Go to main content

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Exit Print View

» ...Documentation Home » Oracle ZFS Storage ZS5-ES Documentation ... » Oracle^® ZFS Storage Appliance ... » Appliance Services » Configuring Services » Kerberos Configuration » Creating a Kerberos Realm (BUI)

Updated: September 2017

Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Document Information

About Oracle ZFS Storage Appliance

Configuring the Appliance

Appliance Services

Managing Services

Configuring Services

Active Directory Configuration

Joining an AD Domain (BUI)

Joining an AD Workgroup (BUI)

Configuring Active Directory (CLI)

Active Directory Join Domain

Active Directory Domains and Workgroups

Active Directory Windows Server Support

DNS Configuration

Configuring DNS (BUI)

Configuring DNS (CLI)

Testing Hostname Resolution (CLI)

Adding a DNS Server (BUI)

Adding a DNS Server (CLI)

Viewing DNS Server Status (BUI)

Viewing DNS Server Status (CLI)

DNS Properties and Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

Dynamic Routing Configuration

FTP Configuration

Adding FTP Access to a Share (BUI)

HTTP Configuration

Adding HTTP Access to a Share (BUI)

HTTP Properties and Logs

HTTP Authentication and Access Control

Object Store Configuration

HTTPS Configuration

HTTPS Properties and Logs

Identity Mapping Configuration

Configuring Identity Mapping (BUI)

Configuring Identity Mapping (CLI)

Creating a Mapping Rule (BUI)

Creating a Mapping Rule (CLI)

Viewing a Mapping (BUI)

Flushing Mappings from the Cache (BUI)

Flushing Mappings from the Cache (CLI)

Identity Mapping Best Practices

Identity Mapping Concepts

Cached and Ephemeral Mappings

Identity Mapping Case Sensitivity

Mapping Rule Directional Symbols

IPMP Configuration

iSCSI Configuration

Kerberos Configuration

Creating a Kerberos Realm (BUI)

Creating a Kerberos Realm (CLI)

Importing Kerberos Keys (BUI)

Importing Kerberos Keys (CLI)

Creating Kerberos Principals and Keys (BUI)

Creating Kerberos Principals and Keys (CLI)

Deleting Kerberos Principals and Keys (BUI)

Deleting Kerberos Principals and Keys (CLI)

Destroying a Kerberos Realm (BUI)

Destroying a Kerberos Realm (CLI)

Kerberos Service Properties

Kerberos Properties and Logs

LDAP Configuration

Adding an Appliance Administrator (BUI)

Setting Properties with Multiple Attribute Value Pairs (CLI)

Configuring LDAP Security Settings (BUI)

Configuring LDAP Security Settings (CLI)

Monitoring LDAP Server Status (BUI)

Monitoring LDAP Server Status (CLI)

LDAP Properties

LDAP Custom Mappings

NDMP Configuration

NDMP Local vs. Remote Configurations

NDMP Backup Formats and Types

NDMP Backup with Types dump and tar

NDMP Backup with Type zfs

NDMP Incremental Backups

Replica Backups

NDMP Properties and Logs

NFS Configuration

NFS Service Properties

Configuring Kerberos Realms for NFS

NFS Logs and Analytics

NFS Naming Service Dependencies

Sharing a Filesystem Over NFS

NIS Configuration

Adding an Appliance Administrator from NIS (BUI)

NIS Properties and Logs

NTP Configuration

Setting Clock Synchronization (BUI)

Configuring NTP (CLI)

Phone Home Configuration

Registering the Appliance (BUI)

Registering the Appliance (CLI)

Changing Account Information (BUI)

Phone Home Properties

RESTful API Configuration

Service Tags Configuration

SFTP Configuration

Adding SFTP Access to a Share (BUI)

Configuring SFTP for Remote Access (CLI)

SFTP Properties, Ports, and Logs

Shadow Migration Configuration

SMB Configuration

SMB Service Properties

Setting Properties to Export Shares over SMB

NFS/SMB Interoperability

SMB DFS Namespaces

SMB Microsoft Stand-alone DFS Namespace Management Tools Support Matrix

Adding DFS Namespaces to a Local SMB Group

Adding SMB Autohome Rules (CLI)

Adding a User to an SMB Local Group

SMB MMC Integration

SMB Share Management

SMB Users, Groups, and Connections

Listing SMB Services

Configuring SMB (BUI)

Configuring SMB Active Directory (BUI)

Configuring SMB Project and Share (BUI)

Configuring SMB Data Service (BUI)

SMTP Configuration

SNMP Configuration

Configuring SNMP to Serve Appliance Status (BUI)

Configuring SNMP to Send Traps (BUI)

SNMP Properties

SRP Configuration

SSH Configuration

Disabling root SSH Access (CLI)

SSH Properties and Logs

Syslog Configuration

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

SYSLOG Message Format

SYSLOG Alert Message Format

Example Configuring an Oracle Solaris Receiver (CLI)

Example Configuring a Linux Receiver (CLI)

System Identity Configuration

System Identity Properties and Logs

TFTP Configuration

Adding TFTP Access to a Share (BUI)

Virus Scan Configuration

Configuring Virus Scanning for a Share (BUI)

Virus Scan Properties and Logs

Virus Scan File Extensions

Scanning Engines

Shares and Projects

Shadow Migration

Snapshots and Clones

Remote Replication

Data Encryption

Maintenance Workflows

Language:

Creating a Kerberos Realm (BUI)

Use the following procedure to create a Kerberos realm, set the KDC(s), and select strong or weak encryption types. Descriptions of each property are located in Kerberos Service Properties.

Before You Begin

Ensure that you have configured the NTP service.

Go to Configuration > Services.
To enable the Kerberos service, click the enable icon for Kerberos.
Click Kerberos.
In the Realm field, type the Kerberos realm.
For familiarity, the realm name can be the same as your DNS domain name, except that the realm name is in uppercase.
In the KDC(s) field, type the host name of the KDC administrative server.
If your Kerberos configuration includes DNS support for KDC lookup, leave this field blank.
If you have another KDC, click the add icon next to KDC(s) and type its host name. Repeat for each additional KDC.
If your configuration includes DNS support, do not complete this step.
To allow support for weak encryption types, such as DES and Exportable ArcFour with HMAC/md5, select Allow weak encryption types.
The default does not support weak encryption types.
Click APPLY.
To reset the properties to their original values, click REVERT instead.

Next Steps

Choose one of the following options:

Importing Kerberos Keys (BUI)
Creating Kerberos Principals and Keys (BUI)

Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved.