Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
----------------------------------------------------------
1 host/pluto.mydomain.com@MYDOMAIN.COM
7. The HP-UX Secure Shell client and server must contain the Kerberos configuration file (/etc/
krb5.conf) that points to the KDC service. The /etc/krb5.conf file is a network
configuration file and does not contain any security-specific information. For a sample /etc/
krb5.conf configuration file, see Appendix B (page 100).
8. In the HP-UX Secure Shell client system, run the following command to invoke the KDC service
to obtain a ticket granting ticket (TGT).
# kinit <user_ID>
The Kerberos client prompts the Kerberos administrator for the Kerberos password:
Password for <user_ID>@krb_mc.realm:
Where:
<user_ID> specifies the user name.
If you enter the correct password, the Kerberos server provides the TGT to the client. By default,
the /usr/bin/kinit utility stores the TGT in the /tmp/krb5cc_<uid> file, which is the
default credentials cache. The <uid> specifies the decimal UID of the user. For more
information on the /usr/bin/kinit utility, see kinit(1).
If you have obtained the ticket, you can view the ticket by running the following command in
the client system:
# klist
Ticket cache: /tmp/krb5cc_01
Default principal: root@KRB_MC.REALM
Valid starting Expires Service principal
01/31/06 17:54:40 02/01/06 03:54:40 krbtgt/KRB_MC.REALM
9. To enable GSS API authentication, set the following directive in the /opt/ssh/etc/
sshd_config file in the HP-UX Secure Shell server and /opt/ssh/etc/ssh_config in
the HP-UX Secure Shell client:
GSSAPIauthentication yes
Set the following directive to yes to automatically destroy the credentials of the user on logout:
GSSAPICleanUpCredentials yes
10. To connect to the HP-UX Secure Shell client, run the following command from the HP-UX Secure
Shell server:
$ ssh user@remotehost -l <user_name> -o GSSAPIauthentication yes
Where:
remotehost Specifies the name of the server to which you want to connect.
user Specifies the user name using which you want to connect to the HP-UX Secure
Shell server.
The HP-UX Secure Shell client connects to the HP-UX Secure Shell server.
Configuring Kerberos Authentication 39