Инструкции для HP (Hewlett-Packard) E0905

Содержание

• Kerberos Server Version 3.1 Administrator’s Guide

  1
• 1 Overview

  23
  • Introduction

    25
  • How the Kerberos Server Works

    26
  • authentication

    27
  • DES Versus 3DES Key Type Settings

    31
  • Introduction to LDAP

    32
    • LDAP Advantages

      32
    • Integrating Kerberos Server v3.1 with LDAP

      33
      • How is the Kerberos Principal Integrated in to the LDAP Directory?

        34
• 2 Installing the Kerberos Server v3.1

  35
  • Prerequisites

    37
  • System Requirements

    38
    • Hardware Requirements

      38
    • Software Requirements

      38
      • Version Compatibility

        38
  • Installing the Server

    39
• 3 Migrating to a Newer Version of the Kerberos Server

  41
  • Migrating from Kerberos Server Version 1.0 to 3.0

    43
  • Migrating from Kerberos Server Version 2.0 to Version 3.0

    47
  • Migrating from Kerberos Server Version 3.0 to Version 3.1

    49
• 4 Interoperability with Windows 2000

  51
  • Understanding the Terminology

    53
  • Kerberos Server and Windows 2000 Interoperability

    55
  • Establishing Trust Between Kerberos Server and Windows 2000

    56
  • Single Realm (Domain) Authentication

    58
  • Interrealm (Interdomain) Authentication

    59
  • Special Considerations for Interoperability

    60
    • Database Considerations

      60
    • Encryption Considerations

      60
    • Postdated Tickets

      60
• 5 Configuring the Kerberos Server With C-Tree Backend

  63
  • Configuration Files for the Kerberos Server

    64
    • The

      65
      • krb.conf Format

        65
    • The

      66
      • The

        67
  • Autoconfiguring the Kerberos Server

    69
    • Configuring the Kerberos Server with C-Tree

      71
• 6 Configuring the Kerberos Server with LDAP

  73
  • Configuration Files for LDAP Integration

    74
    • The krb5_ldap.conf File

      74
      • The

        75
    • The

      77
      • The

        78
    • The

      81
      • The

        81
  • Planning Your LDAP Configuration

    83
    • Before You Begin

      83
  • Setting up Your LDAP Configuration

    84
  • Autoconfiguring the Kerberos Server With LDAP Integration

    88
    • Configuring the Kerberos Server with LDAP

      88
  • Manually Configuring the Kerberos Server with LDAP

    92
    • Edit the Configuration Files

      92
• 7 Configuring the Primary and Secondary Security Server

  95
  • Configuring the Primary Security Server

    96
    • Create the Principal Database After Installation

      96
    • Add an Administrative Principal

      97
      • To add an Administrative Principal Using the HP Kerberos Administrator

        97
      • To Add an Administrative Principal Through the Command Line

        98
    • Create the host/<fqdn> Principal and Extracting the Service Key

      98
    • Start the Kerberos Daemons

      99
    • Define Secondary Security Server Network Locations

      100
  • Security Policies

    101
    • Password Policy File

      101
    • The admin_acl_file

      101
  • Starting the Security Server

    102
  • Configuring the Secondary Security Servers with C-Tree

    103
    • Creating the Principal Database

      103
    • Copying the Kerberos Configuration File

      103
    • Creating a host/<fqdn> Principal and Extracting the Key

      104
  • Configuring the Secondary Security Servers with LDAP

    105
    • Copying the Kerberos Configuration File

      105
    • Creating a stash file using the

      105
  • Using Indexes to Improve Database Performance

    107
• 8 Administering the Kerberos Server

  109
  • Administering the Kerberos Database

    111
  • The kadmind Command

    112
  • The admin_acl_file File

    113
    • Assigning Administrative Permissions

      114
    • Adding Entries to admin_acl_file

      116
    • Creating Administrative Accounts

      117
    • Using Restricted Administrator

      117
      • How the r/R Modifiers Work

        117
  • Password Policy File

    119
    • Editing the Default File

      119
  • Principals

    121
    • Adding User Principals

      123
    • Adding New Service Principals

      123
      • Reserved Service Principals

        124
        • K/M@REALM:

          124
        • default@REALM:

          125
        • krbtgt/REALM@REALM:

          125
        • kadmin/REALM@REALM:

          126
        • kadmin/changepw@REALM:

          126
        • kcpwd/REALM@REALM:

          126
        • host/fqdn@REALM:

          126
      • Removing User Principals

        127
      • Removing Special Privilege Settings

        127
      • Protecting a Secret Key

        128
      • Removing Service Principals

        128
  • The kadmin and kadminl Utilities

    130
    • Administration Utilities

      131
  • HP Kerberos Administrator

    132
    • Standard Functionality of the Administrator

      133
  • Local Administrator – kadminl_ui

    134
    • Using kadminl_ui

      134
  • Principals Tab

    136
  • General Tab (Principal Information Window)

    139
  • Adding Principals to the Database

    143
    • Adding Multiple Principals with Similar Settings

      145
  • Creating an Administrative Principal

    146
  • Searching for a Principal

    149
  • Deleting a Principal

    151
  • Loading Default Values for a Principal

    152
  • Restoring Previously Saved Values for a Principal

    153
  • Changing Ticket Information

    154
  • Rules for Setting Maximum Ticket Lifetime

    155
  • Rules for Setting Maximum Renew Time

    156
  • Changing Password Information

    158
  • Password Tab (Principal Information Window)

    160
    • Change Password Window (Password Tab)

      162
  • Changing a Key Type

    165
    • Changing a DES-CRC or DES-MD5 Principal Key Type to 3DES

      165
  • Changing Principal Attributes

    167
  • Attributes Tab (Principal Information Window)

