Configuring the Kerberos Environment

Configuration Files for GSS-API

QOP values are used with the Kerberos V5 GSS-API mechanism as input to gss_wrap() and gss_get_mic() in order to select alternate integrity and confidentiality algorithms.

Table 3-3shows the format of the /etc/gss/qop file:

Table 3-3

Format of the /etc/gss/qop file

 

 

 

 

 

Column

Description

 

 

 

 

First column

Specifies the string name of QOP.

 

 

 

 

Second column

Contains its QOP value (32-bit

 

 

integer).

 

 

 

 

Third column

Contains names of the security

 

 

mechanism.

 

 

 

Following is a sample /etc/gss/qop file:

#

QOP string

QOP Value

Mechanism

Name

#

 

 

 

 

GSS_KRB5_INTEG_C_QOP_DES_MD5 0

 

krb5_mech

 

The gsscred.conf File

Use the gsscred.conf file to determine the underlying gsscred backend used to store the gsscred table. In HP-UX, it must contain an entry only as files.

Following is a sample /etc/gss/gsscred.conf file:

#gsscred configuration file

#Valid gsscred backend mechanisms are

#files

#

files

84

Chapter 3