HP UX Kerberos Data Security Software Table, Parameter, File Format, Description, krb5_ldap.conf File Format, The krb5_ldap.conf File Format

Configuring the Kerberos Server with LDAP

Configuration Files for LDAP Integration

This file is generated automatically based on the input provided by you while autoconfiguring the Kerberos server. Alternatively, a sample file is available in the /opt/krb5/examples directory. You can copy this file to the /opt/krb5 directory, and manually edit it. HP recommends that you use the autoconfiguration tool to generate this file.

This file must reside in the /opt/krb5 directory and must have the following permissions:

-rw------- root 3 sys

Following is the format of the krb5_ldap.conf file:

ldap_enabled = 1

directory_servers = fox.bambi.com:389 base_dn_for_search = o=bambi.com security_mech = password proxy_user=cn = Directory Manager

proxy_user_password = <#$%^&*0#$0^&@1!$^%#10^0%> default_object_template = account default_princ_subtree = ou=People,o=bambi.com default_objcls_attr = uid

Use the krb5_encrypt tool to modify the proxy_user_password field in the /opt/krb5/krb5_ldap.conf file. You must change the proxy field whenever you change the password of the proxy user or the master key. Ensure that the encryption key type and the master key type are the same; else the Kerberos server will not connect to the LDAP server. Table 6-2 provides a detailed description of the various parameters in the krb5_ldap.conf file.