Manualshelf

NFS Services Administrator's Guide (B.11.31.02) January 2008

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
21222324252627282930
The password prompt is displayed. Enter the password for the root principal that is added
to the Kerberos database.
3. To verify the TGT, enter the following command:
klist
An output similar to the following output is displayed:
Ticket cache: /tmp/krb5cc_0
Default principal: root@krbhost.anyrealm.com
Valid starting Expires Service principal
Fri 16 Jan 2007 01:44:08 PM PDT Sat 17 Jan 2007 01:44:08 PM
PDT
krbtgt/krbhost.anyrealm.com@krbhost.anyrealm.com
4. To verify that the system is set up as a Kerberos client, enter the following command:
ps -ef |grep kr
An output similar to the following output is displayed:
root 1156 1139 0 Feb 9 ? 0:30
/opt/krb5/sbin/kdcd
root 1139 1 0 Feb 9 ? 0:00
/opt/krb5/sbin/kdcd
root 1154 1 0 Feb 9 ? 15:33
/opt/krb5/sbin/kadmind
This output indicates that the Kerberos daemons are running.
5. To verify that the underlying GSS-API framework is working properly, run the sample
program /usr/contrib/gssapi/sample.
In this example, the following setup was used to run the program:
GSS-API Server Host: krbsrv39
GSS-API Client Host: krbcl145
An output similar to the following output is displayed:
krbcl145: #/hpsample/gss-client krbcl145 sample@krbsrv39
"hi"
Sending init_sec_context token (size=541)...continue needed
...length = 106
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"root/krbcl145.anyrealm.com@krbhost.anyrealm.com" to
"sample/krbsrv39.anyrealm.com@krbhost.anyrealm.com",
lifetime 86297, flags 36, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 2 840 113554 1 2 2 } supports 7 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 2 }
2: { 1 2 840 113554 1 2 1 3 }
3: { 1 3 6 1 5 6 2 }
4: { 1 2 840 113554 1 2 1 4 }
5: { 1 2 840 113554 1 2 1 1 }
6: { 1 2 840 113554 1 2 2 1 }
length = 37
Signature verified.
The statement Signature verified indicates that the GSS-API framework is working
properly.
30 Configuring and Administering NFS Services