Using HP-UX Internet Services (August 2003)
Secure Internet Services
Using the Secure Internet Services
Chapter 9 69
Using the Secure Internet Services
The following steps describe how to use SIS:
1. Identify yourself to the Security Server, also known as the KDC (Key
Distribution Center), by issuing the kinit command:
kinit
user_name@realm_name
To identify yourself to an HP DCE Security Server, you would
generally use the dce_login command rather than kinit. To
identify yourself to an HP Praesidium/Security Server (P/SS), use
the dess_login command.
2. Start any service (ftp, rcp, remsh, rlogin, or telnet) using the
same method with which you start the non-secure version of the
service. The following example starts ftp:
ftp
remote_host_name
If you are using SIS, ftp does not prompt for a user name and
password.
3. To connect to a host running a non-secure version of the service, use
the -P option to avoid Kerberos authentication, as in the following
example:
ftp -P
remote_host_name
If the -P option is speciļ¬ed, you require a password to access the
remote host, and this password is transmitted in a readable form
over the network. In this case, you will receive appropriate warning
messages.
System administrators can enforce Kerberos authentication to a
service on a particular host. If Kerberos authentication is enforced to
a service on a host running the SIS daemons, the host can neither
access a secure client using the -P option nor can access a non-secure
client.
4. After working with the secure session, issue the kdestroy command
to remove the credentials that you have accumulated during the
session:
kdestroy