Configuring Schema-Free Directory Settings In Ilo - HP HPE iLO 5 User Manual

Table of Contents

Advertisement

Kerberos settings
Kerberos Authentication—Enables or disables Kerberos login. If Kerberos login is enabled and
configured correctly, the Zero Sign In button appears on the login page.
Kerberos Realm—The name of the Kerberos realm in which the iLO processor operates. This value
can be up to 128 characters. The realm name is usually the DNS name converted to uppercase
letters. Realm names are case-sensitive.
Kerberos KDC Server Address—The IP address or DNS name of the KDC server. This value can be
up to 128 characters. Each realm must have at least one Key Distribution Center (KDC) that contains
an authentication server and a ticket grant server. These servers can be combined.
Kerberos KDC Server Port—The TCP or UDP port number on which the KDC is listening. The
default value is 88.
Kerberos Keytab—A binary file that contains pairs of service principal names and encrypted
passwords. In the Windows environment, you use the ktpass utility to generate the keytab file.

Configuring schema-free directory settings in iLO

Prerequisites
Your environment meets the prerequisites for using this feature.
Procedure
1.
Click Security in the navigation tree, and then click the Directory tab.
2.
Select Use Directory Default Schema from the LDAP Directory Authentication menu.
3.
Set Local User Accounts to enabled if you want to use local user accounts at the same time as
directory integration.
4.
OpenLDAP users only: Enable Generic LDAP.
This setting is available only if Use Directory Default Schema is selected.
5.
For configurations with CAC/Smartcard authentication enabled, enter the CAC LDAP service account
and password in the iLO Object Distinguished Name CAC LDAP Service Account and iLO
Object Password boxes.
6.
Enter the FQDN or IP address of a directory server in the Directory Server Address box.
7.
Enter the directory server port number in the Directory Server LDAP Port box.
8.
Optional: Import a new CA certificate.
a. Click Import in the Certificate Status box.
b. Paste the Base64-encoded X.509 certificate data into the Import Certificate window, and then
click Import.
9.
Optional: Replace an existing CA certificate.
250
Kerberos settings

Advertisement

Table of Contents
loading

Table of Contents