Go to main content

Managing Kerberos in Oracle® Solaris 11.4

Exit Print View

Updated: August 2020

Planning KDCs

KDCs use specific ports, require additional servers to handle larger ticket loads, and then require propagation techniques to keep the servers synchronized. Additionally, encryption types are centrally managed. You have several options for initially configuring your KDCs.

You can configure a KDC manually as described on the MIT Kerberos Documentation web site, while using Oracle Solaris features such as PAM. Or, you can use the Oracle Solaris kdcmgr utility.

The kdcmgr utility provides a simple way to configure the KDC automatically or interactively. In the automatic version, you define the configuration parameters as options on the command line. This version is especially useful for scripts. The interactive version prompts you for all information that is needed. For pointers to the instructions for using this command, see Configuring KDC Servers.

You can also use LDAP to manage the database files for Kerberos. For instructions, see Configuring KDC Servers on LDAP Directory Servers. LDAP simplifies administration at sites that require coordination between the Kerberos databases and their existing directory server setup.