oracle home
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index C
Updated: August 2014
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Using Pluggable Authentication Modules
What's New in Authentication in Oracle Solaris 11.2
What's New in PAM
What's New in Kerberos
About PAM
Introduction to the PAM Framework
Benefits of Using PAM
Planning a Site-Specific PAM Configuration
Assigning a Per-User PAM Policy
Configuring PAM
How to Create a Site-Specific PAM Configuration File
How to Add a PAM Module
How to Assign a Modified PAM Policy
How to Log PAM Error Reports
How to Troubleshoot PAM Configuration Errors
PAM Configuration Reference
PAM Configuration Files
PAM Configuration Search Order
PAM Configuration File Syntax
PAM Stacking
PAM Stacking Example
PAM Service Modules
Chapter 2 About the Kerberos Service
What Is the Kerberos Service?
How the Kerberos Service Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Kerberos Authentications
Kerberos Authentication of Batch Jobs
Kerberos, DNS, and the Naming Service
Kerberos Components
Kerberos Network Programs
Kerberos Principals
Kerberos Realms
Kerberos Servers
Kerberos Utilities
Kerberos Security Services
Kerberos Encryption Types
FIPS 140 Algorithms and Kerberos Encryption Types
How Kerberos Credentials Provide Access to Services
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Kerberized Server
Obtaining Access to a Specific Kerberos Service
Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos
Chapter 3 Planning for the Kerberos Service
Planning a Kerberos Deployment
Planning Kerberos Realms
Kerberos Realm Names
Number of Kerberos Realms
Kerberos Realm Hierarchy
Mapping Host Names to Kerberos Realms
Kerberos Client and Service Principal Names
Clock Synchronization Within a Kerberos Realm
Supported Encryption Types in Kerberos
Planning KDCs
Ports for the KDC and Admin Services
Number of Slave KDCs
Kerberos Database Propagation
KDC Configuration Options
Planning for Kerberos Clients
Planning for Automatic Installation of Kerberos Clients
Kerberos Client Configuration Options
Kerberos Client Login Security
Trusted Delegated Services in Kerberos
Planning Kerberos Use of UNIX Names and Credentials
Map GSS Credentials to UNIX Credentials
gsscred Table
Automatic User Migration to a Kerberos Realm
Chapter 4 Configuring the Kerberos Service
Configuring the Kerberos Service
Configuring Additional Kerberos Services
Configuring KDC Servers
How to Install the KDC Package
How to Configure Kerberos to Run in FIPS 140 Mode
How to Use kdcmgr to Configure the Master KDC
How to Use kdcmgr to Configure a Slave KDC
How to Manually Configure a Master KDC
How to Manually Configure a Slave KDC
How to Configure the Master KDC to Use an LDAP Directory Server
Replacing the Ticket-Granting Service Keys on a Master Server
Managing a KDC on an LDAP Directory Server
How to Mix Kerberos Principal Attributes in a Non-Kerberos Object Class Type
How to Destroy a Realm on an LDAP Directory Server
Configuring Kerberos Clients
How to Create a Kerberos Client Installation Profile
How to Automatically Configure a Kerberos Client
How to Interactively Configure a Kerberos Client
How to Join a Kerberos Client to an Active Directory Server
How to Manually Configure a Kerberos Client
Disabling Verification of the Ticket-Granting Ticket
How to Access a Kerberos Protected NFS File System as the root User
How to Configure Automatic Migration of Users in a Kerberos Realm
Automatically Renewing All Ticket-Granting Tickets
Configuring Kerberos Network Application Servers
How to Configure a Kerberos Network Application Server
How to Use the Generic Security Service With Kerberos When Running FTP
Configuring Kerberos NFS Servers
How to Configure Kerberos NFS Servers
How to Create and Modify a Credential Table
How to Provide Credential Mapping Between Realms
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring Delayed Execution for Access to Kerberos Services
How to Configure a cron Host for Access to Kerberos Services
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Synchronizing Clocks Between KDCs and Kerberos Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
kpropd.acl File
kprop_script Command
Backing Up the Kerberos Database
How to Restore a Backup of the Kerberos Database
How to Convert a Kerberos Database After a Server Upgrade
How to Reconfigure a Master KDC to Use Incremental Propagation
How to Reconfigure a Slave KDC to Use Incremental Propagation
How to Verify That the KDC Servers Are Synchronized
Manually Propagating the Kerberos Database to the Slave KDCs
How to Manually Propagate the Kerberos Database to a Slave KDC
Setting Up Parallel Propagation for Kerberos
Configuration Steps for Setting Up Parallel Propagation
Administering the Stash File for the Kerberos Database
How to Create, Use, and Store a New Master Key for the Kerberos Database
Increasing Security on Kerberos Servers
Restricting Access to KDC Servers
Using a Dictionary File to Increase Password Security
Chapter 5 Administering Kerberos Principals and Policies
Ways to Administer Kerberos Principals and Policies
Automating the Creation of New Kerberos Principals
gkadmin GUI
Administering Kerberos Principals
Viewing Kerberos Principals and Their Attributes
Creating a New Kerberos Principal
Modifying a Kerberos Principal
Deleting a Kerberos Principal
Duplicating a Kerberos Principal by Using the gkadmin GUI
Modifying Principals' Kerberos Administration Privileges
Administering Kerberos Policies
Administering Keytab Files
Adding a Kerberos Service Principal to a Keytab File
Removing a Service Principal From a Keytab File
Displaying the Principals in a Keytab File
Temporarily Disabling a Kerberos Service on a Host
