Manualshelf

Integrate Logins with HP CIFS Server, HP-UX, and Windows 2003R2/2008

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
41424344454647484950
48
Add the following lines to the account section:
sshd account required libpam_hpsec.so.1
sshd account sufficient libpam_krb5.so.1
sshd account required libpam_unix.so.1
Our existing Kerberos krb5.conf and krb5.keytab files are compatible with SSH, so using our existing
configuration, the systems are ready to execute an SSH tunnel using Kerberos authentication.
ssh Example
SSH also uses the host/atcuxvm6.rose.hp.com service principal from the KDC and the
/etc/krb5.keytab file on the SSH destination server – like in the SIS examples. After the successful
Kerberos authentication and session establishment, note that the subsequent data packets are
encrypted and unreadable from a network trace.
This default configuration uses a default host certificate file. More advanced SSH configurations will
use a pre-existing host certificate file that must be created and transferred to the tunneling systems.
Many other SSH configuration variations are possible. However, this simple example proves that the
Unified Login Kerberos configuration is compatible with SSH tunneling.