Planning and Configuring HP DCE 1.8
28 Chapter1
About HP DCE/9000 Version 1.8
Interoperability and Compatibility
dce_config does not set/reset the service "kerberos" in /etc/services.
However, dce_config does set the following in /etc/services:
kerberos5 88 udp kdc for V5 Beta 5-7 applications
kerberos-sec 88 udp kdc for V5 Release 1.0 applications
If a customer has an environment where they are supporting different
versions of Kerberos clients, they can set the port number for V5 Release
1.0 clients explicitly in the [realms] section of the /etc/krb5.conf file:
kdc = host:88
For related and more detailed information, see the whitepaper Using HP
DCE 9000 Security with Kerberos Applications in
/opt/dce/newconfig/RelNotes/krbWhitePaper.ps.
Support for Secure Internet Services
The DCE KDC is used by the Secure Internet Services, also known as the
Secure Remote Utilities, that are shipped as part of the InternetSrvcs
product on HP-UX 11i. The kerberized utilities include rlogin, remshd,
rcp, ftp, rcp, remsh, and telnet services. A new command,
k5dcelogin, has been added to DCE in support of these utilities. When
ticket forwarding is requested, k5dcelogin promotes a principal's
Kerberos V5 credentials to DCE credentials. Refer to documentation on
Secure Internet Services for configuration information.
DCE GSS-API Interoperability with MIT and
Third-Party Kerberos Implementations
The GSS-API has been updated to conform to the latest Kerberos and
GSS-API standards, while other changes accommodate the
non-conformance of older DCE and MIT GSS-API implementations.