oracle home
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index P
Updated: August 2014
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Using Pluggable Authentication Modules
What's New in Authentication in Oracle Solaris 11.2
What's New in PAM
What's New in Kerberos
About PAM
Introduction to the PAM Framework
Benefits of Using PAM
Planning a Site-Specific PAM Configuration
Assigning a Per-User PAM Policy
Configuring PAM
How to Create a Site-Specific PAM Configuration File
How to Add a PAM Module
How to Assign a Modified PAM Policy
How to Log PAM Error Reports
How to Troubleshoot PAM Configuration Errors
PAM Configuration Reference
PAM Configuration Files
PAM Configuration Search Order
PAM Configuration File Syntax
PAM Stacking
PAM Stacking Example
PAM Service Modules
Chapter 2 About the Kerberos Service
What Is the Kerberos Service?
How the Kerberos Service Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Kerberos Authentications
Kerberos Authentication of Batch Jobs
Kerberos, DNS, and the Naming Service
Kerberos Components
Kerberos Network Programs
Kerberos Principals
Kerberos Realms
Kerberos Servers
Kerberos Utilities
Kerberos Security Services
Kerberos Encryption Types
FIPS 140 Algorithms and Kerberos Encryption Types
How Kerberos Credentials Provide Access to Services
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Kerberized Server
Obtaining Access to a Specific Kerberos Service
Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos
Chapter 3 Planning for the Kerberos Service
Planning a Kerberos Deployment
Planning Kerberos Realms
Kerberos Realm Names
Number of Kerberos Realms
Kerberos Realm Hierarchy
Mapping Host Names to Kerberos Realms
Kerberos Client and Service Principal Names
Clock Synchronization Within a Kerberos Realm
Supported Encryption Types in Kerberos
Planning KDCs
Ports for the KDC and Admin Services
Number of Slave KDCs
Kerberos Database Propagation
KDC Configuration Options
Planning for Kerberos Clients
Planning for Automatic Installation of Kerberos Clients
Kerberos Client Configuration Options
Kerberos Client Login Security
Trusted Delegated Services in Kerberos
Planning Kerberos Use of UNIX Names and Credentials
Map GSS Credentials to UNIX Credentials
gsscred Table
Automatic User Migration to a Kerberos Realm
Chapter 4 Configuring the Kerberos Service
Configuring the Kerberos Service
Configuring Additional Kerberos Services
Configuring KDC Servers
How to Install the KDC Package
How to Configure Kerberos to Run in FIPS 140 Mode
How to Use kdcmgr to Configure the Master KDC
How to Use kdcmgr to Configure a Slave KDC
How to Manually Configure a Master KDC
How to Manually Configure a Slave KDC
How to Configure the Master KDC to Use an LDAP Directory Server
Replacing the Ticket-Granting Service Keys on a Master Server
Managing a KDC on an LDAP Directory Server
How to Mix Kerberos Principal Attributes in a Non-Kerberos Object Class Type
How to Destroy a Realm on an LDAP Directory Server
Configuring Kerberos Clients
How to Create a Kerberos Client Installation Profile
How to Automatically Configure a Kerberos Client
How to Interactively Configure a Kerberos Client
How to Join a Kerberos Client to an Active Directory Server
How to Manually Configure a Kerberos Client
Disabling Verification of the Ticket-Granting Ticket
How to Access a Kerberos Protected NFS File System as the root User
How to Configure Automatic Migration of Users in a Kerberos Realm
Automatically Renewing All Ticket-Granting Tickets
Configuring Kerberos Network Application Servers
How to Configure a Kerberos Network Application Server
How to Use the Generic Security Service With Kerberos When Running FTP
Configuring Kerberos NFS Servers
How to Configure Kerberos NFS Servers
How to Create and Modify a Credential Table
How to Provide Credential Mapping Between Realms
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring Delayed Execution for Access to Kerberos Services
How to Configure a cron Host for Access to Kerberos Services
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Synchronizing Clocks Between KDCs and Kerberos Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
