gww wrote: >> ABSTRACT >> -------- >> >> Some customers find the manual way of configuring Key Distribution >> Center >> (KDC) servers tedious and is prone to error for them. This represents >> dissatisfaction and increase in support costs to Sun. But more >> importantly, >> administrators have come to expect simple interfaces for configuring >> servers. >> >> This project will provide a CLI to administrators for configuring >> Kerberos Key Distribution Center (KDC) servers. The CLI will supply >> options for configuring a master KDC and slave KDC. >> >> PROPOSAL >> -------- >> >> This will be implemented in a scripting language (ksh) that will >> make calls to Kerberos utilities to configure the master and slave >> KDC servers. These Kerberos and system utilities include: >> >> kdb5_util(1M) > > Though I see no mention of it in this case, I presume > this new command will be added to the appropritat Rights Profile > (Kerberos Server Management?).
Yes, this can be implemented. >> kadmin(1M) >> kadmin.local(1M) >> svcadm(1M) > > Speaking of Rights Profiles, it seems that appropriate privileges > are not provided to manage the services. Please log a P3 bug > or fix with this change. This will be fixed in the changes for: 6396157 svc:/system/network/krb5kdc needs service level properties for config >> The utility needs to be run as root on the server from which >> it is >> invoked. Note that kdcmgr requires the user to enter sensitive > > Can we please stop talking about Root and start talking about > RBAC. RBAC has been shipping since S8. Done. >> -p pwfile >> >> Provides the location of the password file that contains >> the password >> used to create the administrative principal and/or master >> key. >> >> WARNING: This option should be used with great care to >> make sure >> that this pwfile is accessible only by the root user and >> on a > > Ditto. How about "... is accessible only to authorized users and ..." Done. >> local file system. Once the KDC has been configured >> removal of >> the file should be performed. -- Shawn.
