Windows Native Authentication

On your UNIX server you will need to configure a file called "krb5.conf". This file is in different locations depending on which operating system you are using. In Solaris this file is located in the /etc/krb5 directory. In Red Hat Linux the file is located in the /etc directory. This file may not exist at all on your server. If so create it. Here is a sample of what the file should look like:

[libdefaults]
default_realm = ACME.COM
[realms]
ACME.COM = {
kdc = dude.us.oracle.com:88
}
[domain_realm]
.us.oracle.com = ACME.COM

In this example "ACME.COM" represents the default realm in the AD server.

"kdc" is equal to the fully qualified domain name (FQDN) of the AD server. You might expect the default realm and the kdc to have the same domain name but this is not mandatory. The default realm is the Active Directory realm and usually contains the same root domain as your FQDN but it is not mandatory for these to be the same in AD

Optionally you may specify the Kerberos port number of the AD server at the end of the "kdc" line. In our example the Kerberos server is listening on port 88. I say optionally because you could leave the port number out of this file and instead configure your Kerberos listener port in the /etc/services file which is on your UNIX server. For example:

kerberos  88/udp   kdc  # Kerberos key server
kerberos  88/tcp   kdc  # Kerberos key server

On the last line of this file you need to set the DNS domain name for your SSO server. In the example above this is set to ".us.oracle.com". The value on the right side of the "=" sign is the default realm in the AD server.

Next we need to verify the clocks on both your SSO server and the AD server are in sync. This includes the time, date, and time zone settings. If you ignore this step, authentication fails because of clock skew errors.