kpropd.acl File
kprop_script Command
Backing Up the Kerberos Database
How to Restore a Backup of the Kerberos Database
How to Convert a Kerberos Database After a Server Upgrade
How to Reconfigure a Master KDC to Use Incremental Propagation
How to Reconfigure a Slave KDC to Use Incremental Propagation
How to Verify That the KDC Servers Are Synchronized
Manually Propagating the Kerberos Database to the Slave KDCs
How to Manually Propagate the Kerberos Database to a Slave KDC
Setting Up Parallel Propagation for Kerberos
Configuration Steps for Setting Up Parallel Propagation
Administering the Stash File for the Kerberos Database
How to Create, Use, and Store a New Master Key for the Kerberos Database
Increasing Security on Kerberos Servers
Restricting Access to KDC Servers
Using a Dictionary File to Increase Password Security
Chapter 5 Administering Kerberos Principals and Policies
Ways to Administer Kerberos Principals and Policies
Automating the Creation of New Kerberos Principals
gkadmin GUI
Administering Kerberos Principals
Viewing Kerberos Principals and Their Attributes
Creating a New Kerberos Principal
Modifying a Kerberos Principal
Deleting a Kerberos Principal
Duplicating a Kerberos Principal by Using the gkadmin GUI
Modifying Principals' Kerberos Administration Privileges
Administering Kerberos Policies
Administering Keytab Files
Adding a Kerberos Service Principal to a Keytab File
Removing a Service Principal From a Keytab File
Displaying the Principals in a Keytab File
Temporarily Disabling a Kerberos Service on a Host
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Chapter 6 Using Kerberos Applications
Kerberos Ticket Management
Creating a Kerberos Ticket
Viewing Kerberos Tickets
Destroying Kerberos Tickets
Kerberos Password Management
Changing Your Password
Remote Logins in Kerberos
Kerberos User Commands
Chapter 7 Kerberos Service Reference
Kerberos Files
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
Kerberos-Specific Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Kerberos Principal Names
Chapter 8 Kerberos Error Messages and Troubleshooting
Kerberos Error Messages
gkadmin GUI Error Messages
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
Kerberos Troubleshooting
Problems With Key Version Numbers
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as the root User
Observing Mapping From GSS Credentials to UNIX Credentials
Using DTrace With the Kerberos Service
Chapter 9 Using Simple Authentication and Security Layer
About SASL
SASL Reference
SASL Plugins
SASL Environment Variable
SASL Options
Chapter 10 Configuring Network Services Authentication
About Secure RPC
NFS Services and Secure RPC
Kerberos Authentication
DES Encryption With Secure NFS
Diffie-Hellman Authentication and Secure RPC
Administering Authentication With Secure RPC
How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS Host
How to Set Up a Diffie-Hellman Key for an NIS User
How to Share NFS Files With Diffie-Hellman Authentication
Appendix A DTrace Probes for Kerberos
DTrace Probes in Kerberos
Definitions of Kerberos DTrace Probes
DTrace Argument Structures in Kerberos
Kerberos Message Information in DTrace
Kerberos Connection Information in DTrace
Kerberos Authenticator Information in DTrace
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
P
PAM
/etc/syslog.conf
file
How to Log PAM Error Reports
adding a module
How to Add a PAM Module
architecture
Introduction to the PAM Framework
configuration file
syntax
PAM Configuration File Syntax
configuration files
PAM Configuration Files
control flags
PAM Stacking
creating site-specific
How to Create a Site-Specific PAM Configuration File
introduction
PAM Configuration Files
Kerberos and
Kerberos Files
stacking
PAM Stacking
syntax
PAM Configuration File Syntax
PAM Configuration File Syntax
creating a site-specific configuration file
How to Assign a Modified PAM Policy
encrypting home directories
Using a Modified PAM Stack to Create an Encrypted Home Directory
framework
Introduction to the PAM Framework
