Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering Internet Services: HP 9000 Networking > Chapter 3 Secure Internet Services

Verifying the Secure Internet Services
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

Secure Environment Checklist

The following is a quick checklist to verify that the secure environment is properly configured.

  1. On the KDC, issue a ps -ef command and verify that the necessary security server executables are running. Look for secd on an HP DCE Security Server or krb5kdc on a non-HP Kerberos V5 KDC.

  2. Use an appropriate tool to verify that the desired principals exist in the KDC database. This can usually be done remotely. For the HP DCE Security Server, use dcecp.

  3. Issue a what(1) command for the appropriate Secure Internet Services client and daemon. Verify that the string includes "Secure Internet Svcs".

  4. Ensure that the following entries exist in the /etc/services file or in the NIS services map.

    kerberos5  88/udp  kdc 

klogin    543/tcp

kshell    544/tcp  krcmd  kcmd

  5. Ensure that the following entries exist in /etc/inetd.conf:

    klogin  stream tcp nowait root  /usr/lbin/rlogind   rlogind -K

kshell  stream tcp nowait root  /usr/lbin/remshd    remshd -K 

ftp     stream tcp nowait root /usr/lbin/ftpd     ftpd  

telnet  stream tcp nowait root /usr/lbin/telnetd  telnetd

    Different options may be set from the default options shown above. If you modified the /etc/inetd.conf file, you must run the inetd -c command to force inetd to reread its configuration file.

  6. To ensure that the client configurations are correct, invoke the validation application, krbval. The krbval tool checks for proper configuration of security clients. It can be used to "ping" a particular realm's KDC. It can also check the keys in the keytab file for agreement with the KDC. By acting as a client/daemon service itself, it can further assist in verifying the correctness of the configuration.

    For more information refer to the krbval(1M) man page.The krbval tool is also described in Using HP DCE 9000 Security with Kerberos Applications, available in postscript and ASCII form in the directory /opt/dce/newconfig/RelNotes/ in the files krbWhitePaper.ps and krbWhitePaper.text.

Verifying Usage of Secure Internet Services

You may first want to read the section “Using the Secure Internet Services” before continuing with this section.

  1. Obtain a TGT (ticket granting ticket) from the KDC. On an HP DCE security client, use the dce_login command. On an HP Kerberos Client or a non-HP Kerberos Client, use the kinit command.

  2. Invoke the desired Secure Internet Service in the same manner as in a non-secure environment.

    If the secure versions of ftp, rlogin, and telnet work successfully, the only observable difference from execution on a non-secure system will be that, if a password was required on the non-secure version, then the password prompt will not be displayed on the secure version.

    If the secure versions of remsh (used with a command) and rcp work successfully, there are no observable differences from execution on a non-secure system.

  3. Before logging off the local system, invoke the command kdestroy. This will remove the credentials cache file.



Configuring the Secure Internet Services
  		 


Troubleshooting the Secure Internet Services  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1996 Hewlett-Packard Development Company, L.P.