JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Security Services     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Controlling Access to Devices (Tasks)

5.  Using the Basic Audit Reporting Tool (Tasks)

6.  Controlling Access to Files (Tasks)

7.  Using the Automated Security Enhancement Tool (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Role-Based Access Control (Reference)

11.  Privileges (Tasks)

12.  Privileges (Reference)

Part IV Cryptographic Services

13.  Oracle Solaris Cryptographic Framework (Overview)

14.  Oracle Solaris Cryptographic Framework (Tasks)

15.  Oracle Solaris Key Management Framework

Part V Authentication Services and Secure Communication

16.  Using Authentication Services (Tasks)

17.  Using PAM

18.  Using SASL

19.  Using Secure Shell (Tasks)

20.  Secure Shell (Reference)

Part VI Kerberos Service

21.  Introduction to the Kerberos Service

22.  Planning for the Kerberos Service

23.  Configuring the Kerberos Service (Tasks)

24.  Kerberos Error Messages and Troubleshooting

25.  Administering Kerberos Principals and Policies (Tasks)

26.  Using Kerberos Applications (Tasks)

27.  The Kerberos Service (Reference)

Kerberos Files

Kerberos Commands

Kerberos Daemons

Kerberos Terminology

Kerberos-Specific Terminology

Authentication-Specific Terminology

Types of Tickets

Ticket Lifetimes

Kerberos Principal Names

How the Kerberos Authentication System Works

How the Kerberos Service Interacts With DNS and the nsswitch.conf File

Gaining Access to a Service Using Kerberos

Obtaining a Credential for the Ticket-Granting Service

Obtaining a Credential for a Server

Obtaining Access to a Specific Service

Using Kerberos Encryption Types

Using the gsscred Table

Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos

Part VII Auditing in Oracle Solaris

28.  Oracle Solaris Auditing (Overview)

29.  Planning for Oracle Solaris Auditing

30.  Managing Oracle Solaris Auditing (Tasks)

31.  Oracle Solaris Auditing (Reference)

Glossary

Index

Kerberos Files

Table 27-1 Kerberos Files

File Name
Description
~/.gkadmin
Default values for creating new principals in the SEAM Tool
~/.k5login
List of principals that grant access to a Kerberos account
/etc/krb5/kadm5.acl
Kerberos access control list file, which includes principal names of KDC administrators and their Kerberos administration privileges
/etc/krb5/kadm5.keytab
Keytab file for the kadmin service on the master KDC
/etc/krb5/kdc.conf
KDC configuration file
/etc/krb5/kpropd.acl
Kerberos database propagation configuration file
/etc/krb5/krb5.conf
Kerberos realm configuration file
/etc/krb5/krb5.keytab
Keytab file for network application servers
/etc/krb5/warn.conf
Kerberos ticket expiration warning and automatic renewal configuration file
/etc/pam.conf
PAM configuration file
/tmp/krb5cc_uid
Default credentials cache, where uid is the decimal UID of the user
/tmp/ovsec_adm.xxxxxx
Temporary credentials cache for the lifetime of the password changing operation, where xxxxxx is a random string
/var/krb5/.k5.REALM
KDC stash file, which contains a copy of the KDC master key
/var/krb5/kadmin.log
Log file for kadmind
/var/krb5/kdc.log
Log file for the KDC
/var/krb5/principal
Kerberos principal database
/var/krb5/principal.kadm5
Kerberos administrative database, which contains policy information
/var/krb5/principal.kadm5.lock
Kerberos administrative database lock file
/var/krb5/principal.ok
Kerberos principal database initialization file that is created when the Kerberos database is initialized successfully
/var/krb5/principal.ulog
Kerberos update log, which contains updates for incremental propagation
/var/krb5/slave_datatrans
Backup file of the KDC that the kprop_script script uses for propagation
/var/krb5/slave_datatrans_slave
Temporary dump file that is created when full updates are made to the specified slave