oracle home
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Index E
Updated: August 2014
Managing Kerberos and Other Authentication Services in Oracle
®
Solaris 11.2
Document Information
Using This Documentation
Product Documentation Library
Access to Oracle Support
Feedback
Chapter 1 Using Pluggable Authentication Modules
What's New in Authentication in Oracle Solaris 11.2
What's New in PAM
What's New in Kerberos
About PAM
Introduction to the PAM Framework
Benefits of Using PAM
Planning a Site-Specific PAM Configuration
Assigning a Per-User PAM Policy
Configuring PAM
How to Create a Site-Specific PAM Configuration File
How to Add a PAM Module
How to Assign a Modified PAM Policy
How to Log PAM Error Reports
How to Troubleshoot PAM Configuration Errors
PAM Configuration Reference
PAM Configuration Files
PAM Configuration Search Order
PAM Configuration File Syntax
PAM Stacking
PAM Stacking Example
PAM Service Modules
Chapter 2 About the Kerberos Service
What Is the Kerberos Service?
How the Kerberos Service Works
Initial Authentication: the Ticket-Granting Ticket
Subsequent Kerberos Authentications
Kerberos Authentication of Batch Jobs
Kerberos, DNS, and the Naming Service
Kerberos Components
Kerberos Network Programs
Kerberos Principals
Kerberos Realms
Kerberos Servers
Kerberos Utilities
Kerberos Security Services
Kerberos Encryption Types
FIPS 140 Algorithms and Kerberos Encryption Types
How Kerberos Credentials Provide Access to Services
Obtaining a Credential for the Ticket-Granting Service
Obtaining a Credential for a Kerberized Server
Obtaining Access to a Specific Kerberos Service
Notable Differences Between Oracle Solaris Kerberos and MIT Kerberos
Chapter 3 Planning for the Kerberos Service
Planning a Kerberos Deployment
Planning Kerberos Realms
Kerberos Realm Names
Number of Kerberos Realms
Kerberos Realm Hierarchy
Mapping Host Names to Kerberos Realms
Kerberos Client and Service Principal Names
Clock Synchronization Within a Kerberos Realm
Supported Encryption Types in Kerberos
Planning KDCs
Ports for the KDC and Admin Services
Number of Slave KDCs
Kerberos Database Propagation
KDC Configuration Options
Planning for Kerberos Clients
Planning for Automatic Installation of Kerberos Clients
Kerberos Client Configuration Options
Kerberos Client Login Security
Trusted Delegated Services in Kerberos
Planning Kerberos Use of UNIX Names and Credentials
Map GSS Credentials to UNIX Credentials
gsscred Table
Automatic User Migration to a Kerberos Realm
Chapter 4 Configuring the Kerberos Service
Configuring the Kerberos Service
Configuring Additional Kerberos Services
Configuring KDC Servers
How to Install the KDC Package
How to Configure Kerberos to Run in FIPS 140 Mode
How to Use kdcmgr to Configure the Master KDC
How to Use kdcmgr to Configure a Slave KDC
How to Manually Configure a Master KDC
How to Manually Configure a Slave KDC
How to Configure the Master KDC to Use an LDAP Directory Server
Replacing the Ticket-Granting Service Keys on a Master Server
Managing a KDC on an LDAP Directory Server
How to Mix Kerberos Principal Attributes in a Non-Kerberos Object Class Type
How to Destroy a Realm on an LDAP Directory Server
Configuring Kerberos Clients
How to Create a Kerberos Client Installation Profile
How to Automatically Configure a Kerberos Client
How to Interactively Configure a Kerberos Client
How to Join a Kerberos Client to an Active Directory Server
How to Manually Configure a Kerberos Client
Disabling Verification of the Ticket-Granting Ticket
How to Access a Kerberos Protected NFS File System as the root User
How to Configure Automatic Migration of Users in a Kerberos Realm
Automatically Renewing All Ticket-Granting Tickets
Configuring Kerberos Network Application Servers
How to Configure a Kerberos Network Application Server
How to Use the Generic Security Service With Kerberos When Running FTP
Configuring Kerberos NFS Servers
How to Configure Kerberos NFS Servers
How to Create and Modify a Credential Table
How to Provide Credential Mapping Between Realms
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring Delayed Execution for Access to Kerberos Services
How to Configure a cron Host for Access to Kerberos Services
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Synchronizing Clocks Between KDCs and Kerberos Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
