Manualshelf

HP-UX Secure Shell Getting Started Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
41424344454647484950
8. In the HP-UX Secure Shell client system, run the following command to invoke the KDC
service to obtain a ticket granting ticket (TGT).
# kinit <user_ID>
The Kerberos client prompts the Kerberos administrator for the Kerberos password:
Password for <user_ID>@krb_mc.realm:
Where:
<user_ID> specifies the user name.
If you enter the correct password, the Kerberos server provides the TGT to the client. By
default, the /usr/bin/kinit utility stores the TGT in the /tmp/krb5cc_<uid> file,
which is the default credentials cache. The <uid> specifies the decimal UID of the user. For
more information on the /usr/bin/kinit utility, see kinit(1).
If you have obtained the ticket, you can view the ticket by running the following command
in the client system:
# klist
Ticket cache: /tmp/krb5cc_01
Default principal: root@KRB_MC.REALM
Valid starting Expires Service principal
01/31/06 17:54:40 02/01/06 03:54:40 krbtgt/KRB_MC.REALM
9. To enable GSS API authentication, set the following directive in the /opt/ssh/etc/
sshd_config file in the HP-UX Secure Shell server and /opt/ssh/etc/ssh_config in
the HP-UX Secure Shell client:
GSSAPIauthentication yes
Set the following directive to yes to automatically destroy the credentials of the user on
logout:
GSSAPICleanUpCredentials yes
10. To connect to the HP-UX Secure Shell client, run the following command from the HP-UX
Secure Shell server:
$ ssh user@remotehost -l <user_name> -o GSSAPIauthentication yes
Where:
remotehost Specifies the name of the server to which you want to connect.
user Specifies the user name using which you want to connect to the HP-UX
Secure Shell server.
The HP-UX Secure Shell client connects to the HP-UX Secure Shell server.
11. To verify the connection, run the following /usr/bin/klist command in the HP-UX
Secure Shell client system:
# klist
The following output is displayed:
Ticket cache: /tmp/krb5cc_01
Default principal: root@KRB_MC.REALM
Valid starting Expires Service principal
01/31/06 17:54:40 02/01/06 03:54:40 krbtgt/KRB_MC.REALM
1/31/06 18:20:40 02/01/06 03:54:40 host/sshd_mc.appserverdomain.com@KRB_MC.REALM
This output is different from the previous /usr/bin/klist output. This output shows
the ticket information of the client (1/31/06 18:20:40 02/01/06 03:54:40
host/sshd_mc.appserverdomain.com@KRB_MC.REALM) and indicates that the HP-UX
Secure Shell server has accepted the ticket.
42 Configuring HP-UX Secure Shell Authentication Methods