oracle home
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index K
Updated: August 2014
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Using Pluggable Authentication Modules
What's New in Authentication in Oracle Solaris 11.2
What's New in PAM
What's New in Kerberos
About PAM
Introduction to the PAM Framework
Benefits of Using PAM
Planning a Site-Specific PAM Configuration
Assigning a Per-User PAM Policy
Configuring PAM
How to Create a Site-Specific PAM Configuration File
How to Add a PAM Module
How to Assign a Modified PAM Policy
How to Log PAM Error Reports
How to Troubleshoot PAM Configuration Errors
PAM Configuration Reference
PAM Configuration Files
PAM Configuration Search Order
PAM Configuration File Syntax
PAM Stacking
PAM Stacking Example
PAM Service Modules
Chapter 2 About the Kerberos Service
What Is the Kerberos Service?
How the Kerberos Service Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Kerberos Authentications
Kerberos Authentication of Batch Jobs
Kerberos, DNS, and the Naming Service
Kerberos Components
Kerberos Network Programs
Kerberos Principals
Kerberos Realms
Kerberos Servers
Kerberos Utilities
Kerberos Security Services
Kerberos Encryption Types
FIPS 140 Algorithms and Kerberos Encryption Types
How Kerberos Credentials Provide Access to Services
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Kerberized Server
Obtaining Access to a Specific Kerberos Service
Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos
Chapter 3 Planning for the Kerberos Service
Planning a Kerberos Deployment
Planning Kerberos Realms
Kerberos Realm Names
Number of Kerberos Realms
Kerberos Realm Hierarchy
Mapping Host Names to Kerberos Realms
Kerberos Client and Service Principal Names
Clock Synchronization Within a Kerberos Realm
Supported Encryption Types in Kerberos
Planning KDCs
Ports for the KDC and Admin Services
Number of Slave KDCs
Kerberos Database Propagation
KDC Configuration Options
Planning for Kerberos Clients
Planning for Automatic Installation of Kerberos Clients
Kerberos Client Configuration Options
Kerberos Client Login Security
Trusted Delegated Services in Kerberos
Planning Kerberos Use of UNIX Names and Credentials
Map GSS Credentials to UNIX Credentials
gsscred Table
Automatic User Migration to a Kerberos Realm
Chapter 4 Configuring the Kerberos Service
Configuring the Kerberos Service
Configuring Additional Kerberos Services
Configuring KDC Servers
How to Install the KDC Package
How to Configure Kerberos to Run in FIPS 140 Mode
How to Use kdcmgr to Configure the Master KDC
How to Use kdcmgr to Configure a Slave KDC
How to Manually Configure a Master KDC
How to Manually Configure a Slave KDC
How to Configure the Master KDC to Use an LDAP Directory Server
Replacing the Ticket-Granting Service Keys on a Master Server
Managing a KDC on an LDAP Directory Server
How to Mix Kerberos Principal Attributes in a Non-Kerberos Object Class Type
How to Destroy a Realm on an LDAP Directory Server
Configuring Kerberos Clients
How to Create a Kerberos Client Installation Profile
How to Automatically Configure a Kerberos Client
How to Interactively Configure a Kerberos Client
How to Join a Kerberos Client to an Active Directory Server
How to Manually Configure a Kerberos Client
Disabling Verification of the Ticket-Granting Ticket
How to Access a Kerberos Protected NFS File System as the root User
How to Configure Automatic Migration of Users in a Kerberos Realm
Automatically Renewing All Ticket-Granting Tickets
Configuring Kerberos Network Application Servers
How to Configure a Kerberos Network Application Server
How to Use the Generic Security Service With Kerberos When Running FTP
Configuring Kerberos NFS Servers
How to Configure Kerberos NFS Servers
How to Create and Modify a Credential Table
How to Provide Credential Mapping Between Realms
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring Delayed Execution for Access to Kerberos Services
How to Configure a cron Host for Access to Kerberos Services
