HP System Management Homepage Version 3.2.2 User Guide (509679-005; March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX System Administration

Message

HTTP error

code

Situation

ERROR: Kerberos login failure; Authorization

Required.

401The user has a Kerberos credential, and the clock skew is within

the desired limits, but the user is not listed in the allowed Kerberos

users list in the SMH configuration file.

When an authentication error occurs, the system administrator should check the SMH HTTP server error log

to obtain more information about the error.

For example, when the clock skew among the machines is too large, the following log message is written:

[Mon Feb 11 13:18:37 2008] [error] [client 192.168.182.145] mod_spnego:

gss_accept_sec_context failed; GSS-API mechanism: Clock skew too great.

The following levels of user authorizations are available:

• Administrator Users with Administrator access can view all information provided through HP SMH.

The appropriate default user group,

Administrators

for Windows operating systems and

root

for HP-UX

and Linux, always has administrative access.

• Operator Users with Operator access can view and set most information provided through HP SMH.

Some web applications limit access to the most critical information to administrators only.

• User Users with User access can view most information provided through HP SMH. Some web

applications restrict viewing of critical information from individuals with User access.

To enable or disable Kerberos and add groups to the allowed Kerberos group list, complete the following

steps for each level of access.

Kerberos support is provided on a per-user basis.

Kerberos Administrator

To add a Kerberos Administrator:

1. Select Settings from the menu.

2. In the System Management Homepage box, click the Security link.

3. Click the Kerberos Authorization link.

4. In the Kerberos Configuration area, select the box beside Enable Kerberos Support.

5. In the Group Name textbox, enter a name in the group@REALM format or REALM\group

Only alphanumeric and underline values are permitted. The use of special characters such as ~ ' ! # $

% ^ & * ( ) + = / " : ' < > ? , | ; are not permitted.

6. Click the Administrator radio button beside Type.

7. Click Add. The values entered are added as a new line in the list table.

You can continue to add groups with administrative access by following steps 5 through 7.

8. Click Apply.

To remove a Kerberos Administrator:

1. Select Settings from the menu.

2. In the System Management Homepage box, click the Security link.

3. Click the Kerberos Authorization link.

4. Click the check box beside the Group Name in the dynamic list that you want to remove from HP SMH.

5. Click Remove.

6. Click Apply.

Kerberos Operator

To add a Kerberos Operator:

1. Select Settings from the menu.

2. In the System Management Homepage box, click the Security link.

3. Click the Kerberos Authorization link.

4. In the Kerberos Configuration area, select the box beside Enable Kerberos Support.

System Management Homepage box 47