Installing and Administering Internet Services
366 Chapter 11
Secure Internet Services
Verifying the Secure Internet Services
realm’s KDC. It can also check the keys in the keytab file for
agreement with the KDC. By acting as a client/daemon service itself,
it can further assist in verifying the correctness of the configuration.
For more information refer to the krbval(1M) man page. The krbval
tool is also described in Using HP DCE 9000 Security with Kerberos
Applications, available in postscript and ASCII form in the directory
/opt/dce/newconfig/RelNotes/ in the files krbWhitePaper.ps
and krbWhitePaper.text. For information about krbval, you can
also see Appendix C (“Using Praesidium/Security Service with
Kerberos Applications”) in Planning and Configuring
Praesidium/Security Service.
Verifying Usage of Secure Internet Services
You may first want to read the section “Using the Secure Internet
Services” on page 367 before continuing with this section.
1. Obtain a TGT (ticket granting ticket) from the KDC. On an HP DCE
security client, use the dce_login command. On an HP P/SS
security client, use the dess_login command. On an HP Kerberos
client or a non-HP Kerberos client, use the kinit command.
2. Invoke the desired Secure Internet Service in the same manner as in
a non-secure environment.
If the Secure Internet Services mechanism is enabled successfully,
the only visible difference in ftp, rlogin, and telnet from
execution on a non-secure system will be that, if a password was
required on the non-secure version, then the password prompt will
not be displayed on the secure version. Also, for telnet, the logon
prompt is not displayed
If the Secure Internet Services mechanism is enabled successfully,
there are no visible differences in remsh (used with a command) and
rcp from execution on a non-secure system.
3. Before logging off the local system, invoke the command kdestroy.
This will remove the credentials cache file.