Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
4. Identify a system where you must install the Kerberos server, and install the Kerberos server
software in that system. If you are installing the Kerberos server on an HP-UX system, see the
latest version of the Kerberos server software is available at: http://www.software.hp.com
Follow these steps to configure the Kerberos server:
a. Configure the Kerberos server. You can configure the Kerberos server either manually or
by using the /opt/krb5/sbin/krbsetup tool. For information about configuring the
Kerberos server, see the chapter Auto-Configuration of the Security Server and “Manual
Configuration Of The Kerberos Server” in Kerberos Server Version 3.12 Administrator’s
Guide available at: http://www.hp.com/go/hpux-security-docs
The following Kerberos server daemons are automatically started when you use the
/opt/krb5/sbin/krbsetup tool to configure the Kerberos server:
/opt/krb5/sbin/kadmind
/opt/krb5/sbin/kdcd
b. If you manually configured the Kerberos server, and if you have modified the Kerberos
configuration files, or if you have stopped the Kerberos server daemons, run the following
command to start or restart the Kerberos server daemons:
# /sbin/init.d/krbsrv start
To verify that these daemons are running, run the following commands in the Kerberos
Server:
# ps -ef grep kadmind
#ps -ef grep kdcd
The following output is displayed if the /opt/krb5/sbin/kadmind daemon is running:
root 769 1 0 Mar 17 ? 0:50 /opt/krb5/sbin/kadmind
root 4725 4708 1 12:44:20 pts/0 0:00 grep kadmind
The following output is displayed if the /opt/krb5/sbin/kdcd daemon is running:
root 477 1 0 Apr 27 ? 0:00 /opt/krb5/sbin/kdcd
root 26237 26219 2 15:36:39 pts/1 0:00 grep kdcd
c. The Kerberos administrator must create the user information (user ID and password) for
users. The Kerberos server contains the user ID and key created using the user’s password.
The Kerberos administrator must communicate the user information to individual users.
Users must know their Kerberos user ID and password. Based on the security policies of
your organization, the Kerberos administrator can choose any method to communicate
the user IDs and passwords, to users.
For more information about configuring the Kerberos server, see the Kerberos Server V
3.12 Administrator’s Guide available at: http://www.hp.com/go/hpux-security-docs
5. To connect to the HP-UX Secure Shell server, run the following command on the HP-UX Secure
Shell client:
# ssh <server_name> -l user_name
Where:
user_name specifies the name of the user in the HP-UX Secure Shell client system.
The HP-UX Secure Shell prompts for the Kerberos password.
6. Enter the Kerberos password at the password: prompt. If you enter the correct password,
the HP-UX Secure Shell client connects to the HP-UX Secure Shell server.
Configuring GSS-API Authentication
To configure GSS-API authentication, follow these steps:
Configuring Kerberos Authentication 37