed below:

  • Never delete any element of your Kerberos schema as this affects the compatibility of your schema to other LDAP services (servers and clients).

  • Never change the Kerberos schema of your directory by modifying the existing elements as this also affects the compatibility of your schema to other LDAP services.

  • Never map an existing attribute name to a kerberos attribute name. This may result in an error when configuring the schema.

  • Never edit the Kerberos mapping file, krb5_map.conf, after configuring the server.

  • If you want to modify an element in the existing schema, you must also ensure that the changes are reflected in the krb5_map.conf mapping file.

  • If you want to manually load the Kerberos schema, use the default schema located at /opt/krb5/examples.

  • Always save your current schema before you start this process.

The Kerberos mapping file, krb5_map.conf, defines the mapping of the default kerberos attributes to user defined attributes, to support the Kerberos server schema. See “The krb5_map.conf File”, for more information.

The Kerberos configuration file, krb.conf, specifies the security servers available for client authentication and defines the default realm for the host.

The Kerberos realms file, krb.realms, defines the host-to-realm or domain-to-realm mapping data.

These files are available in the /opt/krb5/examples directory. You can copy these files to the /opt/krb5 directory, and manually edit them.

Modify the configuration files /opt/krb5/krb5_ldap.conf, /opt/krb5/krb5_schema.conf, and /opt/krb5/krb5_map.conf to reflect the correct information.

For more information about modifying the configuration files, see “Configuring the Primary Security Server”.



Autoconfiguring the Kerberos Server With LDAP Integration
  		 


Chapter 7 Configuring the Primary and Secondary Security Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.