Connector Guides › Connectors Guide › Connecting to Endpoints › Kerberos Connector › Kerberos Installation and Deployment › Keytab and Cross-realm Paths Setup › How to Set Up the Java CS Host to be a Member of the Target Realm

How to Set Up the Java CS Host to be a Member of the Target Realm

The following section shows an example you how you can set up the host for use with the Java CS where the host will be a member of the target realm.

Note: This scenario is only applicable where the Java CS is on a Solaris that is not a member of the realm and you want to make it a member of the realm. If your Java CS is on Windows or Linux, configure the connector to use SSH instead.

1. Copy the file /etc/krb5/krb5.conf from the key distribution center to the Java CS host. Ensure that:
   • The default_realm entry in the libdefaults section points to the target realm.
   • The KDC entry in the appropriate realm relation in the realms section points to the target KDC.
   • The domain_realm section has the correct mapping of the Java CS host to the target realm.
2. Modify the logging and appdefaults sections in the /etc/krb5/krb5.conf file as required.
3. On the KDC, create a host principal for the Java CS host and give it a random key. For example, use the following command in kadmin to create a new host principal:

   add_principal -randkey host/jcs_host.ca.com
   

4. Set up authentication to use one of the following:
   • The Java CS host principal
   • The Java CS host principal and a custom keytab
   • A principal other than the Java CS host principal and the default keytab
   • A principal other than Java CS host principal and a custom keytab
   • Principal and password authentication

Note: For information on using the host for other Kerberos-related purposes, such as hosting other Kerberos applications or services, see the relevant sections on kadmin, ktutil and krb5.conf in the Solaris 10 System Administration Guide: Security Services.