Documentation Home
> Sun Enterprise Authentication Mechanism Guide
Sun Enterprise Authentication Mechanism Guide
Book Information
Preface
Chapter 1 Introduction to SEAM
What Is SEAM?
How SEAM Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Authentications
The SEAM-Based Commands
Principals
Realms
Realms and Servers
Security Services
SEAM Components
Chapter 2 Planning for SEAM
SEAM Configuration Decisions
Realms
Realm Names
Number of Realms
Realm Hierarchy
Mapping Hostnames Onto Realms
Client and Service Principal Names
Ports for the KDC and Admin Services
Slave KDCs
Database Propagation
Clock Synchronization
SEAM Preconfiguration Procedure
Chapter 3 Configuring SEAM
SEAM Configuration Task Map
Configuring KDC Servers
How to Configure a Master KDC
How to Configure a Slave KDC
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Configuring SEAM Network Application Servers
How to Configure a SEAM Network Application Server
Configuring SEAM NFS Servers
How to Configure SEAM NFS Servers
How to Change the Back-end Mechanism for the gsscred Table
How to Create a Credential Table
How to Add a Single Entry to the Credential Table
Example--Changing a Single Entry to the Credential Table
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Example--Sharing a File System With One Kerberos Security Mode
Example--Sharing a File System With Multiple Kerberos Security Modes
Configuring SEAM Clients
How to Configure a SEAM Client
Setting Up Root Authentication to Mount NFS File Systems
Synchronizing Clocks between KDCs and SEAM Clients
How to Set Up an NTP Server
How to Set Up an NTP Client
Swapping Master and Slave KDCs
How to Configure a Swappable Slave KDC
How to Swap a Master and Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
kpropd.acl File
kprop_script Command
How to Back Up the Kerberos Database
Example--Backing Up the Kerberos Database
How to Restore the Kerberos Database
Example--Restoring the Kerberos Database
How to Manually Propagate the Kerberos Database to the Slave KDCs
Setting Up Parallel Propagation
How to Set Up Parallel Propagation
Example -- Setting Up Parallel Propagation
Administering the Stash File
How to Remove a Stash File
Increasing Security
How to Enable Only Kerberized Applications
How to Restrict Access for KDC servers
Chapter 4 SEAM Error Messages and Troubleshooting
SEAM Error Messages
SEAM Administration Tool Error Messages
Common SEAM Error Messages (A-M)
Common SEAM Error Messages (N-Z)
SEAM Troubleshooting
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as Root
Chapter 5 Administering Principals and Policies
Ways to Administer Principals and Policies
SEAM Administration Tool
Command-Line Equivalents of the SEAM Tool
Files Modified by the SEAM Tool
Print and Online Help Features of the SEAM Tool
Working With Large Lists in the SEAM Tool
How to Start the SEAM Tool
Administering Principals
Administering Principals Task Map
Automating the Creation of New Principals
How to View the List of Principals
Example--Viewing the List of Principals (Command Line)
How to View a Principal's Attributes
Example--Viewing a Principal's Attributes
Example--Viewing a Principal's Attributes (Command Line)
How to Create a New Principal
Example--Creating a New Principal
Example--Creating a New Principal (Command Line)
How to Duplicate a Principal
How to Modify a Principal
Example--Modifying a Principal's Password (Command Line)
How to Delete a Principal
Example--Deleting a Principal (Command Line)
How to Set Up Defaults for Creating New Principals
How to Modify the Kerberos Administration Privileges
Example--Modifying the Kerberos Administration Privileges
Administering Policies
Administering Policies Task Map
How to View the List of Policies
Example--Viewing the List of Policies (Command Line)
How to View a Policy's Attributes
Example--Viewing a Policy's Attributes
Example--Viewing a Policy's Attributes (Command Line)
How to Create a New Policy
Example--Creating a New Policy
Example--Creating a New Policy (Command Line)
How to Duplicate a Policy
How to Modify a Policy
Example--Modifying a Policy (Command Line)
How to Delete a Policy
Example--Deleting a Policy (Command Line)
SEAM Tool Reference
SEAM Tool Panel Descriptions
Using the SEAM Tool With Limited Kerberos Administration Privileges
Administering Keytabs
Administering Keytabs Task Map
How to Add a Service Principal to a Keytab
Example--Adding a Service Principal to a Keytab
How to Remove a Service Principal From a Keytab
Example--Removing a Service Principal From a Keytab
How to Display the Keylist (Principals) in a Keytab
Example--Displaying the Keylist (Principals) in a Keytab
How to Temporarily Disable Authentication for a Service on a Host
Example--Temporarily Disabling a Service on a Host
Chapter 6 Using SEAM
Ticket Management
Do You Need to Worry About Tickets?
How to Create a Ticket
Example -- Creating a Ticket
How to View Tickets
Example -- Viewing Tickets
How to Destroy Tickets
Password Management
Advice on Choosing a Password
Changing Your Password
Examples -- Changing Your Password
Granting Access to Your Account
Example -- Using the .k5login File
SEAM Commands
Overview of Kerberized Commands
Forwarding Tickets with -f and -F
Examples -- Using Kerberized Commands
Example -- Using the -a, -f, and -x Options with telnet
Example -- Using rlogin with the -F Option
Example -- Setting Protection Level in ftp
Chapter 7 SEAM Reference
SEAM Files
PAM Configuration File
SEAM Commands
Changes to the share Command
SEAM Daemons
SEAM Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Principal Names
How the Authentication System Works
Gaining Access to a Service Using SEAM
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Server
Obtaining Access to a Specific Service
Using the gsscred Table
Which Mechanism to Select for the gsscred Table
Chapter 8 Secure Network Programming with RPCSEC_GSS
Security Flavors
Security Prior to RPCSEC_GSS
Integrity and Privacy: The GSS-API
The RPCSEC_GSS API
RPCSEC_GSS Routines
Creating a Context
Changing Values and Destroying a Context
Principal Names
Setting Server Principal Names
Generating Client Principal Names
Freeing Up Principal Names
Receiving Credentials at the Server
Cookies
Callbacks
Maximum Data Size
Miscellaneous Functions
Associated Files
The gsscred Table
/etc/gss/qop and /etc/gss/mech
Glossary
Index
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
© 2010, Oracle Corporation and/or its affiliates