You can configure Kerberos Principals globally under the External
Connections node in the Policy Studio tree. To configure a Kerberos
Principal, right-click the Kerberos Principals node,
and select the Add a Kerberos Principal option from
the context menu. Complete the following fields on the Kerberos
Principal dialog:
Name:
Enter a friendly name for the Kerberos Principal. This name will be
available for selection from drop-down lists in other Kerberos-related
configuration screens in the Policy Studio.
Principal Name:
Enter the name of the Kerberos Principal in this field. The Principal
name consists of a number of components separated using the /
separator. The realm should be specified here if the Principal belongs
to either a non-default realm or if a default realm is not specified.
Principal Type:
Select the type of Principal specified in the field above. The following
table lists the available Principal Types. It is important to note that
the Principal Name Types and their corresponding OIDs are defined in the
General Security Services (GSS) API.
Principal Name Type |
Explanation |
OID |
NT_USER_NAME |
The Principal name identifies a named user on the local system
|
1.2.840.113554.1.2.1.1 |
KERBEROS_V5_PRINCIPAL_NAME |
The Principal name represents a Kerberos version 5 Principal.
|
1.2.840.113554.1.2.2.1 |
NT_EXPORT_NAME |
The Principal name represents an exported canonical byte
representation of the name (for example, which can be used
when searching for the Principal in an Access Control List
(ACL)).
|
1.3.6.1.5.6.4 |
NT_HOSTBASED_SERVICE |
The Principal name identifies a service associated with a
specific host.
|
1.3.6.1.5.6.2 |
You can add new Principal Types by clicking the Add button.
The name entered in the Name field on the Kerberos
Principal Name OID must correspond to one of the constant fields
defined in the org.ietf.jgss.GSSName Java class. Please
refer to the Javadocs for the
GSSName
class for other allowable name types. Similarly, the corresponding OID for
this name type must be entered in the OID field of the dialog.
Please consult the GSSName Javadoc
here
for more information.
Important Note:
OIDs and Principal Type Names should only be changed to reflect changes in
the underlying GSS API. Because of this, you should only choose to
Edit existing Principal Types under strict
supervision from theOracle support team.
|