HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide
DetailsAttributes
Specify the encryption type used for Kerberos authentication. This
property is enabled only if the management server OS is Windows.
You can use the following encryption types:
• aes128-cts
• rc4-hmac
• des3-cbc-sha1
• des-cbc-md5
• des-cbc-crc
If you want to specify multiple encryption types, use a comma to separate
the encryption types.
Among the specified encryption types, an encryption type that is
supported by both the management server OS and a Kerberos server
will be used.
Default value: None (DES-CBC-MD5 is used for authentication.)
default_tkt_enctypes
Specify the acceptable range of difference between the management
server time and Kerberos server time. If the difference exceeds this value,
an authentication error occurs.
Specifiable values: 0 to 300 (seconds)
Default value: 300
clockskew
Specify the amount of time to wait before timing out when connecting
to the Kerberos server. If you specify 0, the system waits until a
communication error occurs without timing out.
Specifiable values: 0 to 120 (seconds)
Default value: 3
timeout
Note:
To specify the attributes, use the following syntax:
auth.kerberos.attribute=value
Table 47 Setup items in the exauth.properties file for Kerberos authentication (settings for the external
authorization server)
DetailsAttributes
Specify the protocol for connecting to the LDAP directory server.
When communicating in plain text format, specify ldap. When using StartTLS
communication, specify tls. StartTLS communication can be used only when
directly specifying information about the Kerberos server.
Before specifying tls, make sure that one of the following encryption methods
can be used on the LDAP directory server.
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA
Specifiable values: ldap or tls
Default value: ldap
protocol
#
User account management146