Go to main content

Managing Kerberos in Oracle® Solaris 11.4

Exit Print View

Updated: August 2020

Configuring the Kerberos Service

Because some procedures in the configuration process depend on other procedures, they must be done in a specific order. These procedures often establish services that are required to use the Kerberos service. Other procedures are not ordered, and so can be performed when appropriate. The following task map shows a suggested order for a Kerberos installation.

Note -  The examples in these sections use default encryption types, which are not FIPS 140-2-validated for Oracle Solaris. To run in FIPS 140-2 mode, you must limit the encryption types to only FIPS 140-2-validated encryption types for the database, servers, and client communications. For more information, see How to Configure Kerberos to Run in FIPS 140-2 Mode.
Table 2  Task Map: Configuring the Kerberos Service
For Instructions
1. Plan your Kerberos installation.
Resolves configuration issues before you start the software configuration process. Planning ahead saves you time and other resources later.
2. Configure the KDC servers.
Configures and builds the master KDC and the slave KDC servers and KDC database for a realm.
2a. (Optional) Configure Kerberos to run in FIPS 140-2 mode.
Enables the use of FIPS 140-2-validated algorithms only.
2b. (Optional) Configure Kerberos to run on LDAP.
Configures the KDC to use an LDAP Directory Server.
3. Install clock synchronization software.
Creates a central clock that provides the time for all hosts on the network.
4. (Optional) Increase security on the KDC servers.
Prevents security breaches on the KDC servers.