Configuring the Kerberos Server with LDAP

Configuration Files for LDAP Integration

This file is generated automatically based on the input provided by you while autoconfiguring the Kerberos server. Alternatively, a sample file is available in the /opt/krb5/examples directory. You can copy this file to the /opt/krb5 directory, and manually edit it. HP recommends that you use the autoconfiguration tool to generate this file.

This file must reside in the /opt/krb5 directory and must have the following permissions:

-rw------- root 3 sys

The krb5_ldap.conf File Format

Following is the format of the krb5_ldap.conf file:

ldap_enabled = 1

directory_servers = fox.bambi.com:389 base_dn_for_search = o=bambi.com security_mech = password proxy_user=cn = Directory Manager

proxy_user_password = <#$%^&*0#$0^&@1!$^%#10^0%> default_object_template = account default_princ_subtree = ou=People,o=bambi.com default_objcls_attr = uid

Use the krb5_encrypt tool to modify the proxy_user_password field in the /opt/krb5/krb5_ldap.conf file. You must change the proxy field whenever you change the password of the proxy user or the master key. Ensure that the encryption key type and the master key type are the same; else the Kerberos server will not connect to the LDAP server. Table 6-2 provides a detailed description of the various parameters in the krb5_ldap.conf file.

Table 6-2

krb5_ldap.conf File Format

 

 

 

 

 

Parameter

Description

 

 

 

 

ldap_enabled

This line indicates whether you

 

 

have enabled LDAP.

 

 

1 indicates that you have enabled

 

 

LDAP and 0 indicates that you

 

 

have not enabled LDAP as the

 

 

backend database.

 

 

 

Chapter 6

75

Page 75
Image 75
HP UX Kerberos Data Security Software manual Krb5ldap.conf File Format, Parameter Description