Planning and Configuring HP-UX DCE 2.0

About HP-UX DCE Version 2.0
Interoperability and Compatibility
Chapter 214
NOTE DCE Client and KRB5 Client files are not compatible with each other.
The host principal uses a fully qualified host name. To construct this
name, dce_config appends the Internet domain name to the host name
in the format: host_name.domain_name. For example, when the domain
name is ch.hp.com, and the host name is fred, the fully qualified host
name is fred.ch.hp.com.
When configuring either a security server or client, dce_config checks
the file /etc/resolv.conf for the Internet domain name. If the domain
name is not found in this file, then the user is prompted to enter a
domain name.
Before running dce_config, you can choose to set the environment
variable DOMAIN_NAME to provide the domain name during configuration.
Other environment variables used by dce_config are described
inComponent Scripts and Environment Variables for dce_config on
page 62.
An example of a standard domain name is ch.apollo.hp.com.
A DCE principal name takes the form:
/.../cellname/host/fully_qualified_hostname
Configuration for secure remote utilities may require the additional step
of adding entries to inetd.conf.
Remote Services File
This section describes the service and port settings in /etc/services for
different versions of Kerberos. Kerberos V5 expects the service kerberos
to use port 88. However, older versions of Kerberos (V4) expect the
kerberos service to use port 750. For this reason, dce_config does not
set or reset the kerberos service in /etc/services. dce_config does
set the following in /etc/services:
kerberos5 88 udp kdc for V5 applications
kerberos-sec 88 udp kdc for V5 applications
If a customer has an environment where they are supporting different
versions of Kerberos clients, they can set the port number for V5 Release
1.0 clients explicitly in the [realms] section of the /etc/krb5.conf file as
shown below: