You must synchronize the time on eDirectory, KDC, Administrator server, Password server, kerberized applications, and the client hosts.For information on synchronizing network time, refer to the Novell eDirectory 8.7.3 Administration Guide.
For installing iManager plug-ins:
For more information, refer to the Novell iManager 2.5 Administration Guide.
Download and untar the NovellKDC.tar.gz file from the Novell download site.
Execute the following command from the untarred_path/NovellKerberosKDC/setup directory:
./kdc-install
For more information on the installation and configuration, refer to the Novell Kerberos KDC Quick Start Guide available with the product.
When you install Kerberos Clients separately on a system, kadmin.local does not load. This happens because some dependent files are not installed.
To work around this problem, you need to manually install the novell-kerberos-base package available in the untarred_path/NovellKerberosKDC/setup directory as follows:
rpm -Uvh novell-kerberos-base-1.0.1.i386.rpm
To run kadmin.local, you need to export the LD_LIBRARY_PATH as follows:
export LD_LIBRARY_PATH=/opt/novell/kerberos/lib:/opt/novell/ lib:$LD_LIBRARY_PATH
Realm and Service principal names are case insensitive. Therefore, you cannot have two Realms or Service principals of the same name and different only in case.
Use kdb5_util to perform this operation (setsrvpw command)
eDirectory Login and Account policies are currently not enforced for Kerberos principals, except for Login Disabled, Login Expiration Time and Password Expiration Time.
The size of the Kerberos services (KDC, Administration Server, Password Server) log file cannot exceed 2 GB.
Realm creation using kdb5_util fails when a locality or a country object is made as the subtree for the realm. But, the realm can be created without setting the subtree and later modifying it to set a locality or country object as the subtree.
If the Password and Ticket Policy object is outside the subtree and is attached to a Principal or a Realm, then ensure that the KDC service, Admin service and Password service objects have sufficient rights over the Password and Ticket Policy object.
The Novell Kerberos KDC documentation is present at the Novell Documentation Website.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, TM, etc.) denotes a Novell trademark; an asterisk (*) denotes a third-party trademark.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
eDirectory is a registered trademark of Novell, Inc.
NMAS is a registered trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries.
SUSE is a registered trademark of SUSE LINUX AG, a Novell business.
All third-party trademarks are the property of their respective owners.
Copyright © 1985-2002 by the Massachusetts Institute of Technology. Export of software employing encryption from the United States of America may require a specific license from the United States Government. It is the responsibility of any person or organization contemplating export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original MIT software. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
The implementation of the Yarrow pseudo-random number generator in src/lib/crypto/yarrow has the following copyright:
Copyright 2000 by Zero-Knowledge Systems, Inc.
Permission to use, copy, modify, distribute, and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Zero-Knowledge Systems, Inc. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Zero-Knowledge Systems, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
ZERO-KNOWLEDGE SYSTEMS, INC. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL ZERO-KNOWLEDGE SYSTEMS, INC. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTUOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Kerberos V5 includes documentation and software developed at the University of California at Berkeley, which includes this copyright notice: Copyright © 1983 Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
Permission is granted to make and distribute verbatim copies of this manual provided the copyright notices and this permission notice are preserved on all copies.
Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the entire resulting derived work is distributed under the terms of a permission notice identical to this one.
Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions.