Configuring the Kerberos Server With C-Tree Backend

Configuration Files for the Kerberos Server

Configuration Files for the Kerberos Server

You must install all the critical Kerberos server files on the system before you start configuring the Kerberos Server. You must configure these files on the primary security server and copy these files to all the secondary security servers on the network. Table 5-1 briefly describes the server files that you need to configure.

Table 5-1

Security Server Files That Require Configuration

 

 

 

 

Configuration File

Function

 

 

 

 

/opt/krb5/krb.conf

Describes the default realm of the

 

 

primary security server and the

 

 

roles of each server for that

 

 

particular realm.

 

 

 

 

/opt/krb5/krb.realms

Provides a way to map the host

 

 

name or domain name to the

 

 

associated realm name.

 

 

 

 

/opt/krb5/admin_acl_file

Controls the administrative

 

 

permissions for administrators. See

 

 

“The admin_acl_file File” on

 

 

page 113 for more information.

 

 

 

 

/opt/krb5/password.policy

Controls password policy for the

 

 

entire security network. See

 

 

“Password Policy File” on page 119

 

 

for more information.

 

 

 

 

/opt/krb5/kpropd.ini

Contains the configuration

 

 

information that is used for

 

 

propagation. This is a text file. See

 

 

“The kpropd.ini File” on page 251 for

 

 

more information.

 

 

 

This chapter contains detailed descriptions of the krb.conf and krb.realms configuration files. If you have opted to configure LDAP as the backend, see “Planning Your LDAP Configuration” on page 83.

64

Chapter 5

Page 64
Image 64
HP UX Kerberos Data Security Software manual Configuration Files for the Kerberos Server, Configuration File Function