Creating a Kerberos Realm (CLI) - Oracle® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Exit Print View

» ...Documentation Home » Oracle ZFS Storage Appliance, Release OS8.7.0 ... » Oracle^® ZFS Storage Appliance ... » Appliance Services » Configuring Services » Kerberos Configuration » Creating a Kerberos Realm (CLI)

Updated: July 2017

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Document Information

About the Oracle ZFS Storage Appliance

Configuring the Appliance

Appliance Services

Managing Services

Configuring Services

NFS Configuration

NFS Service Properties

Configuring Kerberos Realms for NFS

NFS Logs and Analytics

NFS Naming Service Dependencies

Sharing a Filesystem Over NFS

iSCSI Configuration

SMB Configuration

SMB Service Properties

Setting Properties to Export Shares over SMB

NFS/SMB Interoperability

SMB DFS Namespaces

SMB Microsoft Stand-alone DFS Namespace Management Tools Support Matrix

Adding DFS Namespaces to a Local SMB Group

Adding SMB Autohome Rules (CLI)

Adding a User to an SMB Local Group

SMB MMC Integration

SMB Share Management

SMB Users, Groups, and Connections

Listing SMB Services

Configuring SMB (BUI)

Configuring SMB Active Directory (BUI)

Configuring SMB Project and Share (BUI)

Configuring SMB Data Service (BUI)

FTP Configuration

Adding FTP Access to a Share (BUI)

HTTP Configuration

Adding HTTP Access to a Share (BUI)

HTTP Properties and Logs

HTTP Authentication and Access Control

HTTP Object Store Configuration

NDMP Configuration

NDMP Local vs. Remote Configurations

NDMP Backup Formats and Types

NDMP Backup with Types dump and tar

NDMP Backup with Type zfs

NDMP Incremental Backups

Replica Backups

NDMP Properties and Logs

Shadow Migration Configuration

SFTP Configuration

Adding SFTP Access to a Share (BUI)

Configuring SFTP for Remote Access (CLI)

SFTP Properties, Ports, and Logs

SRP Configuration

TFTP Configuration

Adding TFTP Access to a Share (BUI)

Virus Scan Configuration

Configuring Virus Scanning for a Share (BUI)

Virus Scan Properties and Logs

Virus Scan File Extensions

Scanning Engines

NIS Configuration

Adding an Appliance Administrator from NIS (BUI)

NIS Properties and Logs

LDAP Configuration

Adding an Appliance Administrator (BUI)

Setting Properties with Multiple Attribute Value Pairs (CLI)

Configuring LDAP Security Settings (BUI)

Configuring LDAP Security Settings (CLI)

LDAP Properties

LDAP Custom Mappings

Active Directory Configuration

Joining an AD Domain (BUI)

Joining an AD Workgroup (BUI)

Configuring Active Directory (CLI)

Active Directory Join Domain

Active Directory Domains and Workgroups

Active Directory Windows Server Support

Identity Mapping Configuration

Configuring Identity Mapping (BUI)

Configuring Identity Mapping (CLI)

Creating a Mapping Rule (BUI)

Creating a Mapping Rule (CLI)

Viewing a Mapping (BUI)

Flushing Mappings from the Cache (BUI)

Flushing Mappings from the Cache (CLI)

Identity Mapping Best Practices

Identity Mapping Concepts

Cached and Ephemeral Mappings

Identity Mapping Case Sensitivity

Mapping Rule Directional Symbols

DNS Configuration

Configuring DNS (BUI)

Configuring DNS (CLI)

Testing Hostname Resolution (CLI)

Adding a DNS Server (BUI)

Adding a DNS Server (CLI)

Viewing DNS Server Status (BUI)

Viewing DNS Server Status (CLI)

DNS Properties and Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

IPMP Configuration

Kerberos Configuration

Creating a Kerberos Realm (BUI)

Creating a Kerberos Realm (CLI)

Importing Kerberos Keys (BUI)

Importing Kerberos Keys (CLI)

Creating Kerberos Principals and Keys (BUI)

Creating Kerberos Principals and Keys (CLI)

Deleting Kerberos Principals and Keys (BUI)

Deleting Kerberos Principals and Keys (CLI)

Destroying a Kerberos Realm (BUI)

Destroying a Kerberos Realm (CLI)

Kerberos Service Properties

Kerberos Properties and Logs

NTP Configuration

Setting Clock Synchronization (BUI)

Configuring NTP (CLI)

Phone Home Configuration

Registering the Appliance (BUI)

Registering the Appliance (CLI)

Changing Account Information (BUI)

Phone Home Properties

Dynamic Routing Configuration

Service Tags Configuration

SMTP Configuration

SNMP Configuration

Configuring SNMP to Serve Appliance Status (BUI)

Configuring SNMP to Send Traps (BUI)

SNMP Properties

Syslog Configuration

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

SYSLOG Message Format

SYSLOG Alert Message Format

Example Configuring an Oracle Solaris Receiver (CLI)

Example Configuring a Linux Receiver (CLI)

System Identity Configuration

System Identity Properties and Logs

SSH Configuration

Disabling root SSH Access (CLI)

SSH Properties and Logs

RESTful API Configuration

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Creating a Kerberos Realm (CLI)

Use the following procedure to create a Kerberos realm, set the KDC(s), and select strong or weak encryption types. Descriptions of each property are located in Kerberos Service Properties and Kerberos Properties and Logs.

Before You Begin

Ensure that you have configured the NTP service.

Go to configuration services kerberos and enter show.

hostname:configuration services kerberos> show
Properties:
                     <status> = disabled
            allow_weak_crypto = false

To enable the Kerberos service, enter enable and then enter commit.
To allow support for weak encryption types, such as DES and Exportable ArcFour with HMAC/md5, enter set allow_weak_crypto=true and then enter commit.
The default does not support weak encryption types.
To create a realm, enter create and the realm name, and then enter commit.
For familiarity, the realm name can be the same as your DNS domain name, except that the realm name is in uppercase.
```
hostname:configuration services kerberos> create TEST.NET
hostname:configuration services kerberos TEST.NET (uncommitted)> commit
```
Enter done.

To view all realms, enter list.

hostname:configuration services kerberos> list
REALM               KDC
TEST.NET

Select the realm.

hostname:configuration services kerberos> select TEST.NET
hostname:configuration services kerberos TEST.NET>

To configure the KDC server(s), enter set kdcs= and the KDC administrative server host name. If you have additional KDCs, add them to the same line and separate them by commas. Then enter commit.
If your Kerberos configuration includes DNS support for KDC lookup, do not perform this step.
```
hostname:configuration services kerberos TEST.NET> set kdcs=kdc1.us.oracle.com,kdc2.us.oracle.com
               kdcs = kdc1.us.oracle.com,kdc2.us.oracle.com (uncommitted)
hostname:configuration services kerberos TEST.NET> commit
```

Next Steps

Choose one of the following options:

Importing Kerberos Keys (CLI)
Creating Kerberos Principals and Keys (CLI)

Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved.