Setting Up Your Environment for Policies 10-51 ■ oraclewss11_kerberos_token_with_message_protection_client_policy ■ oraclewss11_kerberos_token_with_message_protection_service_policy ■ oraclewss11_kerberos_token_with_message_protection_basic128_client_policy ■ oraclewss11_kerberos_token_with_message_protection_basic128_service_policy You may also create a policy using the following assertion templates: ■ oraclewss11_kerberos_token_client_template ■ oraclewss11_kerberos_token_service_template ■ oraclewss11_kerberos_token_with_message_protection_client_template ■ oraclewss11_kerberos_token_with_message_protection_service_template See Appendix C, Predefined Assertion Templates and Appendix B, Predefined Policies for more information on these assertions and policies. Configuring the KDC Follow the steps described in this section to configure the Key Distribution Center KDC for use by the Web service client and Web service. You can also use Microsoft Active Directory with KDC. See Using Active Directory with Kerberos and Message Protection on page 10-55. Initializing and Starting the MIT Kerberos KDC Initialize KDC database. For example, on UNIX you might run the following command as root, where oracle.com is your default realm: root usrkerberossbinkrb5_util -r oracle.com -s Start the kerberos service processes. For example, on UNIX you might run the following commands as root.: root usrkerberossbinkrb5kdc root usrkerberossbinkadmind Creating Principals Create two accounts in the KDC user registry. The first account is for the end user; that is, the Web service client principal. The second account is for the Web service principal. One way to create these accounts is with the kadmin.local tool, which is typically provided with MIT KDC distributions. For example: sudo su - become root cd usrkerberossbinkadmin.local kadmin.localaddprinc fmwadmin -pw welcome1 kadmin.local addprinc SOAPmyhost.oracle.com -randkey kadmin.locallistprincs to see the added principals The Web service principal name SOAPmyhost.oracle.com is shown in the example as being created with a random password. The Web service principals use keytables a file that stores the service principal name and key to log into Keberos System. Using a random password increases security.