Configuring the Kerberos Service

Language:

Because some procedures in the configuration process depend on other procedures, they must be done in a specific order. These procedures often establish services that are required to use the Kerberos service. Other procedures are not ordered, and so can be performed when appropriate. The following task map shows a suggested order for a Kerberos installation.

Note - The examples in these sections use default encryption types, which are not FIPS 140-2-validated for Oracle Solaris. To run in FIPS 140-2 mode, you must limit the encryption types to only FIPS 140-2-validated encryption types for the database, servers, and client communications. For more information, see How to Configure Kerberos to Run in FIPS 140-2 Mode.

Table 3 Task Map: Configuring the Kerberos Service

Task	Description	For Instructions
1. Plan your Kerberos installation.	Resolves configuration issues before you start the software configuration process. Planning ahead saves you time and other resources later.	Planning for the Kerberos Service
2. Configure the KDC servers.	Configures and builds the master KDC and the slave KDC servers and KDC database for a realm.	Configuring KDC Servers
2a. (Optional) Configure Kerberos to run in FIPS 140-2 mode.	Enables the use of FIPS 140-2-validated algorithms only.	How to Configure Kerberos to Run in FIPS 140-2 Mode
2b. (Optional) Configure Kerberos to run on LDAP.	Configures the KDC to use an LDAP Directory Server.	Configuring KDC Servers on LDAP Directory Servers
3. Install clock synchronization software.	Creates a central clock that provides the time for all hosts on the network.	Synchronizing Clocks Between KDCs and Kerberos Clients
4. (Optional) Increase security on the KDC servers.	Prevents security breaches on the KDC servers.	Restricting Access to KDC Servers

After you have completed the required steps, perform the following procedures when appropriate:

Configure Kerberos application servers, such as an ftp server – Configuring Kerberos Network Application Servers
Enable a cron host to execute tasks at arbitrary times – Configuring Delayed Execution for Access to Kerberos Services
Enable a server to share a file system that requires Kerberos authentication – Configuring Kerberos NFS Servers
Enable a client to use Kerberos services – Configuring Kerberos Clients
Maintain the Kerberos database – Administering the Kerberos Database