Installing and Administering Internet Services
356 Chapter 11
Secure Internet Services
Configuration and Kerberos Version Interoperability Requirements
If the above entries need to be added to or changed in the
configuration file, you must make the additions or changes manually
(use the text editor of your choice).
• The keytab file is named /etc/krb5.keytab.
Note that, when an HP DCE or HP P/SS cell is configured, the keytab
file is created automatically, but it is given the V5 Beta 4 name
(/krb5/v5srvtab). So, to ensure that applications will be able to
run, you must create a link from the V5-1.0 keytab file
(/etc/krb5.keytab) to the V5 Beta 4 file (/krb5/v5srvtab), by
issuing this command:
ln -s /krb5/v5srvtab /etc/krb5.keytab
KDC Requirements
The general KDC configuration requirements of the secure environment
are the following:
• The KDC (security server) software must be running.
• User accounts must be created, as necessary.
• User and service (host and optionally ftp) principals must exist in
the KDC database.
Security Client Requirements
The general configuration requirements for each security client are as
follows:
• The following port must exist in the /etc/services file or in the
NIS or NIS+ services database:
kerberos5 88/udp kdc
• The security client software must be installed:
• The Kerberos commands kinit, klist, and kdestroy must all
exist.
• For HP DCE and HP Kerberos clients, the HP DCE file set
(DCE-Core.DCE-CORE-RUN) must be configured.
• For HP P/SS clients, the HP DCE file set
(DCE-Core.DCE-CORE-RUN) and the HP P/SS file set
(DESS-Core.DESS-CORE-RUN) must be configured.