Configuring the Kerberos Server with LDAP

Manually Configuring the Kerberos Server with LDAP

Never delete any element of your Kerberos schema as this affects the compatibility of your schema to other LDAP services (servers and clients).

Never change the Kerberos schema of your directory by modifying the existing elements as this also affects the compatibility of your schema to other LDAP services.

Never map an existing attribute name to a kerberos attribute name. This may result in an error when configuring the schema.

Never edit the Kerberos mapping file, krb5_map.conf, after configuring the server.

If you want to modify an element in the existing schema, you must also ensure that the changes are reflected in the krb5_map.conf mapping file.

If you want to manually load the Kerberos schema, use the default schema located at /opt/krb5/examples.

Always save your current schema before you start this process.

The Kerberos mapping file, krb5_map.conf, defines the mapping of the default kerberos attributes to user defined attributes, to support the Kerberos server schema. See “The krb5_map.conf File” on page 81, for more information.

The Kerberos configuration file, krb.conf, specifies the security servers available for client authentication and defines the default realm for the host.

The Kerberos realms file, krb.realms, defines the host-to-realmor domain-to-realmmapping data.

These files are available in the /opt/krb5/examples directory. You can copy these files to the /opt/krb5 directory, and manually edit them.

Modify the configuration files /opt/krb5/krb5_ldap.conf, /opt/krb5/krb5_schema.conf, and /opt/krb5/krb5_map to reflect the correct information.

For more information about modifying the configuration files, see “Configuring the Primary Security Server” on page 96.

Chapter 6

93

Page 93
Image 93
HP UX Kerberos Data Security Software manual Manually Configuring the Kerberos Server with Ldap