Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

 
Updated: August 2014
 
 

Configuring KDC Servers

After you install the Kerberos software, you must configure the Key Distribution Center (KDC) servers. Configuring the master KDC and at least one slave KDC provides the service that issues credentials. These credentials are the basis for the Kerberos service, so the KDCs must be configured before you attempt other tasks.

The most significant difference between a master KDC and a slave KDC is that only the master KDC can handle database administration requests. For instance, changing a password or adding a new principal must be done on the master KDC. These changes can then be propagated to the slave KDCs. Both the slave KDC and master KDC generate credentials. The slave KDCs provide redundancy when the master KDC cannot respond.

    You can choose to configure and build the master KDC server, the database, and additional servers in various ways:

  • Automatic – Recommended for scripts

  • Interactive – Sufficient for most installations

  • Manual – Necessary for more complex installations

  • Manual with LDAP – Necessary when using LDAP with the KDC

Table 4-3  Configuring KDC Servers Task Map
Task
Description
For Instructions
Install the KDC package.
Required package for creating KDCs.
How to Install the KDC Package
(Optional) Configure Kerberos to run in FIPS 140 mode.
Enables the use of FIPS 140-validated algorithms only.
How to Configure Kerberos to Run in FIPS 140 Mode
Use a script to configure the master KDC.
Simplifies initial configuration.
How to Use kdcmgr to Configure the Master KDC
Example 4–1
Use a script to configure a slave KDC server.
Simplifies initial configuration.
How to Use kdcmgr to Configure a Slave KDC
Manually configure the master KDC server.
Provides control over every entry in the KDC configuration files during initial installation.
How to Manually Configure a Master KDC
Manually configure a slave KDC server.
Provides control over every entry in the KDC configuration files during initial installation.
How to Manually Configure a Slave KDC
Manually configure the master KDC to use LDAP.
Configures the master KDC server to use LDAP.
How to Configure the Master KDC to Use an LDAP Directory Server
Replace principal keys on a KDC server.
Updates the session key on a legacy KDC server to use stronger encryption types.
Replacing the Ticket-Granting Service Keys on a Master Server
Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next