Previous Topic: Kerberos Authentication MethodsNext Topic: How you set Up Keytab Authentication Using the Host Principal


How to Set Up the CA IAM CS Host to be a Member of the Target Realm

The following section shows an example you how you can set up the host for use with CA IAM CS where the host will be a member of the target realm.

Note: This scenario is only applicable where CA IAM CS is on a Solaris computer that is not a member of the realm and you want to make it a member of the realm. If your CA IAM CS is on Windows or Linux, configure the connector to use SSH instead.

  1. Ensure that the SSH server is a member of the realm.
  2. Copy the file /etc/krb5/krb5.conf from the key distribution center to the CA IAM CS host. Ensure that:
  3. Modify the logging and appdefaults sections in the /etc/krb5/krb5.conf file as required.
  4. On the KDC, create a host principal for the CA IAM CS host and give it a random key. For example, use the following command in kadmin to create a new host principal:
    add_principal -randkey host/jcs_host.ca.com
    
  5. Set up authentication to use one of the following:

Note: For information on using the host for other Kerberos-related purposes, such as hosting other Kerberos applications or services, see the relevant sections on kadmin, ktutil and krb5.conf in the Solaris 10 System Administration Guide: Security Services.