A sample kerberize.conf file is provided in the /etc/opt/novell/kerberos/conf directory. You can use this configuration file to set the principal names and Kerberos passwords for eDirectory users.
NOTE:You can perform only add principal operation or remove principal operation at a time. You cannot perform both operations at the same time. If both operation types need to be performed, run the kerberize tool twice specifying add and then remove as the operation type in the configuration file.
[general]
no o foperations = 1
[operation-1]
principal-operation = add
realm = EXAMPLE.COM
base = ou=users,o=org
scope = sub
filter = (&(objectClass=inetOrgPerson)(cn=*))
principal-name = [^.]({cn}){sn}
password = {RAND}
# password = "mypasswd"
expire = 20080523110527Z
pwexpire = 20080124075345Z
# up = true
up = false
# policy = "cn=my-password-policy,o=org"
# tktpolicy = "cn=my-ticket-policy,o=org"
# set the following to 3 to process all the 3 overrides, set it to 2 for processing first 2 of them, etc.
noofoverrides = 0
override-1 = {
dn = cn=jsmith,ou=engineering,o=acme
principal-name = jsmith
password = secret1
}
override-2={
dn = cn=scarl,ou=kerberos,ou=finance,o=acme
principal-name = scarl
password = secret2
}
override-3={
dn = cn=john,u=kerberos,ou=engg,o=acme
principal-name = john
password = secret3
}
[operation-2]
# principal-operation = remove
# realm = EXAMPLE.COM
# base = ou=users,o=org
# scope = sub
# filter = (cn=*)
# principal-name = [^.]({cn}){sn}
[operation-n]
# principal-operation = add
# realm = TESTREALM
# base = ou=engr-unit,o=org
# scope = base
# filter = (&(objectClass=inetOrgPerson)(cn=*))
# principal-name = {sn}
# password = {RAND}