
Configuring the Kerberos Server with LDAP
Configuration Files for LDAP Integration
Chapter 6 77
The krb5_schema.conf File
A schema is a collection of object and attribute definitions that defines
the structure of the entries in a database. The krb5_schema.conf file is
the kerberos schema file that contains the object and attribute
definitions of the kerberos principal entries. LDAP objects are
standardized in order to provide interoperability with a variety of
directory services servers. The krb5_schema.conf file defines the
default_objcls_attr This line specifies the mandatory
attribute of the default object
Example: uid
When the Kerberos server creates
a default object it uses the first
attribute specified in this field, as
the naming attribute. When
adding a principal, an error
message is displayed if duplicate
entries are found.
You can change the default
settings of the naming attribute
by changing the order of entries in
the krb5_ldap.conf file. Save
these changes and restart the
Kerberos server application.
proxy_user This line specifies the DN of the
proxy user. The Kerberos server
binds to the Directory server as
the proxy user. The proxy user
must have the appropriate
privileges to create, modify and
delete Kerberos principals.
Example: cn=Anne
Table 6-2 krb5_ldap.conf File Format (Continued)
Parameter Description