Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 5 Configuration

Auto-Configuration of the Security Server
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

An automated tool named, krbsetup, has been provided to auto-configure your Kerberos Server. Using this tool, you can configure; un-configure; start and stop the kdcd and the kadmind daemons.

This tool is installed at the following directory:

/opt/krb5/sbin

This tool will automatically create your krb.conf and krb.realms files and places them in the /opt/krb5 directory. This tool allows you:

  • specify whether you want to configure your Kerberos server as either a Primary security server or a Secondary security server

  • customize your realm name

  • enables you with the option of creating a stash file

  • allows you to specify the encryption type

The other sections in the configuration files will be set to it's default values. If you want to customize these sections, you will have to manually edit the configuration files and restart the kdcd and kadmind daemons using this tool. This tool also allows you to customize the encryption type and stash file.

Refer to “Configuration Files For The Kerberos Server”, for more information.

NOTE: It is strongly recommend that you use this tool to configure your basic Kerberos Server.

Given below is a step-wise procedure to auto-configure your Kerberos server:

  1. Run the utility, /opt/krb5/sbin/krbsetup

  2. Select one of the following options:

      1) Configure the server
      2) Start the Kerberos daemons
      3) Stop the Kerberos daemons
      4) Un-configure the Server
      5) Exit
     
      6) Help

  3. Select option 1 to configure the server.

    1. You will be prompted to opt between Configuring your Kerberos Server as either a Primary Security Server or a Secondary Security Server.

      1. Select option 1 to configure your Kerberos Server as a primary security server

      2. Select option 2 to configure your Kerberos Server as a secondary security server. Before you logon to the Remote Administrator, stop the daemons that are already running on the Secondary Server.

      NOTE: The steps mentioned below are the identical for configuring both the primary security server as well as the secondary security server.

    2. You will be prompted to specify the encryption type. If you do not specify this value, the default value, DES-MD5, will be selected.

    3. You will be prompted to stash the principal database key on your local disk. Press " y" to stash the principal database key file or " n" if you do not want to stash the principal database key file.

    4. If you have selected 1, that is, selected to configure your primary security server, you are now prompted for the names of your secondary security servers.

    5. If you have selected 2, that is, selected to configure your secondary security server, you are now prompted for the name of your Primary Security Server.

    6. You will be prompted to enter the realm name. The default value is displayed. If you choose to use the default then, press the return key, else enter your realm name.

    7. You will be prompted to enter the database master password.

    8. You will be prompted to re-enter the database master password to verify the password.

    9. Your configuration is now complete and your Kerberos daemons are up and running. To return to the main menu, press the return key.

  4. Select option 2 to start the Kerberos daemons. Press the return key to return to the main menu.

  5. Select option 3 to stop the Kerberos daemons. Press the return key to return to the main menu.

  6. Select option 4 to un-configure the Kerberos daemons. You will be prompted with a message to confirm this action. Press "y" to un-configure the Kerberos Server and "n" to return to the main menu.

  7. Select option 5 to exit from the tool.

  8. Select option 6 to view the help contents.

The krb.conf file, with the default values for all the sections generated by the auto-configuration tool is as shown below:

Your_Realm_NAme
Your_Realm_Name Your_Secondary_Server1
Your_Realm_Name Your_Secondary_Server2
Your_Realm_Name host.subdomain.domain.com admin server

The krb.realms file, with the default values generated by the auto-configuration tool is as shown below:

Your_Primary_Security_Server Your_Realm_Name #
.Your_Secondary_Security_Server Your_Realm_Name #
*.Your_Domain_Name Your_Realm_Name #



Configuration Files For The Kerberos Server
  		 


Manual Configuration Of The Kerberos Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.