Manualshelf

HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
191192193194195196197198199200
Kerberos Support
HP-UX Kerberos Application Co-existence
Chapter 8184
HP-UX Kerberos Application Co-existence
Because the HP CIFS Server stores the Kerberos secret key in
/var/opt/samba/private/secrets.tdb by default, the standard CIFS
Kerberos configuration can only be used by HP CIFS Server users. If
other HP-UX applications use the /etc/krb5.keytab file, a mismatch of
keys occurs resulting in failure for CIFS or the other applications
depending upon which key is the latest. Moreover, HP-UX Internet
Services users cannot use system Kerberos libraries to access system
resources because of a mismatch in Kerberos libraries. The Internet
Services (IS) product utilizes its own Kerberos library set which is
delivered with the Internet Service product.
HP CIFS Server can co-exist with other Kerberos applications through
modified configuration as described in the “Configuring kerb5.keytab” on
page 185 and “Kerberos Modification for Internet Services” on page 187
sections.
Components for Kerberos Configuration
The following is a list of the various components that are necessary to
configure HP CIFS Server for Kerberos authentication:
HP CIFS Server: Version A.02.01 and later (Based upon Samba 3.0.7
and later)
HP-UX 11i v1 or HP-UX 11i v2
HP-UX Kerberos Client
Version 1.3.5 (required for newer Windows 2000/2003 versions,
keytab feature)
Patches required for HP-UX Kerberos Client version 1.3.5 for HP-UX
11i v1 are shown in table 8-1. For HP-UX 11i v2, you must install
patches listed in table 8-2.
Table 8-1 Required Patches on HP-UX 11i v1
Patch Number Description
PHCO_24400 libc cumulative patch.