Configuration Guide for Kerberos Client Products on HP-UX

Configuring the Kerberos Environment

Configuring the Kerberos Server

Chapter 3 85

Configuring the Kerberos Server

You can configure a Kerberos client in the same way whether your KDC

server is a Kerberos server on HP-UX 11i or a Microsoft 2000 KDC

server. However, for a Microsoft Windows 2000 KDC server or the

Kerberos server on HP-UX 11i, the server configuration procedures are

different. To configure a Microsoft Windows 2000 KDC server or

Kerberos server on HP-UX 11i, you must follow the KDC Server

configuration instructions accompanied with your server software.

You can configure your Kerberos server with C-Tree or LDAP as the

backend database. For instructions on configuring HP’s Kerberos Server,

see Kerberos Server Version 3.12 Administrator’s Guide (5991-7686)

available on www.docs.hp.com

Configuring Your Microsoft Windows 2000 KDC

To configure your Microsoft Windows 2000 KDC, complete the following

steps:

1. Use the Active Directory Management tool to create a new account

for the UNIX host:

• From Administrators Tools, select Active Directory Users and

Computers.

• Select the Users folder, select Action from the top menu, click

New, then click User.

• Add the name of a UNIX host as a user by entering the hostname

as the user name, and host/hostname as user logon name.

2. Create a keytab file for the Kerberos client on Microsoft Windows

2000 KDC.

• Locate ktpass on Microsoft Windows 2000

• Use ktpass to create the

KEYTAB file and set up the account for

the UNIX host.

C:> ktpass -princ host/hostname@NT-DNS-REALM-NAME

-mapuser hostname -pass your-password -out

hostname.keytab

where: