HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)

Windows 2000/2003 Domains

HP CIFS and Other HP-UX Kerberos Applications Co-existence

Chapter 5 103

HP CIFS and Other HP-UX Kerberos

Applications Co-existence

Because the HP CIFS Server stores the Kerberos secret key in

/var/opt/samba/private/secrets.tdb by default, the standard CIFS

Kerberos conﬁguration can only be used by HP CIFS Server users. If

other HP-UX applications use the /etc/krb5.keytab ﬁle, a mismatch of

keys occurs resulting in failure for CIFS or the other applications

depending upon which key is the latest. Moreover, HP-UX Internet

Services users cannot use system Kerberos libraries to access system

resources because of a mismatch in Kerberos libraries on the system.

The Internet Services (IS) suite utilizes its own Kerberos library set

which is delivered with the Internet Services product.

If you wish to use Kerberos in your network for other products as well as

HP CIFS Server, you may generate an /etc/krb5.keytab ﬁle from an

HP CIFS Server and conﬁgure HP CIFS Server to access the secret key

from the /etc/krb5.keytab ﬁle instead of the

/var/opt/samba/private/secrets.tdb ﬁle. This feature provides

Kerberos interoperability between HP CIFS Server users and HP-UX

Internet Services users. See Chapter 8, “Kerberos Support,” on page 179,

for proper conﬁguration.