Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
objectClasses: (
DESC ’An structural object class used for configuring the principal name of an associated principal entry.’ SUP top STRUCTURAL MUST ( hpKrbPrincipalName ) MAY ( hpKrbKeyVersion $ hpKrbKeyData ) )
The krb5_map.conf File
The krb5_map.conf mapping file defines the mapping of the default kerberos attributes to user defined attributes, to support the Kerberos server schema. The Kerberos server uses this map file for translating Kerberos attribute names to LDAP attribute names. Each entry in the mapping file represents a translation for an attribute.
The krb5_map.conf file is automatically generated based on the input provided by you while autoconfiguring the Kerberos server. Alternatively, a sample file is available in the /opt/krb5/examples directory. You can copy this file to the /opt/krb5 directory, and manually edit it. HP recommends that you use the autoconfiguration tool to generate this file.
This file must reside in the /opt/krb5 directory and must have the following permissions:
Following is the format of the default mapping file:
hpKrbPrincipalName | = | hpKrbPrincipalName |
hpKrbMaxTicketAge | = | hpKrbMaxTicketAge |
hpKrbMaxRenewAge | = | hpKrbMaxRenewAge |
hpKrbAccountExpires | = | hpKrbAccountExpires |
hpKrbPasswordExpireTime | = | hpKrbPasswordExpireTime |
hpKrbPwdLastSet | = | hpKrbPwdLastSet |
hpKrbLastLogon | = | hpKrbLastLogon |
hpKrbBadPasswordTime | = | hpKrbBadPasswordTime |
hpKrbBadPwdCount | = | hpKrbBadPwdCount |
hpKrbModifiersName | = | hpKrbModifiersName |
hpKrbModifyTimestamp | = | hpKrbModifyTimestamp |
hpKrbAttributes | = | hpKrbAttributes |
hpKrbPolicyName | = | hpKrbPolicyName |
Chapter 6 | 81 |