Installing and Administering Internet Services
Chapter 11 365
Secure Internet Services
Verifying the Secure Internet Services
Verifying the Secure Internet Services
The tasks you should do if you want to verify that the Secure Internet
Services have been configured correctly are described in the paragraphs
below.
Secure Environment Checklist
The following is a quick checklist to verify that the secure environment is
properly configured.
1. On the KDC, issue a ps -ef command and verify that the necessary
security server executables are running. Look for secd on an HP
DCE Security Service or an HP P/SS, or for krb5kdc on a non-HP
Kerberos V5 KDC.
2. Use an appropriate tool to verify that the desired principals exist in
the KDC database. This can usually be done remotely. For the HP
DCE Security Service and the HP P/SS, use dcecp.
3. Issue an insetsvcs_sec status command to determine whether
the Secure Internet Services mechanism is enabled (see “Checking
the Current Authentication Mechanism” on page 364).
4. Ensure that the following entries exist in the /etc/services file or
in the NIS or NIS+ services database:
kerberos5 88/udp kdc
klogin 543/tcp
kshell 544/tcp krcmd kcmd
5. Ensure that the following entries exist in /etc/inetd.conf:
klogin stream tcp nowait root /usr/lbin/rlogind rlogind -K
kshell stream tcp nowait root /usr/lbin/remshd remshd -K
ftp stream tcp nowait root /usr/lbin/ftpd ftpd
telnet stream tcp nowait root /usr/lbin/telnetd telnetd
Different options may be set from the default options shown above. If
you modified the /etc/inetd.conf file, you must run the inetd -c
command to force inetd to reread its configuration file.
6. To ensure that the client configurations are correct, invoke the
validation application, krbval. The krbval tool checks for proper
configuration of security clients. It can be used to “ping” a particular