6.2 Using the Kerberize Tool to Kerberize User Objects
The kerberize tool creates the krbPrincipalName attribute for eDirectory user objects, either with a default password (set in the configuration file) or it reads the Universal Password and sets the Kerberos key.The syntax for using the tool is as follows:
kerberize -t trustedcert -D userdn [-w passwd | -W] [-H ldapuri] [-f config-file] [-l logfile] [-c]
Table 6-1 Syntax for Kerberize tool
|
-t |
Trusted root certificate of the LDAP Server specified in DER or B64 format, for binding to it over SSL/TLS. If the extension is missing or different from these formats, then the file will be encoded in B64 format. |
|
-D |
DN of the administrator who have sufficient rights to modify the matching DNs and to associate the newly created principals to them. |
|
-w |
Password of the admindn for binding to LDAP Server. Usage of this option is not recommended. |
|
-W |
Prompt for the password. |
|
-H |
The URI of the LDAP Server. For example, "ldaps://acme.org:636". |
|
-f |
Path of the configuration file containing the required information to create and associate kerberos principals to matching DNs. The default value is "/etc/opt/novell/kerberos/conf/kerberize.conf". |
|
-l |
The path of the file for logging the information. The default value is "/var/opt/novell/kerberos/log/kerberize.log". |
|
-c |
Continuous operation mode. Errors are reported, but kerberize will continue with operations. The default is to exit after reporting an error. |
The binary is located at /opt/novell/kerberos/sbin.
-
Edit the kerberize.conf configuration file and specify the following details. The file is located at /etc/opt/novell/kerberos/conf/kerberize.conf.
-
Execute the kerberize tool with the configuration file as an input along with other required information to connect to LDAP server.
For example:
kerberize -D cn=eDir_administrator,o=org -H ldaps:// ldapserver.org:636 -t TurstedRootCert.der -f /etc/opt/novell/kerberos/conf kerberos.conf