Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 6 81
objectClasses: ( hpKrbKey-oid
NAME ’hpKrbKey’
DESC ’An structural object class used for configuring the
principal name of an associated principal entry.’ SUP top
STRUCTURAL MUST ( hpKrbPrincipalName ) MAY ( hpKrbKeyVersion $
hpKrbKeyData ) )
The krb5_map.conf File
The krb5_map.conf mapping file defines the mapping of the default
kerberos attributes to user defined attributes, to support the Kerberos
server schema. The Kerberos server uses this map file for translating
Kerberos attribute names to LDAP attribute names. Each entry in the
mapping file represents a translation for an attribute.
The krb5_map.conf file is automatically generated based on the input
provided by you while autoconfiguring the Kerberos server.
Alternatively, a sample file is available in the /opt/krb5/examples
directory. You can copy this file to the /opt/krb5 directory, and manually
edit it. HP recommends that you use the autoconfiguration tool to
generate this file.
This file must reside in the /opt/krb5 directory and must have the
following permissions:
-rw-r--r-- root 3
The krb5_map.conf File Format
Following is the format of the default mapping file:
hpKrbPrincipalName = hpKrbPrincipalName
hpKrbMaxTicketAge = hpKrbMaxTicketAge
hpKrbMaxRenewAge = hpKrbMaxRenewAge
hpKrbAccountExpires = hpKrbAccountExpires
hpKrbPasswordExpireTime = hpKrbPasswordExpireTime
hpKrbPwdLastSet = hpKrbPwdLastSet
hpKrbLastLogon = hpKrbLastLogon
hpKrbBadPasswordTime = hpKrbBadPasswordTime
hpKrbBadPwdCount = hpKrbBadPwdCount
hpKrbModifiersName = hpKrbModifiersName
hpKrbModifyTimestamp = hpKrbModifyTimestamp
hpKrbAttributes = hpKrbAttributes
hpKrbPolicyName = hpKrbPolicyName
