The principal to the server's keytab file. With RSA-MD5 added to keytab WRFILE:/etc/krb5/krb5.keytab. With HMAC/md5 added to keytab WRFILE:/etc/krb5/krb5.keytab.Įntry for principal root/ with kvno 3, encryption type DES cbc mode Mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5/krb5.keytab.Įntry for principal root/ with kvno 3, encryption type ArcFour With 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5/krb5.keytab.Įntry for principal root/ with kvno 3, encryption type AES-128 CTS modeĮntry for principal root/ with kvno 3, encryption type Triple DES cbc Principal "root/" created.Įntry for principal root/ with kvno 3, encryption type AES-256 CTS mode Lowercase letters, regardless of the case of the domain name in the /etc/nf file. When the principal instance is a host name, the FQDN must be specified in The creation of a realm wide root principal. With the second component the host name of the Kerberos client system to avoid The root principal should be a two component principal
If the client does not require root access to a remoteįile system which is mounted using the NFS service, then you can skip this This step is also required if non-interactive root access is needed, such as running cron jobs as root. Required so that the client can have root access to file If a user principal does not already exist.Ī user principal only if the user associated with this host does not alreadyĪnd add the principal to the server's keytab file.
#Generate keytab file for mac how to#
However, the followingĮxample shows how to add the required principals by using the command line. Names that you created when you configured the master KDC. To do so, you must log in with one of the admin principal In How to Create a New Kerberos Principal.
Use the Graphical Kerberos Administration Tool to add a principal, as explained See Synchronizing Clocks Between KDCs and Kerberos Clients for information about NTP. In the nf file for authentication to succeed. The KDC server within a maximum difference defined in the clockskew relation However, every clock must be synchronized with the time on Installing and using the Network Time Protocol (NTP) Note that referrals will always be tried first.Ĭlock with the master KDC's clock by using NTP or another clock synchronization See the nf(4) man page for more information. You can change this behavior by adding dns_lookup_kdc or dns_fallback to the libdefaults section of the nffile. If the KDC supports referrals, then the KDC may inform theīy the definition of domain_realm in the nf file. Starting with the Solaris 10 5/08release, byĭefault the host to realm mapping is determined in the following order: (Optional) Change the process used to determine the Note that referrals are always tried first. You can change this behavior by adding dns_lookup_kdc or dns_fallback to the libdefaults section of the nf file. The definition in the realms section in nf. Kerberos realm to KDC mapping is determined in the following order: Starting with the Solaris 10 5/08release, by default the (Optional) Change the process used to locate the KDCs. Refer to Using Kerberos Encryption Types forĪ description of the issues involved with restricting the encryption types. If you want to restrict the encryption types, you can set the default_tkt_enctypes or default_tgs_enctypes lines. # if the domain name and realm name are equivalent, Need to identify the path to the help files for gkadmin. Version, you need to change the realm names and the server names. To change the file from the Kerberos default Tool” section, as described in the Online Help URL in the Graphical Kerberos Administration Tool.Įdit the Kerberos configuration file ( nf). In this procedure, the following configuration parameters are used:Īdjust the URL to point to the “Graphical Kerberos Administration How to Manually Configure a Kerberos Client
0 kommentar(er)
