Specifications
Chapter 5 Setting Up Open Directory Services 99
5 Use Network Utility (in /Applications/Utilities/) to do a DNS lookup of the Open
Directory master’s DNS name and a reverse lookup of the IP address.
If the server’s DNS name or IP address doesn’t resolve correctly:
In the Network pane of System Preferences, look at the TCP/IP settings for the Â
server’s primary network interface (usually built-in Ethernet). Make sure the rst DNS
server listed is the one that resolves the Open Directory server’s name.
Check the conguration of DNS and make sure it’s running. Â
6 In Server Admin, select Open Directory for the master server, click Settings, then
click General.
7 Click Kerberize, then enter the following information:
 Administrator Name and Password: You must authenticate as an administrator of the
Open Directory master’s LDAP directory.
 Realm Name: This eld is set to be the server’s DNS name converted to capital
letters. This is the convention for naming a Kerberos realm. If necessary, you can
enter a dierent name.
Disabling Kerberos After Setting Up an Open Directory Master
If your Open Directory server is in an existing directory environment that has a
Kerberos realm running and you want to join it or avoid having a realm conict,
you can disable the Kerberos realm that is created when you set up your Open
Directory master.
To disable a Kerberos realm on an Open Directory Master server:
1 Open Terminal.
2 Enter the following command:
$ sudo sso_util remove -k -a username -p password -r NAME.
OF.KERBEROSREALM
Replace username, password, and NAME.OF.KERBEROSREALM with the user name and
password of the Open Directory administrator and the name of the Kerberos realm
that was created when you congured your Open Directory Master.
The Open Directory Overview pane of Server Admin should show the Kerberos service
status as stopped.