To modify existing KDC server parameters, do the following:
- In the HMC Management pane, click the KDC Configuration task.
- Select a KDC Server.
- Select a value to modify:
- Realm. A realm is an authentication administrative domain. Normally,
realms always appear in upper case letters. It is good practice to create
a realm name that is the same as your DNS domain (in upper case letters).
A user belongs to a realm if and only if the user shares a key with the authentication
server of that realm. Realm names must be equivalent to the network domain
name if a service key file is installed on the HMC.
- Ticket Lifetime. Ticket lifetime sets the lifetime for credentials.
The format is an integer number followed by one of s seconds, m minutes, h hours,
or d days. Enter a Kerberos lifetime string such as 2d4h10m.
- Clock skew. Clock skew sets the maximum allowable amount of clock
skew between the HMC and the KDC server before Kerberos considers messages
invalid. The format is an integer number that represents number of seconds.
- Click OK.
Subscribe to this information