2.2 Realm Container
The realm container stores the realm name and related realm information for Kerberos authentication, administration, and password management servers to process requests. This object contains the ticket policy, password policy, and principal objects, and internal principals such as krbtgt, kadmin/admin, kadmin/changepw, and kadmin/history.
2.2.1 Realm Container Attributes
The following table describes the realm container attributes:
Table 2-4 Realm Container Attributes
Realm name |
Name of the realm. This is unique within an eDirectory tree. |
Default encryption salt types |
The default encryption salt types supported by the realm. |
Master key |
Realm-specific master key. |
Search scope |
Scope for searching the principals under the specified subtree. |
Universal Password enabled |
Specifies whether to use the Universal Password of the user as the Kerberos password. |
Login policy enabled |
Specifies whether the login restrictions of the user must be enforced. |
2.2.2 Realm Container Associations
The following table describes the objects that you can associate the realm container to:
Table 2-5 Realm Container Associations
Subtrees |
Reference to container objects under which the principals of the realm are placed. |
Principal container reference |
Reference to the container under which the standalone principals are created. |
KDC servers |
List of references to the KDC service objects that can service the realm. |
Administration servers |
List of references to the administration service objects that can service the realm. |
Password servers |
List of references to the password service objects that can service the realm. |