Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Configuring the Kerberos Service

Because some procedures in the configuration process depend on other procedures, they must be done in a specific order. These procedures often establish services that are required to use the Kerberos service. Other procedures are not dependent on any order, and can be done when appropriate. The following task map shows a suggested order for a Kerberos installation.

Note -  The examples in these sections use default encryption types, which are not FIPS 140-validated for Oracle Solaris. To run in FIPS 140 mode, you must limit the encryption types to the des3-cbc-sha1 encryption type for the database, servers, and client communications. Before creating the KDC, edit the files in How to Configure Kerberos to Run in FIPS 140 Mode.
Table 4-1  Configuring the Kerberos Service Task Map
For Instructions
1. Plan your Kerberos installation.
Resolves configuration issues before you start the software configuration process. Planning ahead saves you time and other resources later.
2. Configure the KDC servers.
Configures and builds the master KDC and the slave KDC servers and KDC database for a realm.
2a. (Optional) Configure Kerberos to run in FIPS 140 mode.
Enables the use of FIPS 140-validated algorithms only.
2b. (Optional) Configure Kerberos to run on LDAP.
Configures the KDC to use an LDAP Directory Server.
3. Install the Network Time Protocol (NTP) software.
Creates a central clock that provides the time for all systems on the network.
4. (Optional) Configure swappable KDC servers.
Makes the task of swapping the master KDC and a slave KDC easier.
4. (Optional) Increase security on the KDC servers.
Prevents security breaches on the KDC servers.