Configuring the Kerberos Server with LDAP
Manually Configuring the Kerberos Server with LDAP
•Never delete any element of your Kerberos schema as this affects the compatibility of your schema to other LDAP services (servers and clients).
•Never change the Kerberos schema of your directory by modifying the existing elements as this also affects the compatibility of your schema to other LDAP services.
•Never map an existing attribute name to a kerberos attribute name. This may result in an error when configuring the schema.
•Never edit the Kerberos mapping file, krb5_map.conf, after configuring the server.
•If you want to modify an element in the existing schema, you must also ensure that the changes are reflected in the krb5_map.conf mapping file.
•If you want to manually load the Kerberos schema, use the default schema located at /opt/krb5/examples.
•Always save your current schema before you start this process.
The Kerberos mapping file, krb5_map.conf, defines the mapping of the default kerberos attributes to user defined attributes, to support the Kerberos server schema. See “The krb5_map.conf File” on page 81, for more information.
The Kerberos configuration file, krb.conf, specifies the security servers available for client authentication and defines the default realm for the host.
The Kerberos realms file, krb.realms, defines the
These files are available in the /opt/krb5/examples directory. You can copy these files to the /opt/krb5 directory, and manually edit them.
Modify the configuration files /opt/krb5/krb5_ldap.conf, /opt/krb5/krb5_schema.conf, and /opt/krb5/krb5_map to reflect the correct information.
For more information about modifying the configuration files, see “Configuring the Primary Security Server” on page 96.
Chapter 6 | 93 |