Filter
Top Products
Configuring the Kerberos Server with LDAP
Manually Configuring the Kerberos Server with LDAP
Chapter 6 93
• Never delete any element of your Kerberos schema as this affects the
compatibility of your schema to other LDAP services (servers and
clients).
• Never change the Kerberos schema of your directory by modifying
the existing elements as this also affects the compatibility of your
schema to other LDAP services.
• Never map an existing attribute name to a kerberos attribute name.
This may result in an error when configuring the schema.
• Never edit the Kerberos mapping file, krb5_map.conf, after
configuring the server.
• If you want to modify an element in the existing schema, you must
also ensure that the changes are reflected in the krb5_map.conf
mapping file.
• If you want to manually load the Kerberos schema, use the default
schema located at /opt/krb5/examples.
• Always save your current schema before you start this process.
The Kerberos mapping file, krb5_map.conf, defines the mapping of the
default kerberos attributes to user defined attributes, to support the
Kerberos server schema. See “The krb5_map.conf File” on page 81, for
more information.
The Kerberos configuration file, krb.conf, specifies the security servers
available for client authentication and defines the default realm for the
host.
The Kerberos realms file, krb.realms, defines the host-to-realm or
domain-to-realm mapping data.
These files are available in the /opt/krb5/examples directory. You can
copy these files to the /opt/krb5 directory, and manually edit them.
Modify the configuration files /opt/krb5/krb5_ldap.conf,
/opt/krb5/krb5_schema.conf, and /opt/krb5/krb5_map to reflect the
correct information.
For more information about modifying the configuration files, see
“Configuring the Primary Security Server” on page 96.