Configuring The Keytab File; Adding The Identity Server To The Forward Lookup Zone - Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual
Identity server guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010:
- Manual (264 pages) ,
- User manual (58 pages) ,
- Manual (192 pages)
Table of Contents
Advertisement
5.2.3 Configuring the Keytab File
The keytab file contains the secret encryption key that is used to decrypt the Kerberos ticket. You
need to generate the keytab file and copy it to the Identity Server.
1 On the Active Directory server, open a command window and enter a
the following parameters:
ktpass /out value /princ value /mapuser value /pass value
The command parameters require the following values:
Parameter
Value
/out
<outputFilename>
/princ
<servicePrincipalName>
@<KERBEROS_REALM>
/mapuser
<identityServerUser>@<AD_DOM
AIN>
/pass
<userPassword>
For this configuration example, you would enter the following command to create a keytab file
named
:
nidpkey
ktpass /out nidpkey.keytab /princ HTTP/amser.provo.novell.com@AD.
NOVELL.COM /mapuser amser@AD.NOVELL.COM /pass novell
2 Copy the keytab file to the Identity Server.
Copy the file to the default location on the Identity Server:
Linux:
/opt/novell/java/jre/lib/security
Windows Server 2003:
Windows Server 2008:
3 If the cluster contains multiple Identity Servers, copy the keytab file to each member of the
cluster.
5.2.4 Adding the Identity Server to the Forward Lookup Zone
1 In Manage Your Server on your Windows server, click Manage this DNS server.
2 Click Forward Lookup Zone.
3 Click the Active Directory domain.
4 In the right pane, right click, and select New Host (A).
5 Fill in the following fields:
Name: Specify the hostname of the Identity Server.
Description
Specify a name for the file, with
the extension. For example:
Specify the service principal name for the
Identity Server, then @, followed by the
Kerberos realm. The default value for the
Kerberos realm is the Active Directory domain
name in all capitals. The Kerberos realm value
is case sensitive.
Specify the username of the Identity Server
user and the Active Directory domain to which
the user belongs.
Specify the password for this user.
C:\Program Files\Novell\jre\lib\security
C:\Program Files (x86)\Novell\jre\lib\security
command with
ktpass
.keytab
nidpkey.keytab
Configuring for Kerberos Authentication 163
as
Advertisement
Table of Contents
Troubleshooting
Subscribe to Our Youtube Channel
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 and is the answer not in the manual?
Questions and answers