About HP DCE/9000 Version 1.7
Interoperability and Compatibility
Neither DES nor
Kerberos Authentication Protocol
Compatibility
The DCE Security authentication service implements Kerberos Version
5.DCE Security does not provide backward compatibility support for Kerberos Version 4.
DCE Support for Kerberos Applications and Configuration Notes
HP DCE 1.7 makes available enhanced configuration features specific to Kerberos Version 5. Configuration with dce_config has been updated to do the following for either a security server or client:
•Create a host principal, account and keytab entry for secure BSD remote utilities.
•Create the file /etc/krb5.conf for use by Kerberos V5 Beta
•Create the file /krb5/krb.realms for Kerberos V5 B4 applications.
•Add the entries klogin, kshell, ekshell, and eklogin as well as kerberos5 and
•Link the /etc/krb5.keytab file, which is the default keytab used by Kerberos V5 Release 1.0 clients, to the /krb5/v5srvtab file, which is the default keytab used by DCE clients. The file /etc/v5srvtab, which is the default keytab file used by Kerberos V5 Beta clients, is also linked to the /krb5/srvtab file.
The host principal uses a fully qualified host name. To construct this name, dce_config appends the Internet domain name to the host name in the format: host_name.domain_name. For example, when the domain name is ch.hp.com, and the host name is fred, the fully qualified host name is fred.ch.hp.com.
Planning and Configuring HP DCE 1.7 |