Manualshelf

HP CIFS Server 3.0k Administrator's Guide version A.02.04

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
131132133134135136137138139140
Kerberos Modification for Internet Services
The Internet Services product utilizes its own Kerberos library set that is delivered with the
product. This library set does not recognize the WRFILE attribute in the /etc/krb5.conf file
as a valid attribute. Therefore, the default_keytab_name parameter is invalid, and the Internet
Services application cannot find the Kerberos keytab file to access the secret key.
To modify this configuration for HP-UX Internet Services interoperation, you must modify the
/etc/krb5.conf file to remove or comment out the WRFILE attribute. This does not affect HP
CIFS Server authentication, because the krb5.conf default_keytab_name parameter is only
used by HP CIFS Server for the creation of the /etc/krb5.keytab file.
The following shows an sample of /etc/krb5.conf for HP-UX Internet Services interoperation:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
# default_keytab_name = "WRFILE:/etc/krb5.keytab" (delete or comment out this line)
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
If you need to re-generate the /etc/keytab.krb5 file, you must follow step 1 and 2 in
“Configuring kerb5.keytab”. After you re-create the krb5.keytab file, you must re-edit the
krb5.conf file to remove WRFILE for HP-UX Internet Services interoperation.
NOTE: If an error occurs and the error message Too many open files is displayed, modify
the value of the max_files parameter to a suitable value.
HP-UX Kerberos Application Co-existence 131