2.2 Configuring eDirectory for Novell Kerberos KDC
-
Export the trusted root certificate to /opt/novell/kerberos/Trustedroot.der
-
Extend the eDirectory schema by extending the /opt/novell/kerberos/schema/kerberos.ldif file as follows:
/opt/novell/eDirectory/bin/ldapmodify -D admin_dn -W -H ldapuri -f /opt/novell/kerberos/schema/kerberos.ldif -e trusted_root_certificate -c
For example:
/opt/novell/eDirectory/bin/ldapmodify -D cn=admin,o=mit -W -H ldaps://kerberos.mit.edu -f /opt/novell/kerberos/schema/kerberos.ldif -e /opt/novell/kerberos/Trustedroot.der -cYou can also extend the schema through Novell iManager as follows:
-
In Novell iManager, click the button
.
-
Select .
-
Click to extend the schema.
-
-
Configure Kerberos LDAP extensions on the eDirectory server.
-
Make sure that the Kerberos LDAP extensions are installed on the machine where eDirectory is installed.
The Kerberos LDAP extensions library libkrbpwd.so is installed in /opt/novell/eDirectory/lib/nds-modules.
-
Add the Kerberos LDAP extensions to eDirectory as follows:
kdb5_ldap_util [-D user_dn] [-w passwd] [-H ldapuri] [-t trusted_cert] ldapxtn_info -add|-clear
For example:
kdb5_ldap_util -D cn=admin,o=mit -w novell -H ldaps://kerberos.mit.edu -t /opt/novell/kerberos/Trustedroot.der ldapxtn_info -add
Make sure that you run this command on the machine where Kerberos client package (novell-kerberos-utilities) is installed.
-
Unload nldap:
/opt/novell/eDirectory/sbin/nldap -u
-
Load nldap:
/opt/novell/eDirectory/sbin/nldap -l
-
-
Configure the Kerberos Password Agent on the eDirectory server:
You need to configure the Kerberos Password Agent if you want to integrate universal password with Novell Kerberos KDC.
-
Make sure that the Password Agent package is installed on the machine where eDirectory is running.
-
Start the Kerberos Password Agent as follows:
/opt/novell/kerberos/sbin/kpa -l
-