Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
31323334353637383940
“Manual Configuration Of The Kerberos Server in Kerberos Server Version 3.12
Administrator’s Guide available at: http://www.docs.hp.com/en/internet.html#Kerberos
The following Kerberos server daemons are automatically started when you use the
/opt/krb5/sbin/krbsetup tool to configure the Kerberos server:
/opt/krb5/sbin/kadmind
/opt/krb5/sbin/kdcd
b. If you manually configured the Kerberos server, if you have modified the Kerberos
configuration files, or if you have stopped the Kerberos server daemons, run the
following command to start or restart the Kerberos server daemons:
# /sbin/init.d/krbsrv start
To verify that these daemons are running, run the following commands in the Kerberos
Server:
# ps -ef grep kadmind
#ps -ef grep kdcd
The following output is displayed if the /opt/krb5/sbin/kadmind daemon is
running:
root 769 1 0 Mar 17 ? 0:50 /opt/krb5/sbin/kadmind
root 4725 4708 1 12:44:20 pts/0 0:00 grep kadmind
The following output is displayed if the /opt/krb5/sbin/kdcd daemon is running:
root 477 1 0 Apr 27 ? 0:00 /opt/krb5/sbin/kdcd
root 26237 26219 2 15:36:39 pts/1 0:00 grep kdcd
c. The Kerberos administrator must create the user information (user ID and password)
for users. The Kerberos server contains the user ID and key created using the users
password. The Kerberos administrator must communicate the user information to
individual users. Users must know their Kerberos user ID and password. Based on the
security policies of your organization, the Kerberos administrator can choose any method
to communicate the user IDs and passwords, to users.
For more information on configuring the Kerberos server, see Kerberos Server V 3.12
Administrator’s Guide available at: http://docs.hp.com/en/internet.html
5. To connect to the HP-UX Secure Shell server, run the following command on the HP-UX
Secure Shell client:
# ssh <server_name> -l user_name
Where:
user_name specifies the name of the user in the HP-UX Secure Shell client system.
The HP-UX Secure Shell prompts for the Kerberos password.
6. Enter the Kerberos password at the password: prompt. If you enter the correct password,
the HP-UX Secure Shell client connects to the HP-UX Secure Shell server.
Configuring GSS-API Authentication
To configure GSS-API authentication, follow these steps:
1. On the Kerberos server, ensure that the following Kerberos daemons are running:
/opt/krb5/sbin/kadmind
/opt/krb5/sbin/kdcd
2. The Kerberos administrator must create user (client) information (user ID and key) for users
using the Kerberos service. The user information is stored on the KDC server and the Kerberos
administrator must communicate the user information to individual users. Users must know
40 Configuring HP-UX Secure Shell Authentication Methods