PAM Kerberos Release Note, HP 9000 Networking
22 Chapter1
PAM Kerberos Release Note
Configuration
• Locate ktpass on Microsoft Windows 2000 distribution
• Use ktpass to create the keytab file and set up the account for the UNIX host.
C:> ktpass -princ host/hostname@REALM-NAME -mapuser host \
-pass password -out unixmachine.keytab
Configuring the corresponding Application Server (Kerberos Client)
1. Securely transfer the keytab file (Unix machine keytab file) to the UNIX host.
2. Merge the imported keytab with default keytab file /etc/krb5.keytab.
Use the Kerberos utility, ktutil, to merge the keytab or copy it to the specified location,
/etc/krb5.keytab. When copying the keytab file to the default location, be careful not to
overwrite any keys installed for other applications. In such cases, use the Kerberos utility,
ktutil, to import the keys.
3. Create and modify the required Kerberos configuration files as described in “Kerberos
Configuration”.
4. Use the Microsoft Windows 2000 Directory Management tool to create a new user account
for the user.
5. Create a user account on the UNIX client machine so the uid, gecos, shell and home
directory could be resolved. The password is not necessary.