HP CIFS Server Administrator Guide Version A.02.04.04 (5070-6710, October 2011)
• HP-UX Kerberos Client
Kerberos v5 Client C.1.3.5.06 or later on HP-UX 11i v1◦
◦ Kerberos v5 Client D.1.6.2 or later or HP-UX 11i v2
◦ Kerberos v5 Client E.1.6.2 or later on HP-UX 11i v3
• Service Pack 2 is recommended for Windows 2003 and 2003R2. Service Pack 1 is required
for inter-operation with Kerberos v5 Client C.1.3.5.06 or later on HP-UX 11i v1, Kerberos v5
Client D.1.6.2 or later on HP-UX 11i v2, or Kerberos v5 Client E.1.6.2 or later on HP-UX 11i
v3.
• HP-UX LDAP-UX Integration product
• Windows 2000, Windows 2003, or Windows 2008 Server domain.
• Windows Vista, Windows XP, or Windows 2000 Client
Configuring krb5.keytab
Here are the required components to configure HP CIFS Server with HP-UX Internet Services
co-existence:
• Kerberos v5 Client C.1.3.5.06 or later on HP-UX 11i v1, Kerberos v5 Client D.1.6.2 or later
on HP-UX 11i v2, or Kerberos v5 Client E.1.6.2 or later on HP-UX 11i v3.
• /etc/krb5.conf file
• /etc/opt/samba/smb.conf file
• /etc/krb5.keytab file
• net ads keytab create command
The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows
domain.
Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access
the keytab file:
1. Add the default_keytab_name parameter with the FILE attribute in the /etc/krb5.conf
file. The Kerberos v5 Client C.1.3.5.06 or later on HP-UX 11i v1; Kerberos v5 Client D.1.6.2
or later on HP-UX 11i v2; or Kerberos v5 Client E.1.6.2 or later on HP-UX 11i v3 is required
for the FILE attribute.
An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "FILE:/etc/krb5.keytab"
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
HP-UX Kerberos Application Co-existence 111