Manualshelf

Planning and Configuring HP DCE 1.8

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
21222324252627282930
Chapter 1 27
About HP DCE/9000 Version 1.8
Interoperability and Compatibility
remote utilities.
Create the file /etc/krb5.conf for use by KerberosV5 Beta 5-7 and
Release 1.0 applications.
Create the file /krb5/krb.realms for Kerberos V5 B4 applications.
Add the entries klogin, kshell, ekshell, and eklogin as well as
kerberos5 and kerberos-sec to /etc/services.
Link the /etc/krb5.keytab file, which is the default keytab used
by Kerberos V5 Release 1.0 clients, to the /krb5/v5srvtab file,
which is the default keytab used by DCE clients. The file
/etc/v5srvtab, which is the default keytab file used by Kerberos
V5 Beta clients, is also linked to the /krb5/srvtab file.
The host principal uses a fully qualified host name. To construct this
name, dce_config appends the Internet domain name to the host name
in the format: host_name.domain_name. For example, when the domain
name is ch.hp.com, and the host name is fred, the fully qualified host
name is fred.ch.hp.com.
When configuring either a security server or client, dce_config checks
the file /etc/resolv.conf for the Internet domain name. If the
domain name is not found in this file, then the user is prompted to enter
a domain name.
Before running dce_config, you can choose to set the environment
variable DOMAIN_NAME to provide the domain name during
configuration. Other environment variables used by dce_config are
described in the section "Component Scripts and Environment Variables
for dce_config" in Chapter 5.
An example of a standard domain name is ch.apollo.hp.com.
A DCE principal name takes the form:
/.../cellname/host/fully_qualified_hostname
Configuration for secure remote utilities may require the additional step
of adding entries to inetd.conf.
Remote Services File
The following describes the service and port settings in /etc/services
for the different versions of Kerberos. Kerberos V5 Release 1.0 expects
the service "kerberos" to use port 88. However, older versions of Kerberos
(V4) expect the "kerberos" service to use port 750. For this reason,