Appendix A: Setting up Kerberos Accounts

Kerberos accounts are set up on the Key Distribution Center (KDC). Each entry in the Kerberos database contains a Kerberos principal. You should create a host-based principal for the machine that you will be running the servers (for example, "host/j1hol-001") and a client principal (for example, "test") for accessing the servers.

For Solaris, please refer to following documentation on how to setup Kerberos principals.

• Administering Kerberos Principals

• System Administration Guide: Security Services

For Windows, please refer to Microsoft documentation. Here are some pointers.

• How To Create an Active Directory Server in Windows Server 2003

• Microsoft Kerberos

• Interoperability with Microsoft Windows 2000 Active Directory and Kerberos Services

The exercises assume that the operating system has been configured to use the correct Kerberos server. This configuration typically requires administration privileges. If you cannot configure the operating system, then you can use a Kerberos configuration file with your java command by using the -Djava.security.krb5.conf option. Here is an example of how to invoke one of the commands from the exercises to use the krb5.conf configuration file.

% java -Djava.security.auth.login.config=jaas-krb5.conf\
  -Djava.security.krb5.conf=krb5.conf Jaas client