Input Name	Range	Type	Description
desired-attributes		kerberos-config-info optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..200]	integer optional	The maximum number of records to return in this call. Default: 50
query		kerberos-config-info optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the kerberos-config object. All kerberos-config objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		kerberos-config-info[] optional	The list of attributes of kerberos-config objects.
next-tag		string optional	Tag for the next call. Not present when there are no more kerberos-config objects to return.
num-records	[0..200]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Create a new Kerberos realm configuration.

Input Name	Range	Type	Description
ad-server-ip		ip-address optional	IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft'.
ad-server-name		string optional	Host name of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft'
admin-server-ip		ip-address optional	IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC. If this parameter is omitted, the IP address specified in kdc-ip is used. If specified, this should be the same as the kdc-ip if the kdc-vendor is 'microsoft'.
admin-server-port	[1..65535]	integer optional	The TCP port on the Kerberos administration server where the Kerberos administration service is running. The default for this parmater is 749.
clock-skew	[0..2^32-1]	integer optional	The clock skew in minutes is the tolerance for accepting tickets with time stamps that do not exactly match the host's system clock. The default for this parameter is 5 minutes.
comment		string optional	Comment
config-name		string	Kerberos configuration name.
kdc-ip		ip-address	IP address of the Key Distribution Centre (KDC) server for this Kerberos realm.
kdc-port	[1..65535]	integer optional	TCP port on the KDC to be used for Kerberos communication. The default for this parameter is 88.
kdc-vendor		kdc-vendor	The vendor of the Key Distribution Centre (KDC) server. If the configuration uses a Microsoft Active Directory (AD) domain for authentication, this field should be 'microsoft'. Possible values: "microsoft" , "other"
password-server-ip		ip-address optional	IP address of the host where the Kerberos password-changing server is running. Typically, this is the same as the host indicated in the adminserver-ip. If this parameter is omitted, the IP address in kdc-ip is used.
password-server-port	[1..65535]	integer optional	The TCP port on the Kerberos password-changing server where the Kerberos password-changing service is running. The default for this parameter is 464.
realm		string	Kerberos realm name.
return-record		boolean optional	If set to true, returns the kerberos-realm on successful creation. Default: false
Output Name	Range	Type	Description
result		kerberos-realm optional	The kerberos-realm created (keys or the entire object if requested)

Errno	Description
EINTERNALERROR

Delete the Kerberos realm configuration.

Input Name	Range	Type	Description
config-name		string	Kerberos configuration name.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR

Retrieve the list of Kerberos realm configurations.

Input Name	Range	Type	Description
desired-attributes		kerberos-realm optional	Specify the attributes that should be returned. If not present, all attributes for which information is available will be returned. If present, only the desired attributes for which information is available will be returned.
max-records	[1..100]	integer optional	The maximum number of records to return in this call. Default: 20
query		kerberos-realm optional	A query that specifies which objects to return. A query could be specified on any number of attributes in the kerberos-realm object. All kerberos-realm objects matching this query up to 'max-records' will be returned.
tag		string optional	Specify the tag from the last call. It is usually not specified for the first call. For subsequent calls, copy values from the 'next-tag' obtained from the previous call.
Output Name	Range	Type	Description
attributes-list		kerberos-realm[] optional	The list of attributes of kerberos-realm objects.
next-tag		string optional	Tag for the next call. Not present when there are no more kerberos-realm objects to return.
num-records	[0..100]	integer	The number of records returned in this call.

Errno	Description
EINTERNALERROR

Modify the Kerberos realm configuration.

Input Name	Range	Type	Description
ad-server-ip		ip-address optional	IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft'.
ad-server-name		string optional	Host name of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft'
admin-server-ip		ip-address optional	IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC. If this parameter is omitted, the IP address specified in kdc-ip is used. If specified, this should be the same as the kdc-ip if the kdc-vendor is 'microsoft'.
admin-server-port	[1..65535]	integer optional	The TCP port on the Kerberos administration server where the Kerberos administration service is running. The default for this parmater is 749.
clock-skew	[0..2^32-1]	integer optional	The clock skew in minutes is the tolerance for accepting tickets with time stamps that do not exactly match the host's system clock. The default for this parameter is 5 minutes.
comment		string optional	Comment
config-name		string	Kerberos configuration name.
kdc-ip		ip-address optional	IP address of the Key Distribution Centre (KDC) server for this Kerberos realm.
kdc-port	[1..65535]	integer optional	TCP port on the KDC to be used for Kerberos communication. The default for this parameter is 88.
kdc-vendor		kdc-vendor optional	The vendor of the Key Distribution Centre (KDC) server. If the configuration uses a Microsoft Active Directory (AD) domain for authentication, this field should be 'microsoft'. Possible values: "microsoft" , "other"
password-server-ip		ip-address optional	IP address of the host where the Kerberos password-changing server is running. Typically, this is the same as the host indicated in the adminserver-ip. If this parameter is omitted, the IP address in kdc-ip is used.
password-server-port	[1..65535]	integer optional	The TCP port on the Kerberos password-changing server where the Kerberos password-changing service is running. The default for this parameter is 464.
realm		string optional	Kerberos realm name.

