Configuring the Kerberos Service
Because some procedures in the configuration process depend on other procedures, they must be
done in a specific order. These procedures often establish services that are
required to use the Kerberos service. Other procedures are not dependent on
any order, and can be done when appropriate. The following task map shows
a suggested order for a Kerberos installation.
Note -
The examples in these sections use default encryption types, which are not
FIPS 140-validated for Oracle Solaris. To run in FIPS 140 mode, you must limit the encryption types to
the
des3-cbc-sha1 encryption type for the database, servers, and client
communications. Before creating the KDC, edit the files in
How to Configure Kerberos to Run in FIPS 140 Mode.
Table 4-1 Configuring the Kerberos Service Task Map
|
|
|
|
1. Plan your Kerberos installation.
|
Resolves configuration issues before you start the software
configuration process. Planning ahead saves you time and other resources later.
|
|
|
2. Configure the KDC servers.
|
Configures and builds the master KDC and the slave KDC servers and
KDC database for a realm.
|
|
|
2a. (Optional) Configure Kerberos to run in FIPS 140 mode.
|
Enables the use of FIPS 140-validated algorithms only.
|
|
|
2b. (Optional) Configure Kerberos to run on LDAP.
|
Configures the KDC to use an LDAP Directory Server.
|
|
|
3. Install the Network Time Protocol (NTP) software.
|
Creates a central clock that provides the time for all systems on the network.
|
|
|
4. (Optional) Configure swappable KDC servers.
|
Makes the task of swapping the master KDC and a slave KDC easier.
|
|
|
4. (Optional) Increase security on the KDC servers.
|
Prevents security breaches on the KDC servers.
|
|
|