Kerberos Server Version 3.12 Administrator's Guide

Configuring the Kerberos Server with LDAP

Configuration Files for LDAP Integration

Chapter 682

attributetypes: ( hpkrbAuthzData-oid NAME ’hpkrbAuthzData’

DESC ’Other Authorization Data.’ SYNTAX

1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )

add: objectClasses

objectClasses: ( hpKrbPrincipal-oid

NAME ’hpKrbPrincipal’

DESC ’An auxiliary class for use in configuring an entry to

represent a Kerberos principal.’

SUP top Auxiliary MAY ( hpKrbPrincipalName $ hpKrbMaxTicketAge$

hpKrbMaxRenewAge $ hpKrbAccountExpires $

hpKrbPasswordExpireTime $ hpKrbPwdLastSet $ hpKrbLastLogon $

hpKrbBadPasswordTime$ hpKrbBadPwdCount $ hpKrbModifiersName $

hpKrbModifyTimestamp$ hpKrbAttributes $ hpKrbPolicyName $

hpkrbAuthzData) )

objectClasses: ( hpKrbKey-oid

NAME ’hpKrbKey’

DESC ’An structural object class used for configuring the

principal name of an associated principal entry.’ SUP top

STRUCTURAL MUST ( hpKrbPrincipalName ) MAY (

hpKrbKeyVersion$hpKrbKeyData ) )

The krb5_map.conf File

The krb5_map.conf mapping file defines the mapping of the default

kerberos attributes to user defined attributes, to support the Kerberos

server schema. The Kerberos server uses this map file for translating

Kerberos attribute names to LDAP attribute names. Each entry in the

mapping file represents a translation for an attribute.

The krb5_map.conf file is automatically generated based on the input

provided by you while autoconfiguring the Kerberos server.

Alternatively, a sample file is available in the /opt/krb5/examples

directory. You can copy this file to the /opt/krb5 directory, and manually

edit it. HP recommends that you use the autoconfiguration tool to

generate this file.

This file must reside in the /opt/krb5 directory and must have the

following permissions:

-rw-r--r-- root 3