The figure below provides an overview of the communication between the client, application server and the KDC during authentication.
下面是一个概览图,展示了客户机、应用服务器和KDC在身份验证期间的通信。
The client principal name and client host principal name should be in the KDC database.
客户机主体名和客户机主机主体名必须在KDC数据库中。
If this error occurs, synchronize the clocks in the IDS client, server, and KDC machines.
如果发生这种错误,请在IDS客户机、服务器和KDC机器上同步时钟。
It must be run locally on the KDC as root and modifies the KDC databases directly.
它必须以根用户的身份在本地运行KDC,它可以直接更改KDC数据库。
The server service principal should exist in KDC database.
服务器服务主体应该在KDC数据库中。
Fix: Verify whether the server service principal name and client principal name are in the KDC database.
解决方案:检查服务器服务主体名和客户机主体名是否存储在KDC数据库中。
KDC then encrypts the ticket and sends the result to the client.
KDC然后加密票证并将加密结果发送给客户端。
Receiving the reply from KDC, client then decrypts the message using its own secret key.
客户端接收KDC的回复,然后使用自己的秘密密钥解密消息。
A client starts with sending a message to KDC to request a new ticket.
客户端首先向KDC发送一条消息,请求一个新的票证。
The client is working as expected, even when the master KDC is down.
即使在主kdc被关闭的情况下,客户机也能按预期工作。
This clearly indicates that some changes at the server side (KDC) are needed.
显然,这说明需要在服务器端(KDC)做一些修改。
In Listing 3, a sample configuration file is shown for KDC.
在清单3中,显示了一个KDC的示例配置文件。
The KDC administrator must add a server principal to the KDC database for each SSO-enabled IDS database server.
对于每个启用SSO的IDS数据库服务器,KDC管理员必须将一个服务器主体添加到KDC数据库。
The KDC configuration file holds information about the KDC; it is very important for the IBM NAS server daemons.
KDC配置文件包含关于KDC的信息;它对于IBMNAS服务器守护进程非常重要。
Most KDC servers present a setup option to allow the configuration of individual clients.
大多数KDC服务器有一个设置选项,可以对单独的客户机进行配置。
The next article in this series will demonstrate the steps for setting up a KDC server, sending the request to the KDC, getting the response, and processing it.
本系列的下一篇文章将展示设置KDC服务器、向 KDC发送请求、得到响应并对它进行处理的步骤。
The admin principals are KDC service principals that handle the administrative tasks.
管理员主体是处理管理任务的KDC服务主体。
The KDC maintains a database of secret keys.
KDC维护一个秘密密匙数据库。
Now configure the slave KDC with the two LDAP master servers and three LDAP replica servers.
现在,用两个ldap主服务器和三个LDAP副本服务器配置从KDC。
Since the slave KDC is meant for backing up the master KDC in an emergency, the slave KDC might need to use the read-write copy.
因为从KDC用于在紧急情况下替代主kdc,所以从KDC可能需要使用可读写拷贝。
These schema definitions are used by TDS for IBM NAS KDC and administration server lookup.
TDS使用这些模式定义进行IBMNASKDC和管理服务器的查找。
Please make sure that you have updated the client configuration file to reflect the slave KDC (only after deciding the KDC preference).
确保您已经对客户机配置文件进行了更新以反映从KDC(只在确定了 KDC首选参数后)。
The KAP involves three parties: client, server and KDC.
KAP涉及三方:客户端、服务器和KDC。
The KDC holds the passwords of all the principals in a realm.
KDC持有某个域中所有主体的密码。
Part 2 of this series covers how to upgrade the slave KDC to perform as a master KDC.
这是本系列的第2部分,介绍了如何将从KDC提升为主kdc。
The -e option specifies that it configures the slave KDC server.
选项- E指定配置的是从KDC服务器。
The master KDC is now configured with the two LDAP master servers.
主kdc现在配置了两个ldap主服务器。
Also make sure that the KDC is up and running.
另外,还要确保KDC正在运行。
The slave KDC is all set to assist the master KDC to handle the client requests.
从KDC被设置为帮助主 KDC处理客户机请求。
No need to propagate data from the master KDC to the slave KDC when configuring the slave KDC.
配置从KDC时,不需要将数据从主kdc传播到从kdc。
应用推荐