IBM Books

Installation and Migration Guide

Task B. Update Kerberos V4 SP authentication services on the primary control workstation

This section describes the steps you take to update Kerberos V4 on the primary control workstation.

Step 10: Add the Kerberos V4 principal

Use this procedure to add principals for all the primary boot addresses (if the principals do not already exist.)

Some of the network interfaces configured on a regular control workstation become service addresses in the HACWS configuration. For example, a control workstation named sp_cws would have a network interface by the same name. When the SP system becomes an HACWS configuration, sp_cws becomes a service address. Since the service addresses in a rotating configuration rotate with their resource groups, the sp_cws network interface moves back and forth between the primary and backup control workstations.

When the sp_cws network interface is on the backup control workstation, the network adapter on the primary control workstation is known by an alternate name, such as sp_cws_bt. This alternate name is the boot address. The primary boot addresses need to be identified to Kerberos V4 so the backup control workstation can access authenticated services on the primary while the backup control workstation is acting as the system control workstation.

This example shows the procedure you should follow to add the Kerberos V4 principal rcmd, instance sp_cws_bt on the primary control workstation. Run the /usr/kerberos/etc/kdb_edit program as follows:

Opening database...

Enter Kerberos master key: kerberosMasterPassword

Previous or default values are in [brackets] ,
enter return to leave the same, or new value.

Principal name: rcmd

Instance: sp_cws_bt

<Not found>, Create [y] ? <Enter>

Principal: rcmd, Instance: sp_cws_bt, kdc_key_ver: 1

New Password: rcmdPassword Verifying, please re-enter New Password: rcmdPassword

Principal's new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2000-04-28 ] ? <Enter>
Max ticket lifetime (*5 minutes) [ 255 ] ? <Enter>
Attributes [ 0 ] ? <Enter>
Edit O.K.
Principal name: <Enter>
# <end_of_example>

Step 11: Add the Kerberos V4 rcmd service key

This example shows the procedure you should follow to add the Kerberos V4 rcmd service key for each primary control workstation boot address.

Run the /usr/lpp/ssp/kerberos/bin/ksrvutil add command as follows:

Name: rcmd

Instance: sp_cws_bt

Realm: XYZ.COM

Version number: 1

New principal: rcmd.sp_cws_bt@XYZ.COM; version 1

Is this correct? (y,n) <Enter>

Password: RcmdPassword Verifying, please re-enter Password: RcmdPassword

Key successfully added.

Would you like to add another key? (y,n) n

Old keyfile in /etc/krb-srvtab.old. # # <end_of_example>

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]