You can configure Kerberos Principals globally on the External
Connections tab in the Policy Studio. To configure a Kerberos
Principal, right-click the Kerberos Principals node,
and select the Add a Kerberos Principal option from
the context menu. Complete the following fields on the Kerberos
Principal dialog:
Name:
Enter a friendly name for the Kerberos Principal. This name will be
available for selection from dropdowns in other Kerberos-related
configuration screens in the Policy Studio.
Principal Name:
Enter the name of the Kerberos Principal in this field. The Principal
name consists of a number of components separated using the "/"
separator. The realm should be specified here if the Principal belongs
to either a non-default realm or if a default realm is not specified.
Principal Type:
Select the type of Principal specified in the field above. The following
table lists the available Principal Types. It is important to note that
the Principal Name Types and their corresponding OIDs are defined in the
GSS (General Security Services) API.
Principal Name Type |
Explanation |
OID |
NT_USER_NAME |
The Principal name identifies a named user on the local system
|
1.2.840.113554.1.2.1.1 |
KERBEROS_V5_PRINCIPAL_NAME |
The Principal name represents a Kerberos version 5 Principal.
|
1.2.840.113554.1.2.2.1 |
NT_EXPORT_NAME |
The Principal name represents an exported canonical byte
representation of the name, which can be used when searching for
the Principal in an ACL (Access Control List), for example.
|
1.3.6.1.5.6.4 |
NT_HOSTBASED_SERVICE |
The Principal name identifies a service associated with a
specific host.
|
1.3.6.1.5.6.2 |
It is possible to add new Principal Types by clicking on the
Add button. The name entered in the
Name field on the
Kerberos Principal Name OID must correspond to one of
the constant fields defined in the
org.ietf.jgss.GSSName Java class. Please refer to
the Javadocs for the
GSSName
class for other allowable name types. Similarly, the corresponding OID
for this name type must be entered in the OID field of
the dialog. Please consult the GSSName Javadoc
here
for more information.
Important Note:
It is important to note that OIDs and Principal Type Names should only be
changed to reflect changes in the underlying GSS API. Because of this,
you should only choose to Edit existing
Principal Types under strict supervision from the
Oracle support team.
|