HP UX Kerberos Data Security Software manual 85

Configuring the Kerberos Environment

Configuring the Kerberos Server

Configuring the Kerberos Server

You can configure a Kerberos client in the same way whether your KDC server is a Kerberos server on HP-UX 11i or a Microsoft 2000 KDC server. However, for a Microsoft Windows 2000 KDC server or the Kerberos server on HP-UX 11i, the server configuration procedures are different. To configure a Microsoft Windows 2000 KDC server or Kerberos server on HP-UX 11i, you must follow the KDC Server configuration instructions accompanied with your server software.

You can configure your Kerberos server with C-Tree or LDAP as the backend database. For instructions on configuring HP’s Kerberos Server, see Kerberos Server Version 3.12 Administrator’s Guide (5991-7686)available on www.docs.hp.com.

Configuring Your Microsoft Windows 2000 KDC

To configure your Microsoft Windows 2000 KDC, complete the following steps:

1.Use the Active Directory Management tool to create a new account for the UNIX host:

•From Administrators Tools, select Active Directory Users and Computers.

•Select the Users folder, select Action from the top menu, click New, then click User.

•Add the name of a UNIX host as a user by entering the hostname as the user name, and host/hostname as user logon name.

2.Create a keytab file for the Kerberos client on Microsoft Windows 2000 KDC.

•Locate ktpass on Microsoft Windows 2000

•Use ktpass to create the KEYTAB file and set up the account for the UNIX host.

C:> ktpass -princhost/hostname@NT-DNS-REALM-NAME -mapuserhostname -passyour-password -outhostname.keytab

where: