Configuring the Kerberos Server with LDAP

Configuration Files for LDAP Integration

objectClasses: ( hpKrbKey-oid NAME ’hpKrbKey’

DESC ’An structural object class used for configuring the principal name of an associated principal entry.’ SUP top STRUCTURAL MUST ( hpKrbPrincipalName ) MAY ( hpKrbKeyVersion $ hpKrbKeyData ) )

The krb5_map.conf File

The krb5_map.conf mapping file defines the mapping of the default kerberos attributes to user defined attributes, to support the Kerberos server schema. The Kerberos server uses this map file for translating Kerberos attribute names to LDAP attribute names. Each entry in the mapping file represents a translation for an attribute.

The krb5_map.conf file is automatically generated based on the input provided by you while autoconfiguring the Kerberos server. Alternatively, a sample file is available in the /opt/krb5/examples directory. You can copy this file to the /opt/krb5 directory, and manually edit it. HP recommends that you use the autoconfiguration tool to generate this file.

This file must reside in the /opt/krb5 directory and must have the following permissions:

-rw-r--r--

root

3

The krb5_map.conf File Format

Following is the format of the default mapping file:

hpKrbPrincipalName

=

hpKrbPrincipalName

hpKrbMaxTicketAge

=

hpKrbMaxTicketAge

hpKrbMaxRenewAge

=

hpKrbMaxRenewAge

hpKrbAccountExpires

=

hpKrbAccountExpires

hpKrbPasswordExpireTime

=

hpKrbPasswordExpireTime

hpKrbPwdLastSet

=

hpKrbPwdLastSet

hpKrbLastLogon

=

hpKrbLastLogon

hpKrbBadPasswordTime

=

hpKrbBadPasswordTime

hpKrbBadPwdCount

=

hpKrbBadPwdCount

hpKrbModifiersName

=

hpKrbModifiersName

hpKrbModifyTimestamp

=

hpKrbModifyTimestamp

hpKrbAttributes

=

hpKrbAttributes

hpKrbPolicyName

=

hpKrbPolicyName

Chapter 6

81

Page 81
Image 81
HP UX Kerberos Data Security Software manual Krb5map.conf File Format