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Synchronizing Clocks Between KDCs and Kerberos Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
kpropd.acl File
kprop_script Command
Backing Up the Kerberos Database
How to Restore a Backup of the Kerberos Database
How to Convert a Kerberos Database After a Server Upgrade
How to Reconfigure a Master KDC to Use Incremental Propagation
How to Reconfigure a Slave KDC to Use Incremental Propagation
How to Verify That the KDC Servers Are Synchronized
Manually Propagating the Kerberos Database to the Slave KDCs
How to Manually Propagate the Kerberos Database to a Slave KDC
Setting Up Parallel Propagation for Kerberos
Configuration Steps for Setting Up Parallel Propagation
Administering the Stash File for the Kerberos Database
How to Create, Use, and Store a New Master Key for the Kerberos Database
Increasing Security on Kerberos Servers
Restricting Access to KDC Servers
Using a Dictionary File to Increase Password Security
Chapter 5 Administering Kerberos Principals and Policies
Ways to Administer Kerberos Principals and Policies
Automating the Creation of New Kerberos Principals
gkadmin GUI
Administering Kerberos Principals
Viewing Kerberos Principals and Their Attributes
Creating a New Kerberos Principal
Modifying a Kerberos Principal
Deleting a Kerberos Principal
Duplicating a Kerberos Principal by Using the gkadmin GUI
Modifying Principals' Kerberos Administration Privileges
Administering Kerberos Policies
Administering Keytab Files
Adding a Kerberos Service Principal to a Keytab File
Removing a Service Principal From a Keytab File
Displaying the Principals in a Keytab File
Temporarily Disabling a Kerberos Service on a Host
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Chapter 6 Using Kerberos Applications
Kerberos Ticket Management
Creating a Kerberos Ticket
Viewing Kerberos Tickets
Destroying Kerberos Tickets
Kerberos Password Management
Changing Your Password
Remote Logins in Kerberos
Kerberos User Commands
Chapter 7 Kerberos Service Reference
Kerberos Files
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
Kerberos-Specific Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Kerberos Principal Names
Chapter 8 Kerberos Error Messages and Troubleshooting
Kerberos Error Messages
gkadmin GUI Error Messages
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
Kerberos Troubleshooting
Problems With Key Version Numbers
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as the root User
Observing Mapping From GSS Credentials to UNIX Credentials
Using DTrace With the Kerberos Service
Chapter 9 Using Simple Authentication and Security Layer
About SASL
SASL Reference
SASL Plugins
SASL Environment Variable
SASL Options
Chapter 10 Configuring Network Services Authentication
About Secure RPC
NFS Services and Secure RPC
Kerberos Authentication
DES Encryption With Secure NFS
Diffie-Hellman Authentication and Secure RPC
Administering Authentication With Secure RPC
How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS Host
How to Set Up a Diffie-Hellman Key for an NIS User
How to Share NFS Files With Diffie-Hellman Authentication
Appendix A DTrace Probes for Kerberos
DTrace Probes in Kerberos
Definitions of Kerberos DTrace Probes
DTrace Argument Structures in Kerberos
Kerberos Message Information in DTrace
Kerberos Connection Information in DTrace
Kerberos Authenticator Information in DTrace
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
K
kadm5.acl
file
description
Kerberos Files
format of entries
Modifying Principals' Kerberos Administration Privileges
master KDC entry
How to Swap a Master KDC and a Slave KDC
How to Configure the Master KDC to Use an LDAP Directory Server
How to Manually Configure a Master KDC
new principals and
Duplicating a Kerberos Principal by Using the gkadmin GUI
Creating a New Kerberos Principal
kadmin.local
command
adding administration principals
How to Configure the Master KDC to Use an LDAP Directory Server
automating creation of principals
Automating the Creation of New Kerberos Principals
description
Kerberos Commands
kadmin.log
file
description
Kerberos Files
kadmin
