Manualshelf

PAM Kerberos Release Note, HP 9000 Networking

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
11121314151617181920
18 Chapter1
PAM Kerberos Release Note
Configuration
klogin 543/tcp # Kerberos rlogin -kfall
kshell 544/tcp cmd # Kerberos remote shell
kerberos-adm 749/tcp # Kerberos 5 admin/changepw
kerberos-adm 749/udp # Kerberos 5 admin/changepw
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos encrypted rlogin
krb524 4444/tcp # Kerberos 5 to 4 ticket translator
kerberos-adm 464/udp # Kerberos Password Change protocol
kerberos-adm 464/tcp # Kerberos Password Change protocol
See the services (4) man page for additional information.
/usr/local/var/krb5kdc/kdc.conf
The kdc.conf file contains KDC configuration information, including the file locations of
database and keytab file and defaults used when issuing Kerberos tickets.
Create a kdc.conf file using the sample listed under Appendix C . Replace the underlined
REALM.HP.COM and hostname.hp.com with the name of your Kerberos realm and
hostname.
Modify the default values for maximum life and maximum renewable life if necessary.
For further information, refer to the DCE white paper, Using HP DCE 9000 and
Praesidium /Security Service with MIT Kerberos Applications,
/opt/dce/newcconfig/RelNotes/krbWhitePaper.ps on HP-UX 11.0 and Kerberos
documentation listed in “References”.
Application Server (a.k.a. Kerberos Client)
An application server node is a node where application servers, such as telnetd or ftpd, will be
run. The Application Server requires proper configuration of the following files:
/etc/pam.conf
The behavior of the PAM modules is controlled by the configuration file /etc/pam.conf.It
specifies the PAM modules for each of the services and how they can be stacked in a
system. The pam.conf file contains a listing of services. Each service is paired with a
corresponding service module. When a service is requested, its associated module is
invoked. HP-UX system entry services including but not limited to login, rlogin, telnet,
ftp, passwd, and su use PAM and the appropriate entry should be included for each of
these in the /etc/pam.conf file at the application server.
Each entry has the following format:
service_name module_type control_flag module_path options
For example: