HP UX LDAP-UX Integration Software manual Change /etc/pam.conf to use PAM Kerberos

The keytab file is the one described in the previous section on Windows 2000 using ktpass. You need to transfer this file securely to your HP-UX machine and name it krb5.keytab in the /etc/ directory. If you already have an existing /etc/krb5.keytab file, you need to merge the new keytab file with the existing one. ktutil is a tool provided with the product for you to import the keys. This file should be readable only by root.

Synchronize the HP-UX clock to the Windows 2000 clock:

The clocks in Windows 2000 and your HP-UX machine must be synchronized. The default clock sync time is within 5 minutes. You can run Network Time Synchronizer to synchronize both clocks. If the tool is not available, you can manually synchronize them by setting “Date/Time Properties” on Windows 2000 and running “/etc/set_parms date_time”on HP-UX.

Step 3: Change /etc/pam.conf to use PAM Kerberos.

/etc/pam.conf is the PAM configuration file which specifies PAM service modules for PAM applications. To use PAM Kerberos as authentication module, you will need to edit /etc/pam.conf to include the PAM Kerberos library /usr/lib/security/libpam_krb5.1 for all four services: authentication, account management, session management, and password management. Refer to PAM Kerberos Release Note for detailed information on PAM configuration. The following is an example:

#Account management

#Session management

15