Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software

341

342

343

344

345

346

347

348

349

350

350 Chapter 11

Secure Internet Services

Overview of the Secure Environment and the Kerberos V5 Protocol

• The HP P/SS can be conﬁgured to run with security clients using the

Secure Internet Services and fulﬁll the role of the KDC. An HP P/SS

security server node runs the HP P/SS security daemon secd. This

node can be conﬁgured as the only member of a single-node P/SS

domain, or as a member of a multi-node domain with HP P/SS clients.

For more information on how to conﬁgure an HP P/SS, see Planning

and Conﬁguring Praesidium/Security Service.

The HP P/SS security server is shown as node F in Figure 11-2.

• The Non-HP Kerberos V5 KDC can be conﬁgured to run with security

clients using the Secure Internet Services. A non-HP Kerberos V5

KDC is any non-HP KDC that implements the Kerberos V5 protocol

(described in RFC 1510).

For more information, refer to your KDC provider’s documentation.

The Non-HP Kerberos V5 KDC is shown as node G in Figure 11-3.

Types of Security Clients Using Secure Internet

Services

• The HP DCE client is a node conﬁgured into a DCE cell using the

dce_config utility. The HP DCE ﬁle set DCE-Core.DCE-CORE-RUN,

which is automatically installed, must be conﬁgured on this client.

The HP Secure Internet Services mechanism must be enabled on this

client.

The Kerberos utilities kinit, klist, and kdestroy are supplied by

HP on this client. However, this client generally obtains credentials

using the dce_login command, rather than the Kerberos kinit

command. This client can use dcecp and other administrative tools

for Kerberos-related management tasks.

For more information, see Using HP DCE 9000 Security with

Kerberos Applications, available in postscript and ASCII form in the

directory /opt/dce/newconfig/RelNotes/ in the ﬁles

krbWhitePaper.ps and krbWhitePaper.text.

The HP DCE client is shown as node B in Figure 11-2.

• The HP P/SS client is a node conﬁgured into a P/SS domain using the

dess_config utility. The HP P/SS ﬁle set

DESS-Core.DESS-CORE-RUN, which is automatically installed, must

be conﬁgured on this client. The HP Secure Internet Services

mechanism must be enabled on this client.