Chapter 7 HPSS User Interface Configuration
HPSS Installation Guide September 2002 419
Release 4.5, Revision 2
Perform the following on the NDCG server:
• If your OS supports it and you wish to use DES encryption to encrypt/decrypt your
userid/password make sure you have the following line in Makefile.macros before
compiling hpss.
NDAPI_INTERNATIONAL_SUPPORT = off
In case of international sites and for sites that don't have DES support, this flag can be set
to on which will then use an alternate hashing mechanism to perform the encryption.
• Check the DCE Authentication box on the NDCG Gateway Type Specific config screen in
SSM
Perform the following on the NDCL client:
• Copy the encryption key from the NDCG type specific config screen to the ndcl.keyconfig
file (See Section 7.2.1: Configuration Files on page 415 for more information)
• Compile the client library (ndcl) with the -DAUTH_TYPE_DCE flag enabled in the
Makefile
• Make sure you link the math libraries (-lm) with your client application when you build it.
This is required for performing encryption.
7.2.3.2 Kerberos Mode
7.2.3.2.1 On both the Non DCE Client and Non DCE Gateway machines:
1. Create a kerberos realm that includes the client machine as well as the machine running the
NDCG.
This includes setting up the /etc/krb5.conf file on the client and the server.
Sample /etc/krb5.conf:
[libdefaults]
default_realm = dopey_cell.clearlake.ibm.com
default_keytab_name = /krb5/v5srvtab
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
dopey_cell.clearlake.ibm.com = {
kdc = dopey.clearlake.ibm.com:88
}
[domain_realm]
dopey.clearlake.ibm.com = dopey_cell.clearlake.ibm.com
happy.clearlake.ibm.com = dopey_cell.clearlake.ibm.com