Chapter 5 HPSS Infrastructure Configuration
248 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
-random \
-registry
For each entry in /krb5/hpssclient.keytab do:
% dcecp -c keytab add \
/.:/hosts/$HPSS-CDS_HOST/config/keytab/hpssclient.keytab \
-member <entry_name> \
-random \
-registry
where<entry_name> refers to an entry in the keytab file; e.g., hpss_ssm, and
$HPSS_CDS_HOST refers to the CDS machine host name; e.g.,hydra.
3. Seethe discussion immediately following this step! Propagate the resulting keytab files to
everyHPSS server machine. Notethat the most secure mechanism for performing this is
footnet”. If FTP is used, be sure to specify the “bin” option. The keytab files on every
HPSS system should have the following ownership and permissions set:
/krb5/hpss.keytabs hpss hpss rw- rw- ---
/krb5/hpssclient.keytab hpss hpss rw- rw- ---
It is strongly recommended that both keytab files be generated on a single HPSS server machine
andsecurely propagated to every other HPSS server machine; however, a customer may prefer to
create appropriate keytab files which contain only the entries required for a specific HPSS server
machine. This, however, is strongly discouraged because it can create a “Catch 22” condition in
whichthe encryption keys on one or more HPSS systems cannot be set to match the keys stored in
the DCE Registry!
Ifa customized keytab file is used on every different HPSS server system, steps 1 and 2 above must
be performed on each system.
Ifthe key for a server on one machine is changed, do not change the key on another machine since
this will de-synchronize the entry on the first system changed!