Kerberos Server Version 3.12 Administrator's Guide
Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 6 77
security_mech This line specifies the security
mechanism used to connect to the
LDAP server. Currently, the
supported mechanisms are Secure
Sockets Layer (SSL) and
PASSWORD.
default_object_template This line specifies the structural
class, which is added by default.
Example: posixaccount
default_objcls_attr This line specifies the mandatory
attribute of the default object
class.
Example: uid
When the Kerberos server creates
a default object it uses the first
attribute specified in this field, as
the naming attribute. When
adding a principal, an error
message is displayed if duplicate
entries are found.
You can change the default
settings of the naming attribute
by changing the order of entries in
the krb5_ldap.conf file. Save
these changes and restart the
Kerberos server application.
proxy_user This line specifies the DN of the
proxy user. The Kerberos server
binds to the Directory server as
the proxy user. The proxy user
must have the appropriate
privileges to create, modify and
delete Kerberos principals.
Example, cn=Anne
Table 6-2 krb5_ldap.conf File Format (Continued)
Parameter Description