Planning and Configuring HP DCE 1.7
Planning and Configuring HP DCE 1.7 1-13
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
Neither DES nor DES-hidden versions of DCE are interoperable with
any DCE version that has been built with the DES code omitted (instead
of hidden). Some DCE ports from other vendors were built in this way in
order to meet U.S. export requirements. If you are running a DCE port
from another vendor, check with that vendor for details.
Kerberos Authentication Protocol
Compatibility
The DCE Security authentication service implements Kerberos Version
5. DCE Security does not provide backward compatibility support for
Kerberos Version 4.
DCE Support for Kerberos Applications and
Configuration Notes
HP DCE 1.7 makes available enhanced configuration features specific to
Kerberos Version 5. Configuration with dce_config has been updated to
do the following for either a security server or client:
• Create a host principal, account and keytab entry for secure BSD
remote utilities.
• Create the file /etc/krb5.conf for use by Kerberos V5 Beta 5-7 and
Release 1.0 applications.
• Create the file /krb5/krb.realms for Kerberos V5 B4 applications.
• Add the entries klogin, kshell, ekshell, and eklogin as well as
kerberos5 and kerberos-sec to /etc/services.
• Link the /etc/krb5.keytab file, which is the default keytab used by
Kerberos V5 Release 1.0 clients, to the /krb5/v5srvtab file, which is
the default keytab used by DCE clients. The file/etc/v5srvtab, which
is the default keytab file used by Kerberos V5 Beta clients, is also
linked to the /krb5/srvtab file.
The host principal uses a fully qualified host name. To construct this
name, dce_config appends the Internet domain name to the host name
in the format: host_name.domain_name. For example, when the domain
name is ch.hp.com, and the host name is fred, the fully qualified host
name is fred.ch.hp.com.