Hub/Switch Installation Guide
Chapter 5 HPSS Infrastructure Configuration
248 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
-random \
-registry
◆ For each entry in /krb5/hpssclient.keytab do:
% dcecp -c keytab add \
/.:/hosts/$HPSS-CDS_HOST/config/keytab/hpssclient.keytab \
-member <entry_name> \
-random \
-registry
where <entry_name> refers to an entry in the keytab file; e.g., hpss_ssm, and
$HPSS_CDS_HOST refers to the CDS machine host name; e.g., hydra.
3. See the discussion immediately following this step! Propagate the resulting keytab files to
every HPSS server machine. Note that the most secure mechanism for performing this is
“footnet”. If FTP is used, be sure to specify the “bin” option. The keytab files on every
HPSS system should have the following ownership and permissions set:
/krb5/hpss.keytabs hpss hpss rw- rw- ---
/krb5/hpssclient.keytab hpss hpss rw- rw- ---
It is strongly recommended that both keytab files be generated on a single HPSS server machine
and securely propagated to every other HPSS server machine; however, a customer may prefer to
create appropriate keytab files which contain only the entries required for a specific HPSS server
machine. This, however, is strongly discouraged because it can create a “Catch 22” condition in
which the encryption keys on one or more HPSSsystems cannotbe set to match the keys stored in
the DCE Registry!
Ifacustomized keytabfile is usedonevery differentHPSS serversystem,steps 1and 2abovemust
be performed on each system.
If the keyfor aserver on one machineis changed,do not change thekey onanother machine since
this will de-synchronize the entry on the first system changed!