Manualshelf

Integrate Logins with HP CIFS Server, HP-UX, and Windows 2003R2/2008

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
41424344454647484950
44
principal. This will allow the SIS ftp application to find the correct service principal on the initial
search.
On the Windows Domain Controller, use ktpass from the command line to create a new service
principal for ftp.
ktpass.exe –out c:\temp\ftpatcuxvm5.keytab –princ
ftp/atcuxvm5.rose.hp.com@ATCWIN1.HP.COM –mapuser ATCWIN1\administrator –
pass password –crypto DES-CBC-MD5 –pType KRB5_NT_PRINCIPAL +DesOnly
Copy the output file (in the example it is ftpatcuxvm5.keytab) to the HP-UX server. Next, merge the ftp
keytab file with the existing CIFS keytab file using the HP-UX ktutil utility.
# ktutil
ktutil: rkt krb5.keytab.cifs
ktutil: rkt krb5.keytab.ftpatcuxvm6
ktutil: wkt krb5.keytab.cifsftp
ktutil: q
Now copy the merged keytab file to krb5.keytab, and verify with “klist –k” that the ftp service
principal exists in the file – it will be at the bottom of the list.
# klist -k | grep ftp
3 ftp/atcuxvm5.rose.hp.com@ATCWIN1.HP.COM
#
The result is that the SIS “kerberized” ftp finds the ftp principal in the initial authentication attempt, so
there is no UNKNOWN_PRINCIPAL packet from the KDC, and no error-then-retry with the host
principal. This is a “clean” SIS ftp login.