Manualshelf

Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
351352353354355356357358359360
Chapter 11 351
Secure Internet Services
Overview of the Secure Environment and the Kerberos V5 Protocol
The Kerberos utilities kinit, klist, and kdestroy are supplied by
HP on this client. However, this client generally obtains credentials
using the dess_login command, instead of the Kerberos kinit
command. This client can use dcecp and other administrative tools
for Kerberos-related management tasks.
For more information, see Appendix C (“Using Praesidium/Security
Service with Kerberos Applications”) in Planning and Configuring
Praesidium/Security Service.
The HP P/SS client is shown as node C in Figure 11-2.
The HP Kerberos client is a node with the same client software as the
HP DCE or P/SS client. This node, however, is not configured into a
DCE cell or a P/SS domain. The HP DCE file set
DCE-Core.DCE-CORE-RUN, which includes the Kerberos utilities
kinit, klist, and kdestroy, is automatically installed on this
client. The HP Secure Internet Services mechanism must be enabled
on this client.
The Kerberos utilities kinit, klist, and kdestroy are supplied by
HP. The HP Kerberos client treats the HP DCE Security Service or
the HP P/SS as an ordinary Kerberos KDC. Credentials are obtained
with the Kerberos command kinit, not the HP DCE command
dce_login or the P/SS command dess_login. The HP Kerberos
client cannot use HP DCE or P/SS administration tools for
Kerberos-related management tasks. The creation and update of
Kerberos-related files must be done manually.
For more information, see Using HP DCE 9000 Security with
Kerberos Applications, available in postscript and ASCII form in the
directory /opt/dce/newconfig/RelNotes/ in the files
krbWhitePaper.ps and krbWhitePaper.text. For more
information about P/SS, see Appendix C (“Using Praesidium/Security
Service with Kerberos Applications”) in Planning and Configuring
Praesidium/Security Service.
The HP Kerberos client is shown as node D in Figure 11-2 and Figure
11-3.
Allowable Non-HP Security Client Nodes
The Non-HP Kerberos client is a node running non-HP security client
software. This includes non-HP versions of the Kerberos utilities kinit,
klist, and kdestroy, and non-HP secure versions of internet services.