Kerberos and
Kerberos Utilities
logging errors
How to Log PAM Error Reports
new features
What's New in PAM
overview
About PAM
planning
Planning a Site-Specific PAM Configuration
reference
PAM Configuration Reference
search order
PAM Configuration Search Order
service modules
PAM Service Modules
stacking
diagrams
PAM Stacking
example
PAM Stacking Example
explained
PAM Stacking
tasks
Configuring PAM
troubleshooting
How to Troubleshoot PAM Configuration Errors
PAM modules
list of
PAM Service Modules
pam_policy
keyword
using
Assigning a Per-User PAM Policy
passwd
command
and
kpasswd
command
Changing Your Password
passwords
changing with
kpasswd
command
Changing Your Password
changing with
passwd
command
Changing Your Password
dictionary in Kerberos
Using a Dictionary File to Increase Password Security
managing
Kerberos Password Management
policies and
Changing Your Password
UNIX and Kerberos
Kerberos Password Management
per-user PAM policy
assigning in rights profile
Assigning a Per-User PAM Policy
plain.so.1
plugin
SASL and
SASL Plugins
planning
Kerberos
client and service principal names
Kerberos Client and Service Principal Names
clock synchronization
Clock Synchronization Within a Kerberos Realm
configuration decisions
Planning for the Kerberos Service
database propagation
Kerberos Database Propagation
number of realms
Number of Kerberos Realms
ports
Ports for the KDC and Admin Services
realm hierarchy
Kerberos Realm Hierarchy
realm names
Kerberos Realm Names
realms
Planning Kerberos Realms
slave KDCs
Number of Slave KDCs
PAM
Planning a Site-Specific PAM Configuration
pluggable authentication modules
See
PAM
–plugin_list
option
SASL and
SASL Options
plugins
SASL and
SASL Plugins
policies
administering
Administering Kerberos Policies
Administering Kerberos Principals and Policies
creating (Kerberos)
Creating a New Kerberos Principal
passwords and
Changing Your Password
ports
for Kerberos KDC
Ports for the KDC and Admin Services
postdated ticket
definition
Types of Tickets
description
How the Kerberos Service Works
primary
in principal names
Kerberos Principals
principal
adding administration
How to Configure the Master KDC to Use an LDAP Directory Server
adding service principal to keytab
Adding a Kerberos Service Principal to a Keytab File
Administering Keytab Files
administering
Administering Kerberos Principals
Administering Kerberos Principals and Policies
automating creation of
Automating the Creation of New Kerberos Principals
creating
Creating a New Kerberos Principal
creating
clntconfig
How to Manually Configure a Master KDC
creating
host
How to Manually Configure a Master KDC
deleting
Deleting a Kerberos Principal
duplicating
Duplicating a Kerberos Principal by Using the gkadmin GUI
Kerberos
Kerberos Principals
modifying
Modifying a Kerberos Principal
principal name
Kerberos Principals
removing from keytab file
Removing a Service Principal From a Keytab File
removing service principal from keytab
Removing a Service Principal From a Keytab File
service principal
Kerberos Principals
user ID comparison
How to Create and Modify a Credential Table
user principal
Kerberos Principals
viewing list of
Viewing Kerberos Principals and Their Attributes
principal.kadm5.lock
file
description
Kerberos Files
principal.kadm5
file
description
Kerberos Files
principal.ok
file
description
Kerberos Files
principal.ulog
file
description
Kerberos Files
principal
file
description
Kerberos Files
privacy
Kerberos and
What Is the Kerberos Service?
security service
Kerberos Security Services
private keys
See also
secret keys
definition in Kerberos
Authentication-Specific Terminology
proftpd
daemon
Kerberos and
Kerberos Daemons
propagation
KDC database
Kerberos Database Propagation
Kerberos database
Backing Up and Propagating the Kerberos Database
proxiable ticket
definition
Types of Tickets
proxy ticket
definition
Types of Tickets
public keys
DH authentication and
Diffie-Hellman Authentication and Secure RPC
publickey
map
DH authentication
Diffie-Hellman Authentication and Secure RPC
–pwcheck_method
option
SASL and
SASL Options
Previous
Next