Manuals / HP / Computer Equipment / Software

HP UX Kerberos Data Security Software manual Contents

Models: UX Kerberos Data Security Software

1 285

Download 285 pages 23.05 Kb

<>

Troubleshooting Install Error codes Password Editing the Default File Symbols Administration Maintenance Authentication Problems Occur Diagnostic Tools Summary

Page 12

Contents

12

Page 11 Page 13

Image 12

HP UX Kerberos Data Security Software manual Contents

Page 11 Page 13

Related manuals

Manual 327 pages 9.34 Kb

Manual 13 pages 9.67 Kb

Related pages All Contents page Table of Contents for Poulan 96048000500 Contents for Intel 100BASE-TX Contents for Samsung AQ100 Contents of Carton for Craftsman 919.19541 Contents for Samsung YP-R1JEP/XEF Table of Contents for Packard Bell ML Table of Contents for Burnham SM-6 Contents for Delta Tau 4Ax-602804-xHxx Xiv Table of Contents for NEC P Section Title Section Content for Honeywell HC900 What are the features of the Engenius EAP9550?

Contents

Edition Manufacturing Part Number T1417-90003 E0602 Legal Notices Page Page Contents Administration Contents Contents Inter-realm Troubleshooting Glossary Index Contents Tables Tables Figures Figures Preface Accessing the World Wide Web AudienceRelated Software Products Related Documentation Related Request for Comments RFCs Conventions Width Using This Manual Glossary Index Overview Chapter Overview How The Kerberos Server Works Conﬁguring and Administering the Kerberos Server on HP-UX Authentication Process Authentication Process Step TGT Authentication Process Authentication Process DES vs 3DES Key Type Settings Must be assigned a key type or default keys issued byKrbtgt/REALM Name is the ticket-granting principal. This is Is added to the database. The krbtgt/REALM NAMEprincipal Installation Installation Before Installing The Kerberos Server Hardware Requirements Software Requirements Installing The Kerberos Server With SD-UX Installing The Kerberos Server Chapter Migration Migration Policy Migration on Step-wise Procedure For Migration on Policy Migration Step-wise Procedure For Migration For version 2.0 of the Kerberos Server, as described in Step On successful completion the following message is displayed Step-wise Procedure For Migration Chapter Interoperability With Windows Interoperability With Windows Chapter Overview Understanding the Terminology Understanding the Terminology Table of Analogous Terms Table of Analogous Terms HP’s Kerberos Server Windows HP’s Kerberos Server and Windows 2000 Interoperability Case Establishing Trust Between HP’s Kerberos Servers and Windows Single Realm Domain Authentication Inter-Realm Inter-Domain Authentication Special Considerations for Interoperability Database ConsiderationsEncryption Considerations Postdated Tickets Special Considerations for Interoperability Chapter Conﬁguration Conﬁguration Conﬁguration Files For The Kerberos Server Security Server Files That Require ConﬁgurationFile Auto-Conﬁguration of the Security Server Auto-Conﬁguration of the Security Server Return to the main menu Manual Conﬁguration Of The Kerberos Server Editing the Conﬁguration Files Manual Conﬁguration Of The Kerberos Server Krb.conf Krb.conf Format Realm Sample krb.conf File Reference Krb.realms Krb.realms Format Krb.realms Sample krb.realms Sample krb.realms Chapter Conﬁguring The Primary Server Creating The Principal Database After Installation Add An Administrative Principal To add an administrative principal usingAdministrator Run Command-Line-Administrator,kadmin Create The host/fqdn principal And Extract Its Service Key Start the Kerberos daemons Deﬁne Secondary Server Network Locations Password Policy File AdminaclﬁleSecurity Policies Starting the Security Server Summary Sbin/initd/krbsrv start Conﬁguring The Secondary Security Servers Create the Principal DatabaseCopy the Kerberos Conﬁguration File Create a host/fqdn Principal and Extract Its Key Administration Administration Administering the Kerberos Database Kadmind Adminaclﬁle Assigning Administrative Permissions List prinicpal. This is redundant with i or Adding Entries to the adminaclﬁle Creating Administrative Accounts Using Restricted AdminsitratorHow the r/R Modiﬁers Work 100 Password Policy File Editing the Default FileDefault Password Policy Settings for the base group Password Policy setting Default 102 Principals 104 Adding New Service Principals Adding User Principals Reserved Service Principals Chapter 107 Do not remove or modify this principal entry Remove Special Privilege Settings Removing User Principals Protecting Secret Keys Removing Service Principals Kadmin Vs kadminl Administration Tools Administration Tools Tool Name Tool Description Administrator Standard Functionality of the Administrator Apply Local Administrator kadminlui Usage of kadminlui Chapter 117 Principals Tab Principals Tab Chapter 119 General Tab Principal Information window General Tab Principal Information Window Chapter 121 Adding Principals to the Database To add a principal Same settings To simultaneously add multiple principals with Creating an Administrative Principal To create an administrative principal Chapter 125 Finding a Principal To search for a principalSearch Criteria Chapter 127 128 Deleting a Principal To delete a user principal Loading Default Values for a Principal To reload the default values for a principal To restore previously saved values for a principal Restoring Previously Saved Values for a Principal Changing Ticket Information To change ticket information Chapter 133 Rules for Setting Maximum Ticket Lifetime Example Rules