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Chapter 6 Using Kerberos Applications
Kerberos Ticket Management
Creating a Kerberos Ticket
Viewing Kerberos Tickets
Destroying Kerberos Tickets
Kerberos Password Management
Changing Your Password
Remote Logins in Kerberos
Kerberos User Commands
Chapter 7 Kerberos Service Reference
Kerberos Files
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
Kerberos-Specific Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Kerberos Principal Names
Chapter 8 Kerberos Error Messages and Troubleshooting
Kerberos Error Messages
gkadmin GUI Error Messages
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
Kerberos Troubleshooting
Problems With Key Version Numbers
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as the root User
Observing Mapping From GSS Credentials to UNIX Credentials
Using DTrace With the Kerberos Service
Chapter 9 Using Simple Authentication and Security Layer
About SASL
SASL Reference
SASL Plugins
SASL Environment Variable
SASL Options
Chapter 10 Configuring Network Services Authentication
About Secure RPC
NFS Services and Secure RPC
Kerberos Authentication
DES Encryption With Secure NFS
Diffie-Hellman Authentication and Secure RPC
Administering Authentication With Secure RPC
How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS Host
How to Set Up a Diffie-Hellman Key for an NIS User
How to Share NFS Files With Diffie-Hellman Authentication
Appendix A DTrace Probes for Kerberos
DTrace Probes in Kerberos
Definitions of Kerberos DTrace Probes
DTrace Argument Structures in Kerberos
Kerberos Message Information in DTrace
Kerberos Connection Information in DTrace
Kerberos Authenticator Information in DTrace
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
C
cache
credential
How Kerberos Credentials Provide Access to Services
–canon_user_plugin
option
SASL and
SASL Options
changing
your password with
kpasswd
Changing Your Password
your password with
passwd
Changing Your Password
chkey
command
How to Set Up a Diffie-Hellman Key for an NIS User
client names
planning for in Kerberos
Kerberos Client and Service Principal Names
clients
configuring Kerberos
Configuring Kerberos Clients
definition in Kerberos
Authentication-Specific Terminology
clntconfig
principal
creating
How to Manually Configure a Master KDC
clock skew
Kerberos and
Synchronizing Clocks Between KDCs and Kerberos Clients
Kerberos planning and
Clock Synchronization Within a Kerberos Realm
clock synchronizing
Kerberos master KDC and
How to Use kdcmgr to Configure the Master KDC
Kerberos planning and
Clock Synchronization Within a Kerberos Realm
Kerberos slave KDC and
How to Manually Configure a Slave KDC
How to Use kdcmgr to Configure a Slave KDC
commands
Kerberos
Kerberos Commands
common keys
DH authentication and
Diffie-Hellman Authentication and Secure RPC
computing
DH key
How to Set Up a Diffie-Hellman Key for an NIS Host
configuration decisions
Kerberos
client and service principal names
Kerberos Client and Service Principal Names
clients
Planning for Kerberos Clients
clock synchronization
Clock Synchronization Within a Kerberos Realm
database propagation
Kerberos Database Propagation
encryption types
Supported Encryption Types in Kerberos
KDC server
KDC Configuration Options
mapping host names onto realms
Mapping Host Names to Kerberos Realms
number of realms
Number of Kerberos Realms
ports
Ports for the KDC and Admin Services
realm hierarchy
Kerberos Realm Hierarchy
realm names
Kerberos Realm Names
realms
Planning Kerberos Realms
slave KDCs
Number of Slave KDCs
PAM
Planning a Site-Specific PAM Configuration
configuration files
PAM
modifying
Limiting the ktelnet PAM Stack to Selected Users
How to Create a Site-Specific PAM Configuration File
syntax
PAM Configuration Files
configuring
DH key for NIS user
How to Set Up a Diffie-Hellman Key for an NIS User
DH key in NIS
How to Set Up a Diffie-Hellman Key for an NIS Host
Kerberos
adding administration principals
How to Configure the Master KDC to Use an LDAP Directory Server
clients
Configuring Kerberos Clients
cross-realm authentication
Configuring Cross-Realm Authentication
master KDC server
How to Manually Configure a Master KDC
Running the kdcmgr Command Without Arguments
How to Use kdcmgr to Configure the Master KDC
master KDC server using LDAP
How to Configure the Master KDC to Use an LDAP Directory Server
NFS servers
How to Configure Kerberos NFS Servers
overview
Configuring the Kerberos Service
slave KDC server
How to Manually Configure a Slave KDC
How to Use kdcmgr to Configure a Slave KDC
task map
Configuring the Kerberos Service
PAM
Configuring PAM
configuring application servers
Configuring Kerberos Network Application Servers
control flags
PAM
PAM Stacking
crammd5.so.1
plugin
SASL and
SASL Plugins
creating
credential table
How to Create and Modify a Credential Table
new policy (Kerberos)
Creating a New Kerberos Principal
new principal (Kerberos)
Creating a New Kerberos Principal
stash file
How to Manually Configure a Slave KDC
tickets with
kinit
Creating a Kerberos Ticket
cred
database
DH authentication
Diffie-Hellman Authentication and Secure RPC
cred
table
DH authentication and
Diffie-Hellman Authentication and Secure RPC
credential
cache
How Kerberos Credentials Provide Access to Services
description
Authentication-Specific Terminology
mapping
Map GSS Credentials to UNIX Credentials
obtaining for a server
Obtaining a Credential for a Kerberized Server
obtaining for a TGS
Obtaining a Credential for the Ticket-Granting Service
or tickets
How the Kerberos Service Works
credential table
adding single entry to
How to Create and Modify a Credential Table
cross-realm authentication
configuring
Configuring Cross-Realm Authentication
Previous
Next