Installing and Administering Internet Services
Chapter 11 353
Secure Internet Services
Configuration and Kerberos Version Interoperability Requirements
Configuration and Kerberos Version
Interoperability Requirements
The main purpose of this chapter is to provide information required
specifically for the Secure Internet Services. However, since the
successful usage of the Secure Internet Services requires a correctly
configured secure environment, this section discusses some general
requirements of the secure environment.
For specific configuration information, refer to your KDC (security
server) provider’s and security client provider’s documentation.
For configurations that include any HP nodes (HP DCE Security Service,
HP DCE client, HP P/SS, HP P/SS client, and HP Kerberos client), see
Using HP DCE 9000 Security with Kerberos Applications, available in
postscript and ASCII form in the directory
/opt/dce/newconfig/RelNotes/ in the files krbWhitePaper.ps
and krbWhitePaper.text. For information about P/SS, see Appendix C
(“Using Praesidium/Security Service with Kerberos Applications”) in
Planning and Configuring Praesidium/Security Service.
File Requirements
Beginning with HP-UX 11.0, some of the configuration-related files are
reformatted and/or renamed for Kerberos Version 5 Release 1.0 (V5-1.0).
However, because of the way DCE implements kinit, klist, and
kdestroy, those commands still use the Kerberos Version 5 Beta 4 (V5
Beta 4) format of those configuration-related files. So, to use the new
Secure Internet Services mechanism, you must have a combination of
those files configured in the secure environment.
Before HP-UX 11.0
The Secure Internet Services before HP-UX 11.0 use the following files
for configuration:
• A configuration file named /krb5/krb.conf.
This file specifies the default realm, cell, or domain name and also
maps realm, cell, or domain names to KDCs. Suggested ownership
and permissions for this file are root, sys, -r--r--r--.