Secure NFS on HP-UX 11i v3
4
II. Install and Configure the Kerberos Server
Before NFS client and server systems can use Kerberos authentication or other enhanced security
features like data check summing or data encryption, a Kerberos realm must be established and the
NFS systems must be configured as Kerberos clients.
While this paper is not intended as an exhaustive guide to setting up and configuring Kerberos, the
basic configuration steps involved with creating a Kerberos realm using HP-UX systems will be
provided. If you already have an existing Kerberos realm for your NFS environment then you can
skip to section III “Add Required Kerberos Credentials to the Realm” on page 7.
A. Download and Install the Kerberos Server Software
HP offers a free MIT-based Kerberos server implementation for HP-UX systems. The latest Kerberos
Server software may be downloaded from the Software Depot site:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA.
The Kerberos server software is installed using the standard HP-UX software installation tool
swinstall(1M). The complete installation instructions are available here:
http://software.hp.com/portal/swdepot/displayInstallInfo.do?productNumber=T1417AA.
B. Configure the Kerberos Server
The krbsetup(1m) command is a menu-based utility for configuring the Kerberos server. The following
screen shots illustrate how the Kerberos server was configured for the examples used in this paper.
Figure 1 shows the initial krbsetup screen where selection 1 (Configure the Server) was selected.
Figure 1 Initial krbsetup(1m) Screen
In Figure 2 the selection is made to use a C-Tree backend data store. The use of an LDAP backend is
also supported but is outside the scope of this paper.