4.2. Configuring Client Authentication

4.2. Configuring Client Authentication

Procedure 4.1. To configure client authentication on AIX:

  1. Ensure that NTP is correctly configured and enabled, and that time is synchronized between the client and the Red Hat Enterprise IPA server.

  2. Edit the krb5.conf file as follows to configure Kerberos: 

    [libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
	kdc = ipaserver.example.com:88
	admin_server = ipaserver.example.com:749
	}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

[appdefaults]
kinit = {
	forwardable = true
	}

The Kerberos configuration includes specifying the realm and domain details, and default ticket attributes. Forwardable tickets are configured by default, which facilitates connection to the administration interface from any operating system, and also provides for auditing of administration operations.