kpropd.acl File
kprop_script Command
Backing Up the Kerberos Database
How to Restore a Backup of the Kerberos Database
How to Convert a Kerberos Database After a Server Upgrade
How to Reconfigure a Master KDC to Use Incremental Propagation
How to Reconfigure a Slave KDC to Use Incremental Propagation
How to Verify That the KDC Servers Are Synchronized
Manually Propagating the Kerberos Database to the Slave KDCs
How to Manually Propagate the Kerberos Database to a Slave KDC
Setting Up Parallel Propagation for Kerberos
Configuration Steps for Setting Up Parallel Propagation
Administering the Stash File for the Kerberos Database
How to Create, Use, and Store a New Master Key for the Kerberos Database
Increasing Security on Kerberos Servers
Restricting Access to KDC Servers
Using a Dictionary File to Increase Password Security
Chapter 5 Administering Kerberos Principals and Policies
Ways to Administer Kerberos Principals and Policies
Automating the Creation of New Kerberos Principals
gkadmin GUI
Administering Kerberos Principals
Viewing Kerberos Principals and Their Attributes
Creating a New Kerberos Principal
Modifying a Kerberos Principal
Deleting a Kerberos Principal
Duplicating a Kerberos Principal by Using the gkadmin GUI
Modifying Principals' Kerberos Administration Privileges
Administering Kerberos Policies
Administering Keytab Files
Adding a Kerberos Service Principal to a Keytab File
Removing a Service Principal From a Keytab File
Displaying the Principals in a Keytab File
Temporarily Disabling a Kerberos Service on a Host
How to Temporarily Disable Authentication for a Kerberos Service on a Host
Chapter 6 Using Kerberos Applications
Kerberos Ticket Management
Creating a Kerberos Ticket
Viewing Kerberos Tickets
Destroying Kerberos Tickets
Kerberos Password Management
Changing Your Password
Remote Logins in Kerberos
Kerberos User Commands
Chapter 7 Kerberos Service Reference
Kerberos Files
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
Kerberos-Specific Terminology
Authentication-Specific Terminology
Types of Tickets
Ticket Lifetimes
Kerberos Principal Names
Chapter 8 Kerberos Error Messages and Troubleshooting
Kerberos Error Messages
gkadmin GUI Error Messages
Common Kerberos Error Messages (A-M)
Common Kerberos Error Messages (N-Z)
Kerberos Troubleshooting
Problems With Key Version Numbers
Problems With the Format of the krb5.conf File
Problems Propagating the Kerberos Database
Problems Mounting a Kerberized NFS File System
Problems Authenticating as the root User
Observing Mapping From GSS Credentials to UNIX Credentials
Using DTrace With the Kerberos Service
Chapter 9 Using Simple Authentication and Security Layer
About SASL
SASL Reference
SASL Plugins
SASL Environment Variable
SASL Options
Chapter 10 Configuring Network Services Authentication
About Secure RPC
NFS Services and Secure RPC
Kerberos Authentication
DES Encryption With Secure NFS
Diffie-Hellman Authentication and Secure RPC
Administering Authentication With Secure RPC
How to Restart the Secure RPC Keyserver
How to Set Up a Diffie-Hellman Key for an NIS Host
How to Set Up a Diffie-Hellman Key for an NIS User
How to Share NFS Files With Diffie-Hellman Authentication
Appendix A DTrace Probes for Kerberos
DTrace Probes in Kerberos
Definitions of Kerberos DTrace Probes
DTrace Argument Structures in Kerberos
Kerberos Message Information in DTrace
Kerberos Connection Information in DTrace
Kerberos Authenticator Information in DTrace
Security Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index W
Language:
English
E
encrypting
home directories
Using a Modified PAM Stack to Create an Encrypted Home Directory
private key of NIS user
How to Set Up a Diffie-Hellman Key for an NIS User
Secure NFS
DES Encryption With Secure NFS
encryption
algorithms
Kerberos and
Supported Encryption Types in Kerberos
DES algorithm
DES Encryption With Secure NFS
modes
Kerberos and
Supported Encryption Types in Kerberos
privacy service
What Is the Kerberos Service?
types
Kerberos and
Supported Encryption Types in Kerberos
Kerberos Encryption Types
Kerberos in FIPS 140 mode
How to Configure Kerberos to Run in FIPS 140 Mode
error messages
Kerberos
Kerberos Error Messages
EXTERNAL security mechanism plugin
SASL and
SASL Plugins
Previous
Next