Document Information
Preface
Part I Security Overview
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
11. Privileges (Tasks)
12. Privileges (Reference)
Part IV Solaris Cryptographic Services
13. Solaris Cryptographic Framework (Overview)
14. Solaris Cryptographic Framework (Tasks)
15. Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
17. Using PAM
18. Using SASL
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
Part VI Kerberos Service
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Kerberos Commands
Kerberos Daemons
Kerberos Terminology
How the Kerberos Authentication System Works
Gaining Access to a Service Using Kerberos
Using Kerberos Encryption Types
Using the gsscred Table
Notable Differences Between Solaris Kerberos and MIT Kerberos
Part VII Solaris Auditing
28. Solaris Auditing (Overview)
29. Planning for Solaris Auditing
30. Managing Solaris Auditing (Tasks)
31. Solaris Auditing (Reference)
Glossary
Index
|
Kerberos Files
Table 27-1 Kerberos FilesFile Name |
Description |
|---|
~/.gkadmin |
Default values for creating new principals in the SEAM Administration Tool |
~/.k5login
|
List of principals that grant access to a Kerberos account |
/etc/krb5/kadm5.acl |
Kerberos access control list
file, which includes principal names of KDC administrators and their Kerberos administration privileges |
/etc/krb5/kadm5.keytab
|
|
/etc/krb5/kdc.conf |
KDC configuration file |
/etc/krb5/kpropd.acl |
Kerberos database propagation configuration file |
/etc/krb5/krb5.conf |
Kerberos realm configuration file |
/etc/krb5/krb5.keytab |
Keytab file for
network application servers |
/etc/krb5/warn.conf |
Kerberos ticket expiration warning and automatic renewal configuration file |
/etc/pam.conf |
PAM configuration
file |
/tmp/krb5cc_uid |
Default credentials cache, where uid is the decimal UID of the user |
/tmp/ovsec_adm.xxxxxx
|
Temporary credentials cache for the lifetime of the password changing operation, where xxxxxx
is a random string |
/var/krb5/.k5.REALM |
KDC stash file, which contains a copy of the
KDC master key |
/var/krb5/kadmin.log |
Log file for kadmind |
/var/krb5/kdc.log |
Log file for the KDC |
/var/krb5/principal |
Kerberos principal database |
/var/krb5/principal.kadm5 |
Kerberos administrative
database, which contains policy information |
/var/krb5/principal.kadm5.lock |
Kerberos administrative database lock file |
/var/krb5/principal.ok |
Kerberos principal database initialization
file that is created when the Kerberos database is initialized successfully |
/var/krb5/principal.ulog |
Kerberos update log,
which contains updates for incremental propagation |
/var/krb5/slave_datatrans |
Backup file of the KDC that the
kprop_script script uses for propagation |
/var/krb5/slave_datatrans_slave |
Temporary dump file that is created when full
updates are made to the specified slave |
|
