Novell Documentation: Novell Kerberos Login Method for NMAS

Managing the Kerberos Realm Object

This section discusses the following:

Creating a New Realm Object

In iManager, click Kerberos Management > New Realm to open the New Realm page.
Specify a name for the Kerberos realm that is to be created.

The realm name must be the same as the one with which you want to configure this Login Method and must conform to the RFC 1510 conventions.
Specify a master password for the realm and confirm the password.
Select the key type that is to be used for generating the master key for this realm.

The available key types are DES-CBC-CRC, DES-CBC-MD5, and DES3-CBC-MD5.

The default is DES3-CBC-MD5.
Select the encryption types for this realm:
1. Select the supported encryption types.
2. Select the default encryption type.
The available encryption types are DES-CBC-CRC, DES-CBC-MD5, and DES3-CBC-MD5.

The default value is DES-CBC-CRC.

NOTE: The selected default encryption type must be present in the Supported Encryption type list.
Specify the subtree you want the Kerberos realm to be configured with or use the Object Selector icon to select it.

This is the FDN of the subtree or the container that contains the eDirectory service principals of this realm. This subtree is not applicable to user principals (Foreign Principal names).

If you do not select a subtree or a container, the root of the tree is used as the default.
Specify the scope of the subtree search:
- One-level: Searches the immediate subordinates of the realm subtree.
- Subtree: Searches the entire subtree starting with, and including the realm subtree.
Specify the KDC service that serves this realm or use the Object Selector icon to select it.

NOTE: If you have not created a KDC Service Object, leave this field blank. You can create one using Creating a New KDC Service Object and associate it with this realm. This will automatically update the KDC service entry for this realm.
Click OK.

Editing a Realm Object

This task helps you modify the attribute values of the existing Realm object.

In iManager, click Kerberos Management > Edit Realm to open the Edit Realm page.
Specify a name for the Kerberos realm that is to be edited.
Click OK.
Select the encryption types for this realm:
1. Select the supported encryption types.
2. Select the default encryption type.
The available encryption types are DES-CBC-CRC, DES-CBC-MD5, and DES3-CBC-MD5.

The default value is DES-CBC-CRC.

NOTE: The selected default encryption type must be present in the Supported Encryption type list.
Specify the subtree you want the Kerberos realm to be configured with or use the Object Selector icon to select it.

This is the FDN of the subtree or the container that contains the eDirectory service principals of this realm. This subtree is not applicable to user principals (Foreign Principal names).

If you do not select a subtree or a container, the root of the tree is used as the default.
Specify the scope of the subtree search.
- One-level: Searches the immediate subordinates of the realm subtree.
- Subtree: Searches the entire subtree starting with, and including the realm subtree.
Specify the KDC service that serves this realm or use the Object Selector icon to select it.

NOTE: If you have not created a KDC Service Object, you can create using Creating a New KDC Service Object and associate with this realm. This will automatically update the KDC service entry for this realm.
Click OK.
(Optional) To edit another realm, click Repeat Task.

Deleting a Realm Object

This task helps you delete existing Kerberos realms.

In iManager, click Kerberos Management > Delete Realm to open the Delete Realm page.
Select the realms that are to be deleted.

To select multiple realms, press Shift and select the realms or press Shift + Arrow keys.
Click OK.
Click OK again to confirm the delete operation or click Cancel to cancel the delete operation.