Go to main content

Managing Kerberos in Oracle® Solaris 11.4

Exit Print View

Updated: August 2020

Native Oracle Solaris Features Integrated With Kerberos

Kerberos uses many features that are native to Oracle Solaris, including the Image Packaging Service (IPS), Automated Installation (AI), the Service Management Facility (SMF), and privileges. Oracle Solaris Kerberos may require the use of features that are available but not required on other operating systems, such as PAM. Also, Oracle Solaris can have different defaults than MIT Kerberos. You should plan accordingly.

  • Image Packaging Service (IPS) – In Oracle Solaris, MIT Kerberos software is stored in packages in your IPS repository. You install the packages from the repository rather than download the software from the MIT web site.

  • Automated Installation (AI) – In Oracle Solaris, AI enables you to install your Kerberos clients identically. For pointers, see Using Automatic Installation to Install Kerberos Clients.

  • Security Extensions – On SPARC systems, Oracle Solaris, security extensions protect the heap and the stack. For more information, see Preventing Intentional Misuse of System Resources in Securing Systems and Attached Devices in Oracle Solaris 11.4

  • Pluggable Authentication Modules (PAM) – All authentication on Oracle Solaris systems calls a PAM stack.

    Oracle Solaris provides several PAM stacks that are specific to Kerberos. These stacks are likely different from PAM stacks on other UNIX systems. For more information, read the /etc/pam.conf file, then list the modules in the /etc/pam.d and /etc/security/pam_policy directories and review their corresponding man pages.

  • Relation defaults – See Differences in Defaults Between MIT Kerberos and Oracle Solaris Kerberos for the differences.

    Oracle Solaris provides modified Kerberos man pages on your installed system. Use these pages rather than the man pages on the MIT Kerberos Documentation web site.