Connector Guides › Connectors Guide › Connecting to Endpoints › Kerberos Connector › Kerberos Installation and Deployment › Keytab and Cross-realm Paths Setup › How to Set Up the CA IAM CS Host to be a Member of the Target Realm
How to Set Up the CA IAM CS Host to be a Member of the Target Realm
The following section shows an example you how you can set up the host for use with CA IAM CS where the host will be a member of the target realm.
Note: This scenario is only applicable where CA IAM CS is on a Solaris computer that is not a member of the realm and you want to make it a member of the realm. If your CA IAM CS is on Windows or Linux, configure the connector to use SSH instead.
- Ensure that the SSH server is a member of the realm.
- Copy the file /etc/krb5/krb5.conf from the key distribution center to the CA IAM CS host. Ensure that:
- The default_realm entry in the libdefaults section points to the target realm.
- The KDC entry in the appropriate realm relation in the realms section points to the target KDC.
- The domain_realm section has the correct mapping of the CA IAM CS host to the target realm.
- Modify the logging and appdefaults sections in the /etc/krb5/krb5.conf file as required.
- On the KDC, create a host principal for the CA IAM CS host and give it a random key. For example, use the following command in kadmin to create a new host principal:
add_principal -randkey host/jcs_host.ca.com
- Set up authentication to use one of the following:
Note: For information on using the host for other Kerberos-related purposes, such as hosting other Kerberos applications or services, see the relevant sections on kadmin, ktutil and krb5.conf in the Solaris 10 System Administration Guide: Security Services.
Copyright © 2013 CA.
All rights reserved.
|
|