PAM Kerberos Release Note, HP 9000 Networking

Chapter 1 19

PAM Kerberos Release Note

Conﬁguration

ftp auth required /usr/lib/security/libpam_krb5.1

See the pam.conf(1) man page for more details and Appendix A for a sample

/etc/pam.conf ﬁle.

• /etc/krb5.conf - identical conﬁguration as described under KDC.

• /etc/services - identical conﬁguration as described under KDC.

Application Client

An application client node is where application client, like telnet or ftp, will be run. It is the

application client node that initiates the authentication.

There is no conﬁguration required for PAM or Kerberos at the application client.

NOTE Some application like login or su do not use any Application Servers but still

require authentication to be performed using PAM. Therefore it is necessary to

set the appropriate service entry in /etc/pam.conf and to conﬁgure the

machine as an Application Server. See the pam.conf(1) man page for more

details and Appendix A for a sample /etc/pam.conf ﬁle.

Conﬁguration Procedures

This section describes the procedures for setting up the Kerberos environment.

Conﬁguring KDC - MIT Kerberos Server

1. Install the Kerberos server MIT KDC (version 1.X). Refer to Kerberos V5 Installation

Guide and Kerberos V5 System Administrator's Guide listed under “References”.

2. Create and modify the conﬁguration ﬁle, /etc/krb5.conf, to reﬂect the correct

information such as the hostnames and realm name for your realm. Change the log ﬁle

location if necessary. A sample copy of krb5.conf is included under Appendix B .

3. Create and modify the conﬁguration ﬁle, kdc.conf, to reﬂect the correct information such

as the hostnames and realm name for your realm as explained under Kerberos

Conﬁguration, KDC. A sample copy of kdc.conf is included under Appendix C .

4. Create the Database

Use the kdb5_util command to create the Kerberos database and the optional stash ﬁle.

The stash ﬁle is used to authenticate the KDC to itself automatically before starting the