Errno	Description
EOBJECTNOTFOUND
EINTERNALERROR

IPv4 address in dotted notation as '192.168.125.123'

[none]

Kerberos Key Distribution Center (KDC) Vendor Possible values: "microsoft" , "other"

[none]

Kerberos configuration. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
admin-password		string optional	Administrator password. Attributes: non-creatable, modifiable
admin-user-name		string optional	Administrator username. Attributes: non-creatable, modifiable
interface-name		string optional	Logical interface. Attributes: key, non-creatable, non-modifiable
ip-address		string optional	Logical interface IP address. Attributes: non-creatable, non-modifiable
is-kerberos-enabled		boolean optional	If 'true', then kerberos security is enabled. Attributes: non-creatable, modifiable
keytab-uri		string optional	Load Keytab from URI. Attributes: non-creatable, modifiable
service-principal-name		string optional	Kerberos service principal name. Attributes: non-creatable, modifiable
vserver		string optional	Vserver name. Attributes: key, non-creatable, non-modifiable

Kerberos realm configuration specifies the locations of Key Distribution Center (KDC) servers and administration daemons for the Kerberos realms of interest. When returned as part of the output, all elements of this typedef are reported, unless limited by a set of desired attributes specified by the caller. When used as input to specify desired attributes to return, omitting a given element indicates that it shall not be returned in the output. In contrast, by providing an element (even with no value) the caller ensures that a value for that element will be returned, given that the value can be retrieved. When used as input to specify queries, any element can be omitted in which case the resulting set of objects is not constrained by any specific value of that attribute.

Name	Range	Type	Description
ad-server-ip		ip-address optional	IP Address of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft'. Attributes: optional-for-create, modifiable
ad-server-name		string optional	Host name of the Active Directory Domain Controller (DC). This is a mandatory parameter if the kdc-vendor is 'microsoft' Attributes: optional-for-create, modifiable
admin-server-ip		ip-address optional	IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC. If this parameter is omitted, the IP address specified in kdc-ip is used. If specified, this should be the same as the kdc-ip if the kdc-vendor is 'microsoft'. Attributes: optional-for-create, modifiable
admin-server-port	[1..65535]	integer optional	The TCP port on the Kerberos administration server where the Kerberos administration service is running. The default for this parmater is 749. Attributes: optional-for-create, modifiable
clock-skew	[0..2^32-1]	integer optional	The clock skew in minutes is the tolerance for accepting tickets with time stamps that do not exactly match the host's system clock. The default for this parameter is 5 minutes. Attributes: optional-for-create, modifiable
comment		string optional	Comment Attributes: optional-for-create, modifiable
config-name		string optional	Kerberos configuration name. Attributes: key, required-for-create, non-modifiable
kdc-ip		ip-address optional	IP address of the Key Distribution Centre (KDC) server for this Kerberos realm. Attributes: required-for-create, modifiable
kdc-port	[1..65535]	integer optional	TCP port on the KDC to be used for Kerberos communication. The default for this parameter is 88. Attributes: optional-for-create, modifiable
kdc-vendor		kdc-vendor optional	The vendor of the Key Distribution Centre (KDC) server. If the configuration uses a Microsoft Active Directory (AD) domain for authentication, this field should be 'microsoft'. Attributes: required-for-create, modifiable Possible values: "microsoft" , "other"
password-server-ip		ip-address optional	IP address of the host where the Kerberos password-changing server is running. Typically, this is the same as the host indicated in the adminserver-ip. If this parameter is omitted, the IP address in kdc-ip is used. Attributes: optional-for-create, modifiable
password-server-port	[1..65535]	integer optional	The TCP port on the Kerberos password-changing server where the Kerberos password-changing service is running. The default for this parameter is 464. Attributes: optional-for-create, modifiable
realm		string optional	Kerberos realm name. Attributes: required-for-create, modifiable

IPv4 address in dotted notation as '192.168.125.123'

[none]

Kerberos Key Distribution Center (KDC) Vendor Possible values: "microsoft" , "other"

[none]