The is used to perform all processing related to SASL GSSAPI authentication using Kerberos V5. 1.3.6.1.4.1.26027.1.2.48 ds-cfg-gssapi-sasl-mechanism-handler ds-cfg-sasl-mechanism-handler org.opends.server.extensions.GSSAPISASLMechanismHandler Specifies the realm that should be used for GSSAPI authentication. Specifies the realm that should be used by the server for GSSAPI authentication. If this is not provided, then the server will attempt to determine the realm from the Kerberos configuration of the underlying system. Changes to this configuration attribute will take effect immediately. The server will attempt to determine the realm from the underlying system configuration. 1.3.6.1.4.1.26027.1.1.86 ds-cfg-realm Specifies the address of the KDC that should be used for Kerberos processing. Specifies the address of the KDC that should be used for Kerberos processing. If provided, this should be a fully-qualified DNS-resolvable name. If this is not provided, then the server will attempt to determine the KDC address from the Kerberos configuration of the underlying system. Changes to this configuration attribute will take effect immediately. The server will attempt to determine the KDC address from the underlying system configuration. 1.3.6.1.4.1.26027.1.1.45 ds-cfg-kdc-address Specifies the path to the keytab file that should be used for Kerberos processing. Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this should be either an absolute path or one that is relative to the server instance root. If this is not provided, then the server will attempt to use the default keytab from the underlying system configuration. Changes to this configuration attribute will take effect immediately. The server will attempt to use the system-wide default keytab. 1.3.6.1.4.1.26027.1.1.46 ds-cfg-keytab Specifies the fully-qualified domain name for the system. Specifies the DNS-resolvable fully-qualified domain name for the system. If this is not provided, then the server will attempt to determine this dynamically. Changes to this configuration attribute will take effect immediately. The server will attempt to dynamically determine the fully-qualified domain name. 1.3.6.1.4.1.26027.1.1.115 ds-cfg-server-fqdn Specifies the DN of the identity mapper to use. Specifies the DN of the configuration entry for the identity mapper that should be used to match the Kerberos principal to a user entry. cn=identity mappers,cn=config 1.3.6.1.4.1.26027.1.1.148 ds-cfg-identity-mapper-dn