for Setting Maximum Renew Time Examples Changing Password Information To change the password information A principal’s password. You must inform the principal Password at their next logon Password Tab Principal Information Password Tab Principal Information WindowWindow Chapter 139 Change Password window Password tab Change Password Window Password Tab Chapter 141 Changing Key Types To change a DES principal’s key type to 3DES Chapter 143 Changing Principal Attributes To change principal attributes Attributes Tab Principal Information Attributes Tab Principal Information Window 146 Chapter 147 148 Chapter 149 Deleting a Service Principal To delete a service principal Extracting Service Keys To securely extract principal keys to the service key 152 Extract Service Key Table window Extract Service Key Table Window 154 Using Groups to Control Settings To edit the default group Group Information window Principal Group Information Window Setting the Default Group Principal Attributes Default Principal AttributesPrincipal Attributes Setting Administrative Permissions To set administrative permissions Administrative Permissions Administrative Permissions Chapter 161 162 Realms Tab Realms Tab Realm Information window Realms tab 10 Realm Information Window Realms Tab Adding a Realm To add a realm Deleting a Realm To delete a realm Remote Administrator kadminui 168 Administration Manual Administration Using kadmin Chapter 171 Add a New Principal Add Random Key Specify New Password Change Password to a New Randomly Generated PasswordDelete a Principal Extract a Principal List the Attributes of a Principal Modifying a Principal To modify the principal admin, you need to do the following Number of Authentication failures fcnt Key Version Number Attribute Attributes Allow Postdated Attribute Allow Renewable Attribute Allow Forwardable Attribute Allow Proxy Attribute Require Preauthentication Attribute Allow Duplicate Session Key Attribute Require Password Change Attribute Allow as Service Attribute Lock Principal Attribute Require Initial Authentication Attribute Following Authentication Set As Password Change Service Attribute Tgtbased Password Expiration Attribute Principal Expiration Attribute Maximum Ticket Lifetime Attribute Maximum Renew Time Attribute Key Type AttributeSalt Type Attribute Chapter 189 Principal Database Utilities Principal Database Utilities If you want to Use This Tool Creating the Kerberos Database 192 Database Encryption Database Master Password Destroying the Kerberos Database Dumping the Kerberos Database Loading the Kerberos Database Stashing the Master Key Chapter 199 Services Situation Daemons and Services Starting and Stopping DaemonsSituations that require Starting and Stopping Daemons Maintenance Tasks Master PasswordProtecting Security Server Secrets Host/fqdn@REALM Backing Up Primary Server Data Special Note on Backing up the Principal Database Chapter 203 Removing Unused Space From the Database Chapter 205 206 Propagation 208 Propagation Hierarchy Propagation Relationships Service Key Table v5srvtab Extracting a Key to the Service Key Table FileMaintaining Secret Keys In The Key Table File Creating a New Service Key Table File Deleting Older Keys From the Service Key Table File Propagation Tools Propagation Tools If You Want To Use This Tool Chapter 213 Kpropd Mkpropcf 216 Kpropd.ini Defaultvalues section Sections Chapter 219 Secsrvname Section Examples All servers contain the following entries 222 Prpadmin Setting Up Propagation Chapter 225 226 Chapter 227 228 Critical Error Messages Monitoring PropagationMonitoring the Log File Monitoring Propagation Queue Files Monitoring for Old File Date and Large File Size Principal.ok Time Stamp Does Not Update Comparing the Database to its Copies Authentication Problems Occur Administration Appears Normal Log Files Indicate Problems Authentication Tests SucceedNumber of Principals Does Not Match Kdbdump Restarting Propagation Using the Simple Process Restarting Propagation Using the Full Dump Method Propagation Failure Converting a Secondary Server to a Primary Server Restarting Services Cleaning the Temp Directory 238 Conﬁguring for Multi-realm Enterprises Number of Realms per DatabasePrimary Servers That Support Multiple Realms Multiple Primary Servers That Support a Single Realm Adding More Realms to a Multi-realm DatabaseDatabase Propagation for Multi-realm Databases To Conﬁgure a propagation in a multi-realm environment 242 Inter-realm 244 Considering Trust Relationships One-way TrustTwo-way Trust Hierarchical Trust Other Types Of Trust Chapter 247 248 Chapter 249 Conﬁguring Direct Trust Relationships Direct Trust Relationship Example Hierarchical Inter-realm Trust Hierarchical Chain of TrustHierarchical Inter-realm Example Hierarchical Inter-realm Conﬁguration 254 Chapter 255 256 Chapter 257 258 Troubleshooting 260 Chapter 261 Characterizing the Problem Chapter 263 Diagnostic Tools Summary Diagnostic Tools Troubleshooting Kerberos Error MessagesLogging Capabilities Services Checklist Unix Syslog File Troubleshooting Techniques Table of Errors Messages Chapter 269 270 General Errors Forgotten PasswordsLocking and Unlocking Accounts Clock Synchronization Typical User Error Messages Decrypt integrity check failed Administrative Error Messages Password has expired while getting initial ticketService key not available while getting initial ticket Action Chapter 275 Reporting Problems to Your Hewlett-Packard Support Contact Chapter 277 278 Glossary Glossary Glossary 281 Ticket-granting-ticket Symbols Index 284 285

Top Page Image Contents