Configuring the Kerberos server with LDAP storage
You can setup Network Authentication Service kadmin and KDC servers for Kerberos integrated login using the mkkrb5srv command.
The variable values in Table 1 are used in the following example of how to configure Network Authentication Service server components with LDAP storage by using the mkkrb5srv command.
Variable Name | Variable Value |
---|---|
Realm_Name | MYREALM |
KDC_Server | kdcsrv.austin.ibm.com |
Domain_Name | austin.ibm.com |
Admin_Name | admin/admin |
LDAP server | kdcsrv.austin.ibm.com |
LDAP administrator name | cn=root |
LDAP administrator password | secret |
The following procedure is an example of how to configure Network Authentication Service server components with LDAP storage by using the mkkrb5srv command.
- Run the following command:
mkkrb5srv -r MYREALM -s kdcsrv.austin.ibm.com -d austin.ibm.com\ -a admin/admin -l kdcsrv.austin.ibm.com -u cn=root -p secret
- Verify that the KDC and kadmind servers have started by running
the following command:
ps -ef | grep -v grep | grep krb5
Running the mkkrb5srv command with LDAP produces results that are similar to running the command with the legacy database configuration. However, when LDAP is used, databases are not created on the local file system. Instead, a .kdc_ldap_data file is created in the /var/krb5/krb5kdc file to hold information about LDAP.
For additional information about usage, see the mkkrb5srv command.