ldap-KerberosConfigurationTool
In
krb5.conf) or to create a new one.
Basic Krb5 Conf Editor
Kerberos authentication requires the ability to acquire Kerberos tickets that can be forwarded. The editor allows you to enable
and disable the Forwardable property.
Figure 6. Basic Krb5 Conf Editor
| Property | Value | Description |
|---|---|---|
| Forwardable | true (default), false |
Enables and disables forwarding of Kerberos tickets. |
| Kdc Timeouts | 30 (default) | Required for redundant server support, specifies the length of time the station attempts to connect to the key distribution center before failing the connection attempt. |
| Kdc Max Retries | 3 (default) | Required for redundant server support, specifies the maximum number of times the station attempts to connect to one key distribution center before to the next one. |
NOTE: Values entered for the
Kdc Timeouts and Kdc Max Retries properties should be tailored to your specific scenario based on how long successful kdc connections generally take and when
to configure the the cut-off time after which the connection is considered to have failed. As with the connection timeout
above, this time needs to be not too short to cause false connection failures, but not so long as to cause excessive delays
when a server is down.
Advanced Krb5 Conf Editor
On a Windows host, the primary location for the file is: NIAGARA_HOME/security/krb5.conf. Only if this file is missing would you fall back to the Java krb.conf or operating system specific krb.conf/ini.
On a Linux host the file location is: /etc/krb5.conf.
NOTE: If you are working with Linux, some systems may require a more advanced krb5.conf file. If that is the case, have your Kerberos administrator set up this file for you.
Figure 7. Advanced Krb5 Conf Editor
The file requires only the two lines contained in this view.