LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Installing LDAP-UX Client Services
Configuring LDAP-UX Client Services
Chapter 244
kshell 544/tcp cmd # Kerberos remote shell
kerberos-adm 749/tcp # Kerberos 5 admin/changepw
kerberos-adm 749/udp # Kerberos 5 admin/changepw
krb5_prop 754/tcp # Kerberos slave propagation
kerberos-adm 464/udp # Kerberos Password Change
protocol
kerberos-cpw 464/tcp # Kerberos Password Change
protocol
4. Add a host key to the /etc/krb5.keytab file
The keytab file is the one described in the previous section on
Windows 2000 or 2003 using ktpass. You need to securely transfer
the keytab file previously created to your HP-UX machine and name
it krb5.keytab in the /etc directory. If you already have an
existing/etc/krb5.keytab file, merge the new keytab file with the
existing one. ktutil is a tool provided with the Kerberos product for
you to maintain the keytab file.
NOTE The keytab file should only be readable by the root user.
5. Synchronize the HP-UX clock to the Windows 2000 or 2003 clock.
These must be synchronized within two minutes. You can run
Network Time Synchronizer to synchronize both clocks. If the tool is
not available, you can manually synchronize them by setting
“Date/Time Properties” on Windows 2000 or 2003 and running
/etc/set_parms date_time on HP-UX.
6. Configure /etc/pam.conf, the PAM configuration file which
specifies PAM service modules for PAM applications. To use PAM
Kerberos as authentication module, edit /etc/pam.conf to include
the PAM Kerberos library /usr/lib/security/libpam_krb5.1 for
all four services: authentication, account management, session
management, and password management. A sample PAM
configuration file can be found in Appendix D, “Sample PAM
Configuration File,” on page 179.