allow the clients to get service tickets to be used with other servers without the need to give them the password every time they request services.
So, given a user has a
9.2.1 Configuring Kerberos Security with HACMP Version 4.3
With HACMP Version 4.3 there is a handy script to do the kerberos setup for you, called cl_setup_kerberos. It sets up all the IP labels defined to the HACMP cluster together with the needed kerberos principals, so that remote kerberized commands will work.
On an SP the setup_authent command does the
You can either do that manually, or use the cl_setup_kerberos tool. To manually add the kerberos principals, use the kadmin command. Necessary principals for kerberized operation in enhanced security mode are the (remote) rcmd principals and the godm principals. As always, a kerberos principal consists of a name, godm for example, an IP label, like hadave1_stby and a realm, so that the principal in its full length would look like godm.hadave1_stby@ITSO.AUSTIN.IBM.COM.
Now after adding all the needed principals to the kerberos database, you must also add them to
Now you can extend root’s .klogin file and /etc/krb.realms file to reflect the new principals, and copy these files out to the node as well.
Special RS/6000 SP Topics 189