    168
  • LDAP Attributes Tab (Prinicpal Information Window)

    175
  • Deleting a Service Principal

    177
  • Extracting Service Keys

    178
  • Extracting a Service Key Table

    180
  • Using Groups to Control Settings

    182
    • Editing the Default Group

      182
  • Group Information Window (Principal Information Window)

    184
    • Principal Attributes

      186
      • Setting the Default Group Principal Attributes

        186
      • Default Principal Attributes

        186
  • Setting Administrative Permissions

    188
  • Administrative Permissions

    189
  • Realms Tab

    193
    • Realm Information Window

      195
  • Adding a Realm

    196
  • Deleting a Realm

    197
  • Remote Administrator – kadmin_ui

    198
  • Manual Administration Using kadmin

    202
    • Adding a New Principal

      204
    • Adding a Random Key

      205
    • Specifying a New Password

      205
    • Changing Password to a New Randomly Generated Password

      206
    • Deleting a Principal

      206
    • Extracting a Principal

      207
    • Listing the Attributes of a Principal

      208
    • Modifying a Principal

      208
      • Number of Authentication Failures (

        209
      • Key Version Number Attribute

        210
      • LDAP DN

        210
      • Policy Name

        211
      • Attributes

        211
      • Allow Postdated Attribute

        211
      • Allow Renewable Attribute

        212
      • Allow Forwardable Attribute

        213
      • Allow Proxy Attribute

        214
      • Allow Duplicate Session Key Attribute

        215
      • Require Preauthentication Attribute

        216
      • Require Password Change Attribute

        216
      • Lock Principal Attribute

        217
      • Allow As Service Attribute

        218
      • Require Initial Authentication Attribute

        219
      • Set As Password Change Service Attribute

        220
      • Password Expiration Attribute

        221
      • Principal Expiration Attribute

        222
        • Maximum Ticket Lifetime Attribute

          222
        • Maximum Renew Time Attribute

          223
      • Key Type Attribute

        223
        • Salt Type Attribute

          223
  • Principal Database Utilities

    224
  • Kerberos Database Utilities

    225
    • Database Encryption

      227
    • Database Master Password

      228
  • Destroying the Kerberos Database

    229
  • Dumping the Kerberos Database

    231
  • Loading the Kerberos Database

    232
  • Stashing the Master Key

    233
  • Starting and Stopping Daemons

    235
  • Maintenance Tasks

    236
    • Protecting Security Server Secrets

      236
      • host/fqdn@REALM

        236
      • Master Password

        236
    • Backing Up primary security server Data

      237
      • Backing Up the Principal Database

        237
  • Removing Unused Space from the Database

    239
• 9 Propagating the Kerberos Server

  241
  • Propagation Hierarchy

    243
    • Propagation Relationships

      243
  • Service Key Table

    244
    • Maintaining Secret Keys in the Key Table File

      244
      • Extracting a Key to the Service Key Table File

        244
      • Creating a New Service Key Table File

        245
      • Deleting Older Keys from the Service Key Table File

        245
  • Propagation Tools

    246
  • The kpropd Daemon

    248
  • The mkpropcf Tool

    249
  • The kpropd.ini File

    251
    • Sections

      252
      • The [default_values] Section

        252
      • The [secsrv_name] Section

        254
      • Examples

        255
  • The prpadmin Administrative Application

    257
  • Setting Up Propagation

    258
  • Monitoring Propagation

    263
    • Monitoring the Log File

      263
      • Critical Error Messages

        263
      • Monitoring Propagation Queue Files

        264
      • Monitoring Old File Date and Large File Size

        264
      • Updating the principal.ok Time Stamp

        265
      • Comparing the Database to Its Copies

        265
      • The kdb_dump Utility

        267
    • Restarting Propagation Using a Simple Process

      268
    • Restarting Propagation Using the Full Dump Method

      268
    • Propagation Failure

      269
    • Converting a secondary security server to a primary security server

      270
    • Restarting Services

      271
    • Cleaning the Temp Directory

      271
  • Configuring Multirealm Enterprises

    272
    • Number of Realms per Database

      272
    • primary security servers Supporting Multiple Realms

      272
    • Multiple primary security servers Supporting a Single Realm

      273
    • Adding More Realms to a Multirealm Database

      273
    • database propagation

      274
• 10 Managing Multiple Realms

  275
  • Considering a Trust Relationship

    277
    • one-way trust

      277
    • two-way trust

      277
    • hierarchal trust

      278
    • Other Types of Trust

      278
  • Configuring Direct Trust Relationships

    279
  • Hierarchical Interrealm Trust

    281
    • Hierarchical Chain of Trust

      281
    • Hierarchical Interrealm Configuration

      282
      • Configuring the Local Realm

        284
      • Configuring the Intermediate Realm

        285
      • Configuring the Target Realm

        286
• 11 Troubleshooting

  289
  • Characterizing a Problem

    291
  • Diagnostic Tools Summary

    293
  • Troubleshooting Kerberos

    294
    • Error Messages

      294
    • Logging Capabilities

      294
      • UNIX

        295
    • Services Checklist

      296
    • Troubleshooting Techniques

      296
  • General Errors

    303
    • Forgotten Passwords

      303
    • Locking and Unlocking Accounts

      304
    • clock synchronization

      304
  • User Error Messages

    305
    • Decrypt Integrity Check Failed

      305
    • Password Has Already Been Used or Is Too Close to Current One

      305
  • Administrative Error Messages

    306
    • Password Has Expired While Getting Initial Ticket

      306
    • Service Key Not Available While Getting Initial Ticket

      306
  • Reporting Problems to Your HP Support Contact

    308
  • The services File

    317