CA Identity Manager Connector Guides › Connectors Guide › Connecting to Endpoints › Kerberos Connector › Kerberos Installation and Deployment › Keytab and Cross-realm Paths Setup › How to Set Up the CA IAM Connector Server Host to be a Member of the Target Realm
How to Set Up the CA IAM Connector Server Host to be a Member of the Target Realm
The following section shows an example you how you can set up the host for use with CA IAM Connector Server where the host will be a member of the target realm.
Note: This scenario is only applicable where CA IAM Connector Server is on a Solaris computer that is not a member of the realm and you want to make it a member of the realm. If your CA IAM Connector Server is on Windows or Linux, configure the connector to use SSH instead.
- Ensure that the SSH server is a member of the realm.
- Copy the file /etc/krb5/krb5.conf from the key distribution center to the CA IAM Connector Server host. Ensure that:
- The default_realm entry in the libdefaults section points to the target realm.
- The KDC entry in the appropriate realm relation in the realms section points to the target KDC.
- The domain_realm section has the correct mapping of the CA IAM Connector Server host to the target realm.
- Modify the logging and appdefaults sections in the /etc/krb5/krb5.conf file as required.
- On the KDC, create a host principal for the CA IAM Connector Server host and give it a random key. For example, use the following command in kadmin to create a new host principal:
add_principal -randkey host/jcs_host.ca.com
- Set up authentication to use one of the following:
Note: For information on using the host for other Kerberos-related purposes, such as hosting other Kerberos applications or services, see the relevant sections on kadmin, ktutil and krb5.conf in the Solaris 10 System Administration Guide: Security Services.
Copyright © 2014 CA.
All rights reserved.
|
|