HP XP P9000 Command View Advanced Edition Suite Software 7.6.1-00 Administrator Guide
When communicating by using StartTLS as the protocol for connecting to the LDAP directory
server, you need to specify the security settings of Common Component.
Table 48 Setup items in the exauth.properties file for Kerberos authentication (when an external
authorization server and StartTLS are used for communication)
DetailsProperty
Specify whether or not to verify the validity of an LDAP directory server's electronic
signature certificate by using an OCSP responder or a CRL when the LDAP directory
server and StartTLS are used for communication.
If you want to verify the validity of certificates, specify true. To not verify the validity
of certificates, specify false.
Default value: false
auth.ocsp.en-
able
Specify the URL of an OCSP responder if you want to use an OCSP responder that is
not the one written in the AIA field of the electronic signature certificate to verify the
validity of the electronic signature certificate. If this value is omitted, the OCSP responder
written in the AIA field is used.
Default value: None
auth.ocsp.re-
sponderURL
Examples of setting the exauth.properties file for Kerberos authentication
Examples of how to set the exauth.properties file when using a Kerberos server to perform
authentication are provided below.
• When directly specifying information about a Kerberos server (when not linking to an external
authorization server):
auth.server.type=kerberos
auth.group.mapping=false
auth.kerberos.default_realm=EXAMPLE.COM
auth.kerberos.dns_lookup_kdc=false
auth.kerberos.clockskew=300
auth.kerberos.timeout=3
auth.kerberos.realm_name=RealmName
auth.kerberos.RealmName.realm=EXAMPLE.COM
auth.kerberos.RealmName.kdc=kerberos.example.com:88
• When using the DNS server to look up a Kerberos server (when not linking to an external author-
ization server):
auth.server.type=kerberos
auth.group.mapping=false
auth.kerberos.default_realm=EXAMPLE.COM
auth.kerberos.dns_lookup_kdc=true
auth.kerberos.clockskew=300
auth.kerberos.timeout=3
User account management148