Kerberos Server Version 3.12 Administrator's Guide

Configuring the Kerberos Server with LDAP

Configuration Files for LDAP Integration

Chapter 678

The krb5_schema.conf File

A schema is a collection of object and attribute definitions that defines

the structure of the entries in a database. The krb5_schema.conf file is

the kerberos schema file that contains the object and attribute

definitions of the kerberos principal entries. LDAP objects are

standardized in order to provide interoperability with a variety of

directory services servers. The krb5_schema.conf file defines the

following:

• Type of object classes

• Attributes of the object classes

• Optional attributes

• Syntax of each attribute

For example, a schema can define a person object class. The person

schema might require that a person have a surname attribute that is a

character string. It also specifies that a person entry can optionally have

a telephoneNumber attribute that is a string of numbers with spaces

and hyphens.

The krb5_schema.conf file is automatically generated based on the

input provided by you while autoconfiguring the Kerberos server.

Alternatively, a sample file is available in the /opt/krb5/examples

directory. You can copy this file to the /opt/krb5 directory, and manually

edit it. HP recommends that you use the autoconfiguration tool to

generate this file.

This file must reside in the /opt/krb5 directory and must have the

following permissions:

-rw-r--r-- root 3

The krb5_schema.conf File Format

Following is the format of the krb5_schema.conf file:

dn: cn=schema

changetype: modify

add: attributetypes

attributetypes: ( hpKrbPrincipalName-oid

NAME ’hpKrbPrincipalName’