Configuring the Kerberos Server with LDAP

Manually Configuring the Kerberos Server with LDAP

NOTE

Manually Configuring the Kerberos Server with LDAP

This section describes how to manually configure your Kerberos server with LDAP. HP recommends that you use the autoconfiguration tool to set up your basic Kerberos security server with LDAP. For more information on autoconfiguration, see “Autoconfiguring the Kerberos Server With LDAP Integration” on page 88.

The subsequent sections describe the configuration files and the steps required to manually configure your Kerberos security server with LDAP.

Editing the Configuration Files

You can manually edit the following files to configure the Kerberos security server with LDAP:

LDAP-based Kerberos configuration file - krb5_ldap.conf.

Kerberos schema file - krb5_schema.conf.

Kerberos mapping file krb5_map.conf.

Kerberos configuration file – krb.conf.

Kerberos realms file – krb.realms.

The krb5_ldap.conf configuration file specifies the LDAP configuration information. See “The krb5_ldap.conf File” on page 74 for more information on the configuration parameters.

You must use the krb5_encrypt tool to set the value of

proxy_user_password field. Refer the krb5_encrypt(1m) manpage for more information on the krb5_encrypt tool.

The krb5_schema.conf schema file is the default schema. HP recommends keeping the default schema. If you choose to extend the Kerberos schema, follow the guidelines listed below:

92

Chapter 6

Page 92
Image 92
HP UX Kerberos Data Security Software Manually Configuring the Kerberos Server with Ldap, Editing the Configuration Files