command
CLI for Kerberos
Ways to Administer Kerberos Principals and Policies
creating a new policy
Creating a New Kerberos Principal
creating a new principal
Creating a New Kerberos Principal
creating
host
principal
How to Manually Configure a Master KDC
deleting a principal
Deleting a Kerberos Principal
description
Kerberos Commands
ktadd
command
Adding a Kerberos Service Principal to a Keytab File
ktremove
command
Removing a Service Principal From a Keytab File
modifying a principal
Modifying a Kerberos Principal
removing principals from keytab with
Removing a Service Principal From a Keytab File
SEAM Tool and
Ways to Administer Kerberos Principals and Policies
viewing list of principals
Viewing Kerberos Principals and Their Attributes
kadmind
daemon
Kerberos and
Kerberos Daemons
master KDC and
Kerberos-Specific Terminology
kclient
command
description
Kerberos Commands
kdb5_ldap_util
command
description
Kerberos Commands
kdb5_util
command
creating KDC database
How to Manually Configure a Master KDC
creating stash file
How to Manually Configure a Slave KDC
description
Kerberos Commands
KDC
backing up and propagating
Backing Up and Propagating the Kerberos Database
configuring master
automatic
How to Use kdcmgr to Configure the Master KDC
interactive
Running the kdcmgr Command Without Arguments
manual
How to Manually Configure a Master KDC
with LDAP
How to Configure the Master KDC to Use an LDAP Directory Server
configuring slave
interactive
How to Use kdcmgr to Configure a Slave KDC
manual
How to Manually Configure a Slave KDC
copying administration files from slave to master
How to Manually Configure a Slave KDC
creating database
How to Manually Configure a Master KDC
creating
host
principal
How to Manually Configure a Master KDC
database propagation
Kerberos Database Propagation
master
definition
Kerberos-Specific Terminology
planning
Number of Slave KDCs
ports
Ports for the KDC and Admin Services
restricting access to servers
Restricting Access to KDC Servers
slave
Number of Slave KDCs
definition
Kerberos-Specific Terminology
slave or master
Configuring KDC Servers
Kerberos Servers
starting daemon
How to Manually Configure a Slave KDC
swapping master and slave
Swapping a Master KDC and a Slave KDC
synchronizing clocks
master KDC
How to Use kdcmgr to Configure the Master KDC
slave KDC
How to Manually Configure a Slave KDC
How to Use kdcmgr to Configure a Slave KDC
kdc.conf
file
configuring for FIPS 140
How to Configure Kerberos to Run in FIPS 140 Mode
description
Kerberos Files
ticket lifetime and
Ticket Lifetimes
kdc.log
file
description
Kerberos Files
kdcmgr
command
configuring master
automatic
How to Use kdcmgr to Configure the Master KDC
configuring slave
interactive
How to Use kdcmgr to Configure a Slave KDC
server status
How to Use kdcmgr to Configure a Slave KDC
How to Use kdcmgr to Configure the Master KDC
kdestroy
command
example
Destroying Kerberos Tickets
Kerberos and
Kerberos Commands
Kerberos
account lockout
Handling a Kerberos Account Lockout Policy
administering
Administering Kerberos Principals and Policies
Administration Tool
See
gkadmin
command
commands
Kerberos Commands
Kerberos User Commands
components of
Kerberos Utilities
configuration decisions
Planning for the Kerberos Service
configuring KDC servers
Configuring KDC Servers
daemons
Kerberos Daemons
DTrace
DTrace Probes for Kerberos
DTrace argument structures
DTrace Argument Structures in Kerberos
DTrace probes
DTrace Probes in Kerberos
DTrace use of authenticator information
Kerberos Authenticator Information in DTrace
DTrace use of connection information
Kerberos Connection Information in DTrace
DTrace use of message information
Kerberos Message Information in DTrace
encryption types
overview
Supported Encryption Types in Kerberos
using
Kerberos Encryption Types
error messages
Kerberos Error Messages
files
Kerberos Files
FIPS 140 encryption types
FIPS 140 Algorithms and Kerberos Encryption Types
gaining access to server
How Kerberos Credentials Provide Access to Services
Kerberos V5 protocol
What Is the Kerberos Service?
