Using HP-UX Internet Services (February 2007)
9 Secure Internet Services
Secure Internet Services (SIS) is an optionally enabled mechanism that incorporates
Kerberos V5 authentication and authorization for remote access services: ftp, rcp,
remsh, rlogin, and telnet.
Beginning with HP-UX 11.0, the product was replaced by the SIS mechanism
(InternetSvcSec), which incorporates Kerberos V5 Release 1.0 authentication for
the remote access services.
The main advantage is that if you are running SIS, your security is enhanced because
authorization is no longer required for transmitting a password in a readable form
over the network.
IMPORTANT: The SIS libraries do not encrypt the session beyond what is necessary
to authorize you (the user) or authenticate the service. Therefore, these services do not
provide integrity checking or encryption services on the data or on remote sessions.
Using the Secure Internet Services
The following steps describe how to use SIS:
1. Identify yourself to the Security Server, also known as the KDC (Key Distribution
Center), by issuing the kinit command:
kinit user_name@realm_name
To identify yourself to an HP DCE Security Server, you would generally use the
dce_login command rather than kinit. To identify yourself to an HP
Praesidium/Security Server (P/SS), use the dess_login command.
2. Start any service (ftp, rcp, remsh, rlogin,or telnet) using the same method
with which you start the non-secure version of the service. The following example
starts ftp:
ftp remote_host_name
If you are using SIS, ftp does not prompt for a user name and password.
3. To connect to a host running a non-secure version of the service, use the -P option
to avoid Kerberos authentication, as in the following example:
ftp -P remote_host_name
If the -P option is specified, you require a password to access the remote host, and
this password is transmitted in a readable form over the network. In this case, you
will receive appropriate warning messages.
Using the Secure Internet Services 41