Create /etc/krb5.conf | HP UX LDAP-UX Integration Software guide

Step 2: Configure your HP-UX machine to authenticate using PAM Kerberos.

The PAM Kerberos Release Note contains detailed information on how to configure a HP-UX machine to use PAM Kerberos and use Windows 2000 as the KDC. Here is the brief description of the task.

Create /etc/krb5.conf:

/etc/krb5.conf is the Kerberos configuration file which specifies the default realm, the location of a KDC server and the log file names. The Kerberos client depends on the configuration to locate the realm’s KDC. The following is an example of /etc/krb5.conf which has the realm LA.CAL.COM, and machine myhost.la.cal.com as KDC:

[libdefaults]

default_realm = LA.CAL.COM

default_tgs_enctypes = DES-CBC-CRC default_tkt_enctypes = DES-CBC-CRC ccache_type = 2

[realms] LA.CAL.COM = {

kdc = MYHOST.LA.CAL.COM:88

kpasswd_server = MYHOST.LA.CAL.COM:464

}

[domain_realm]

.la.cal.com = LA.CAL.COM

[logging]

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log

The permission of /etc/krb5.conf should be 644 and owned by root.

Add the Kerberos services to /etc/services:

The /etc/services file needs to contain Kerberos services. If your /etc/services is from the HP-UX 11.00 release, the Kerberos will already exist. If your /etc/services doesn’t have Kerberos services, add the following:

kerberos	88/udp	kdc	# Kerberos v5 kdc
kerberos	88/tcp	kdc	# Kerberos V5 kdc
klogin	543/tcp		# Kerberos rlogin -kfall
kshell	544/tcp	cmd	# Kerberos remote shell
kerberos-adm	464/udp		# Kerberos 5 password change protocol
kerberos-adm	464/tcp		# Kerberos 5 password change protocol
kerberos-adm	749/udp		# Kerberos 5 admin/changepw
kerberos-adm	749/tcp		# Kerberos 5 admin/changepw
krb5_prop	754/tcp		# Kerberos slave propagation
eklogin	2105/tcp		# Kerberos encrypted rlogin
krb524	4444/tcp		# Kerberos 5 to 4 ticket translator

HP UX LDAP-UX Integration Software manual Create /etc/krb5.conf