Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

 
Updated: August 2014
 
 

Kerberos Utilities

    Similar to the MIT distribution of the Kerberos V5 product, the Kerberos service in the Oracle Solaris release includes the following:

  • Key Distribution Center (KDC):

    • Kerberos database administration daemon – kadmind.

    • Kerberos ticket processing daemon – krb5kdc.

    • Database administration programs – kadmin (master only), kadmin.local and kdb5_util.

    • Database propagation software – kprop (slave only) and kpropd.

  • User programs for managing credentials – kinit, klist, and kdestroy.

  • User program for changing your Kerberos password – kpasswd.

  • Network applications – ftp, rcp, rlogin, rsh, scp, sftp, ssh, and telnet.

  • Remote application daemons – ftpd, rlogind, rshd, sshd, and telnetd.

  • Keytab administration utility – ktutil.

  • Generic Security Service Application Programming Interface (GSS-API) – Enables applications to use multiple security mechanisms without requiring you to recompile the application every time a new mechanism is added. The GSS-API uses standard interfaces that enable applications to be portable to many operating systems. GSS-API provides applications with the ability to include the integrity and privacy security services as well as authentication. Both ftp and ssh use the GSS-API.

  • RPCSEC_GSS Application Programming Interface (API) – Enables NFS services to use Kerberos authentication. The RPCSEC_GSS API provides security services that are independent of the mechanisms being used. RPCSEC_GSS sits on top of the GSS-API layer. Any pluggable GSS_API-based security mechanism can be used by applications that use RPCSEC_GSS.

    In addition, the Kerberos service in Oracle Solaris includes the following:

  • Kerberos V5 service modules for PAM – Provides authentication, account management, session management and password management for the Kerberos service. The modules make Kerberos authentication transparent to the user.

  • Kerberos V5 per-user PAM stacks – Provides PAM configuration files for different scenarios in the /etc/security/pam_policy directory.

  • Kernel modules – Provides kernel-based implementations of the Kerberos service for use by the NFS service, which greatly improves performance.

  • Kerberos Administration GUI (gkadmin) – Enables you to administer the principals and principal policies in a Java technology-based GUI as an alternative to the kadmin command.

For more information, see Chapter 7, Kerberos Service Reference.

Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next