new features
What's New in Kerberos
overview
authentication system
How Kerberos Credentials Provide Access to Services
How the Kerberos Service Works
password dictionary
Using a Dictionary File to Increase Password Security
password management
Kerberos Password Management
planning for
Planning for the Kerberos Service
realms
See
realms (Kerberos)
reference
Kerberos Service Reference
remote applications
Kerberos Network Programs
terminology
Kerberos-Specific Terminology
Kerberos Terminology
troubleshooting
Kerberos Error Messages and Troubleshooting
USDT DTrace probes
DTrace Probes in Kerberos
using
Using Kerberos Applications
using a password dictionary
Using a Dictionary File to Increase Password Security
Kerberos authentication
and Secure RPC
Kerberos Authentication
Kerberos clients
automatic installation (AI)
Planning for Automatic Installation of Kerberos Clients
planning
automatic installation (AI)
Planning for Automatic Installation of Kerberos Clients
Kerberos commands
Kerberos User Commands
Key Distribution Center
See
KDC
keylists
See
principals
keys
creating DH key for NIS user
How to Set Up a Diffie-Hellman Key for an NIS User
definition in Kerberos
Authentication-Specific Terminology
service key
Administering Keytab Files
session keys
Kerberos authentication and
How Kerberos Credentials Provide Access to Services
keyserv
daemon
How to Restart the Secure RPC Keyserver
keyserver
starting
How to Restart the Secure RPC Keyserver
keytab file
adding master KDC's host principal to
How to Manually Configure a Master KDC
adding service principal to
Adding a Kerberos Service Principal to a Keytab File
Administering Keytab Files
administering
Administering Keytab Files
administering with
ktutil
command
Administering Keytab Files
disabling a host's service with
delete_entry
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
read into keytab buffer with
read_kt
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Displaying the Principals in a Keytab File
removing principals with
ktremove
command
Removing a Service Principal From a Keytab File
removing service principal from
Removing a Service Principal From a Keytab File
viewing contents with
ktutil
command
Displaying the Principals in a Keytab File
Removing a Service Principal From a Keytab File
viewing keylist buffer with
list
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Displaying the Principals in a Keytab File
–keytab
option
SASL and
SASL Options
kgcmgr
command
description
Kerberos Commands
kinit
command
example
Creating a Kerberos Ticket
Kerberos and
Kerberos Commands
ticket lifetime
Ticket Lifetimes
klist
command
example
Viewing Kerberos Tickets
–f
option
Viewing Kerberos Tickets
Kerberos and
Kerberos Commands
kpasswd
command
Kerberos and
Kerberos Commands
passwd
command and
Changing Your Password
kprop
command
description
Kerberos Commands
kpropd.acl
file
description
Kerberos Files
kpropd
daemon
Kerberos and
Kerberos Daemons
kproplog
command
description
Kerberos Commands
krb5.conf
file
configuring for FIPS 140
How to Configure Kerberos to Run in FIPS 140 Mode
description
Kerberos Files
domain_realm
section
Mapping Host Names to Kerberos Realms
editing
How to Configure the Master KDC to Use an LDAP Directory Server
How to Manually Configure a Master KDC
ports definition
Ports for the KDC and Admin Services
krb5.keytab
file
description
Kerberos Files
krb5cc_
UID
file
description
Kerberos Files
krb5kdc
daemon
Kerberos and
Kerberos Daemons
master KDC and
Kerberos-Specific Terminology
starting
How to Manually Configure a Slave KDC
ktadd
command
adding service principal
Adding a Kerberos Service Principal to a Keytab File
Administering Keytab Files
syntax
Adding a Kerberos Service Principal to a Keytab File
ktkt_warnd
daemon
Kerberos and
Kerberos Daemons
ktremove
command
Removing a Service Principal From a Keytab File
ktutil
command
administering keytab file
Administering Keytab Files
delete_entry
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Kerberos and
Kerberos Commands
list
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Displaying the Principals in a Keytab File
read_kt
command
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Displaying the Principals in a Keytab File
viewing list of principals
Displaying the Principals in a Keytab File
Removing a Service Principal From a Keytab File
kvno
command
Kerberos and
Kerberos Commands
Previous
Next