Manualshelf

Installing and Administering Internet Services

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
451452453454455456457458459460
456 Chapter11
Secure Internet Services
Verifying the Secure Internet Services
validation application, krbval. The krbval tool checks for proper
configuration of security clients. It can be used to “ping” a particular
realm’s KDC. It can also check the keys in the keytab file for
agreement with the KDC. By acting as a client/daemon service itself,
it can further assist in verifying the correctness of the configuration.
For more information refer to the krbval(1M) man page. The krbval
tool is also described in Using HP DCE 9000 Security with Kerberos
Applications, available in postscript and ASCII form in the directory
/opt/dce/newconfig/RelNotes/ in the files krbWhitePaper.ps and
krbWhitePaper.text. For information about krbval, you can also
see Appendix C (“Using Praesidium/Security Service with Kerberos
Applications”) in Planning and Configuring Praesidium/Security
Service.
Verifying Usage of Secure Internet Services
You may first want to read the section “Using the Secure Internet
Services” on page 457 before continuing with this section.
1. Obtain a TGT (ticket granting ticket) from the KDC. On an HP DCE
security client, use the dce_login command. On an HP P/SS security
client, use the dess_login command. On an HP Kerberos client or a
non-HP Kerberos client, use the kinit command.
2. Invoke the desired Secure Internet Service in the same manner as in
a non-secure environment.
If the Secure Internet Services mechanism is enabled successfully,
the only visible difference in ftp, rlogin, and telnet from execution
on a non-secure system will be that, if a password was required on the
non-secure version, then the password prompt will not be displayed
on the secure version. Also, for telnet, the logon prompt is not
displayed
If the Secure Internet Services mechanism is enabled successfully,
there are no visible differences in remsh (used with a command) and
rcp from execution on a non-secure system.
3. Before logging off the local system, invoke the command kdestroy.
This will remove the credentials cache file.