Valid on z/OS.
Use the REALM keyword to define the local realm and foreign realms and their trust relationships with each other. Each organization wishing to run a Kerberos server establishes its own realm. The name of the realm in which a client (principal) is registered is part of the client's name. The application server can use this name to decide whether to honor an authentication request.
In a foreign realm, the REALMNAME contains the fully qualified name of both servers in the relationship. The realm name uses the following format:
/…/realm_1/KRBTGT/realm_2
Because the local realm is used to generate keys for the local principal, define your local realm to CA Top Secret before you define local principals. You define a local realm by creating an SDT REALM record with the realm name of KERBDFLT.
When used with local realm, this keyword has the following format:
TSS ADDTO(SDT) REALM(KERBDFLT)
REALMNAME('kerberos‑realm‑name')
MINTKTLF(min‑ticket‑life)
MAXTKTLF(max‑ticket‑life)
DEFTKTLF(default‑ticket‑life)
KERBPASS(kerberos‑password)
CHKADDRS
When used with the foreign realm, this keyword has the following format:
TSS ADDTO(SDT) REALM(realm‑label)
REALMNAME('fully‑qualified‑name')
KERBPASS(PASSWORD)
Reserved for the local realm SDT record. Specifies the eight‑character local realm.
Specifies the identity of the SDT REALM record for foreign realms. The name must be unique and can be up to eight alphanumeric characters. Any REALM name that is not KERBDFLT is assumed to be a foreign realm.
This keyword is used with:
This example creates the default realm record:
TSS ADDTO(SDT) REALM(KERBDFLT)
REALMNAME(LOCAL.CA.COM)
MINTKTLF(30)
MAXTKTLF(86400)
DEFTKTLF(36000)
KERBPASS(CHILDREN)
CHKADDRS
This example deletes the default realm record:
TSS REMOVE(SDT) REALM(KERBDFLT)
CHKADDRS
This example lists all REALM records in the SDT:
TSS LIST(SDT) REALM(ALL)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|