Filter
Top Products
Chapter 7 HPSS User Interface Configuration
420 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
Important fields in the /etc/krb5.conf:
[libdefaults] stanza:
The default_realm should map to the kerberos realm name you wish to use, which in
most cases will be the same as the dce cell name.
The default_keytab_name (which is on the server host) is typically /krb5/v5srvtab.
This is the keytab used by the ndcg kerberos service.
[realms] stanza:
This contains the information for the kerberos realm. It has the realm_name followed
by information about the realm in the format shown in the sample file.
The kdc field is a required field. This must point to the fully qualified hostname on
which the kdc (key distribution center) resides. Additionally one can specify the port
used by the kdc (88)
[domain_realm] stanza:
This stanza contains mappings for the various hosts in the kerberos cell. At the very
least it should have
❖ A mapping from the NDCG server host (dopey.clearlake.ibm.com) to the
realm name (dopey_cell.clearlake.ibm.com)
❖ A mapping from the NDAPI client machine (happy.clearlake.ibm.com)tothe
realm name (dopey_cell.clearlake.ibm.com)
[Please note that this stanza requires fully qualified hostname.]
7.2.3.2.2 On the Non DCE Gateway machine:
2. Make sure you already have the /etc/krb5.conf and the /krb5/v5srvtab files
3. Add ndcg and host entries for target kerberos database.
Thus if your hostname is dopey.clearlake.ibm.com your ndcg service will be called ndcg/
dopey.clearlake.ibm.com and your host will be called host/dopey.clearlake.ibm.com
Here is how to do it using rgy_edit:
➢ login as root and perform a dce_login as cell_admin
➢ run rgy_edit and issue the following commands:
rgy_edit=> domain principal
Domain changed to: principal
rgy_edit=> add host/dopey.clearlake.ibm.com -f \
"KRB5 host principal"
rgy_edit=> add ndcg/dopey.clearlake.ibm.com -f \
"KRB5 service principal"