JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: Security Services     Oracle Solaris 11 Information Library
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Network Services Authentication (Tasks)

15.  Using PAM

16.  Using SASL

17.  Using Secure Shell (Tasks)

18.  Secure Shell (Reference)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Kerberos Files

Kerberos Commands

Kerberos Daemons

Kerberos Terminology

Kerberos-Specific Terminology

Authentication-Specific Terminology

Types of Tickets

Ticket Lifetimes

Kerberos Principal Names

How the Kerberos Authentication System Works

How the Kerberos Service Interacts With DNS and the nsswitch Service

Gaining Access to a Service Using Kerberos

Obtaining a Credential for the Ticket-Granting Service

Obtaining a Credential for a Server

Obtaining Access to a Specific Service

Using Kerberos Encryption Types

Using the gsscred Table

Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Kerberos Files

This section lists some of the files that are used by the Kerberos service.

Table 25-1 Kerberos Files

File Name
Description
~/.gkadmin
Default values for creating new principals in the SEAM Tool
~/.k5login
List of principals that grant access to a Kerberos account
/etc/krb5/kadm5.acl
Kerberos access control list file, which includes principal names of KDC administrators and their Kerberos administration privileges
/etc/krb5/kadm5.keytab
Obsolete: This file was removed in the Oracle Solaris 11 release.
/etc/krb5/kdc.conf
KDC configuration file
/etc/krb5/kpropd.acl
Kerberos database propagation configuration file
/etc/krb5/krb5.conf
Kerberos realm configuration file
/etc/krb5/krb5.keytab
Keytab file for network application servers
/etc/krb5/warn.conf
Kerberos ticket expiration warning and automatic renewal configuration file
/etc/pam.conf
PAM configuration file
/tmp/krb5cc_uid
Default credentials cache, where uid is the decimal UID of the user
/tmp/ovsec_adm.xxxxxx
Temporary credentials cache for the lifetime of the password changing operation, where xxxxxx is a random string
/var/krb5/.k5.REALM
KDC stash file, which contains a copy of the KDC master key
/var/krb5/kadmin.log
Log file for kadmind
/var/krb5/kdc.log
Log file for the KDC
/var/krb5/principal
Kerberos principal database
/var/krb5/principal.kadm5
Kerberos administrative database, which contains policy information
/var/krb5/principal.kadm5.lock
Kerberos administrative database lock file
/var/krb5/principal.ok
Kerberos principal database initialization file that is created when the Kerberos database is initialized successfully
/var/krb5/principal.ulog
Kerberos update log, which contains updates for incremental propagation
/var/krb5/slave_datatrans
Backup file of the KDC that the kprop_script script uses for propagation
/var/krb5/slave_datatrans_slave
Temporary dump file that is created when full updates are made to the specified slave
Copyright © 2002, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next