Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Configuring the Kerberos Environment
Configuring the Kerberos Client
Chapter 3 83
Configuring the Kerberos Client
1. Edit the configuration files, /etc/krb5.conf and /etc/services as
described in “Configuration Files for Kerberos Clients” on page 69.
2. All Kerberos systems need a KEYTAB file (/etc/krb5.keytab) to
authenticate themselves to the KDC. Create a KEYTAB file for each
KDC client on your KDC Server following the procedures described
in “Configuring KDC - Kerberos Server version 2.0 on HP-UX 11i” on
page 77 (Step 8) or in “Configuring KDC Server - Microsoft Windows
2000 KDC” on page 81 (Step 2).
3. Transfer (ftp) the KEYTAB file from the KDC Server to the client
without overwriting any keys installed for other applications. For
example, use /tmp/hostname.keytab as the temporary destination
filename. Use the Kerberos utility ktutil to merge the KEYTAB data.
The Kerberos utility /usr/sbin/ktutil is available in the HP-UX
11i release and in the HP-UX 11.0 December 2000 Application
Release.
The following example shows how to merge the keytab using ktutil:
shell% /usr/local/sbin/ktutil
ktutil: rkt
/tmp/hostname
.key
tabktutil: list
You can view the KEYTAB file using klist command. For example:
# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
-----------------------------------------------------------
2 host/
hostname.domain.com
@
KDC.SUBDOMAIN.DOMAIN.COM
4. If the UNIX users do not exist, add the equivalent KDC users as
UNIX users in the UNIX password file, /etc/passwd. When creating
a credential file for a user, the user’s entry in the /etc/passwd is
accessed for its UID number.