Configuring the Kerberos Server with LDAP

Setting up Your LDAP Configuration

What is the name of your default principal subtree DN?

Each RDN in a DN corresponds to a branch in the DIT leading from the root of the DIT to the directory entry. The search base node subtree designates all the containers for the various information types under the base DN.

For example, ou=accounts, ou=people, o=bambi.com

By default, all Kerberos principals are added in the default principal subtree, if no LDAP entry is specified while creating the kerberos principal. The default principal subtree DN must be located under the default base DN for search.

NOTE

To effectively search for data you must add all subtree entries under

 

the default base DN.

 

 

Where are your certificates located?

This path defines the location of the database that contains the certificates for your client. The database must contain the cert7.db certificate, which is used by Mozilla or Netscape client.x. You must specify the path to the directory containing the certificate database.

For example, /.netscape/cert7.db.

What is the name of your proxy user?

Write down the distinguished name of the proxy user, if needed. The Kerberos server binds to the Directory server as the proxy user. This user must have the appropriate privileges to create, modify and delete Kerberos principals.

For example, cn=Anne.

What is the name of your default object class template?

The Kerberos principal must be associated with at least one structural object class on the Directory server. The Kerberos server uses this template for those Kerberos principals who do not have an existing object class to be associated with on the Directory server.

For example, posixaccount.

What are the attributes of your object class?

86

Chapter 6

Page 86
Image 86
HP UX Kerberos Data Security Software manual For example, ou=accounts, ou=people, o=bambi.com