Manualshelf

Planning and Configuring HP DCE 1.7

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
21222324252627282930
1-14 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Interoperability and Compatibility
When configuring either a security server or client, dce_config checks
the file /etc/resolv.conf for the Internet domain name. If the domain
name is not found in this file, then the user is prompted to enter a
domain name.
Before running dce_config, you can choose to set the environment
variable DOMAIN_NAME to provide the domain name during
configuration. Other environment variables used by dce_config are
described in the section “Component Scripts and Environment Variables
for dce_config” in Chapter 5.
An example of a standard domain name is ch.apollo.hp.com.
A DCE principal name takes the form:
/.../cellname/host/fully_qualified_hostname
Configuration for secure remote utilities may require the additional step
of adding entries to inetd.conf.
Remote Services File
The following describes the service and port settings in /etc/services for
the different versions of Kerberos. Kerberos V5 Release 1.0 expects the
service "kerberos" to use port 88. However, older versions of Kerberos
(V4) expect the "kerberos" service to use port 750. For this reason,
dce_config does not set/reset the service "kerberos" in /etc/services.
dce_config does set the following in /etc/services:
kerberos5 88 udp kdc for V5 Beta 5-7 applications
kerberos-sec 88 udp kdc for V5 Release 1.0 applications
If a customer has an environment where they are supporting different
versions of Kerberos clients, they can set the port number for V5 Release
1.0 clients explicitly in the [realms] section of the /etc/krb5.conf file:
kdc = host:88
For related and more detailed information, see the whitepaper Using HP
DCE 9000 Security with Kerberos Applications in
/opt/dce/newconfig/RelNotes/krbWhitePaper.ps.
Support for Secure Internet Services
The DCE KDC is used by the Secure Internet Services, also known as the
Secure Remote Utilities, that are shipped as part of the InternetSrvcs
product on HP-UX 11.0. The kerberized utilities include rlogin,