Manualshelf

HP CIFS Server and Kerberos

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
101102103104105106107108109110
109
WARNING: Whenever a “net ads join” command is executed on any CIFS server in the ServiceGuard
cluster, it changes the secret key on the KDC. A new krb5.keytab must be generated on the CIFS
server to match the service principal keys with the KDC. Using the merged-keytab file technique, then
all of the krb5.keytab files in the cluster will be replaced with new versions that are merged with the
newest-generated krb5.keytab file from the recently-joined CIFS server.
9.1 CIFS HA Kerberos Configuration
Follow the directions in Chapter 5 for the configuration of CIFS and the Kerberos keytab file. A keytab
file must be generated for each member server in the cluster.
1. Copy each member server krb5.keytab file to a single directory on an HP-UX work system.
Append the server uname to each krb5.keytab file to make it unique:
# ll /home/keytab_work
total 64
-rw------- 1 root sys 13456 Oct 28 15:27 krb5.keytab.atcux14
-rw------- 1 root sys 13638 Oct 28 15:27 krb5.keytab.emonster
#
2. Run ktutil and read in the member server krb5.keytab files, then write to a merged
krb5.keytab file
# ktutil
ktutil: rkt krb5.keytab.atcux14
ktutil: rkt krb5.keytab.emonster
ktutil: wkt krb5.keytab.merged
ktutil: quit
#
# ll /home/keytab_work
total 128
-rw------- 1 root sys 13456 Oct 28 15:27 krb5.keytab.atcux14
-rw------- 1 root sys 13638 Oct 28 15:27 krb5.keytab.emonster
-rw------- 1 root sys 27092 Oct 28 15:34 krb5.keytab.merged
#
3. Copy krb5.keytab.merged to /etc/krb5.keytab on every system in the cluster.