How to Configure a SEAM Network Application Server

This procedure uses the following configuration parameters:

• application server = boston

• admin principle = kws/admin

• DNS domain name = acme.com

• realm name = ACME.COM

1. Prerequisites for configuring an application server.

   This procedure requires that the master KDC has been configured. To fully test the process, several clients must be installed.

2. Install SEAM client software.

   The SEAM client software must be installed.

3. Optional: Install NTP client or other clock synchronization mechanism.

   See "Synchronizing Clocks between KDCs and SEAM Clients" for information about NTP.

4. Start kadmin.

   Using the SEAM Administration Tool to add a principal is explained in "How to Create a New Principal". The example below shows how to add the required principals using the command line. You must log on with one of the admin principal names that you created when configuring the master KDC.

   kdc1 # /usr/krb5/sbin/kadmin -p kws/admin Enter password: <Enter kws/admin password> kadmin:

   1. Create the server's host principal.

      kadmin: addprinc -randkey host/boston.acme.com Principal "host/boston.acme.com" created. kadmin:

   2. Optional: Create a root principal for the host principal.

      kadmin: addprinc root/boston.acme.com Enter password for principal root/boston.acme.com@ACME.COM: <type the password> Re-enter password for principal root/boston.acme.com@ACME.COM: <type it again> Principal "root/boston.acme.com@ACME.COM" created. kadmin:

   3. Add the server's host principal to the server's keytab.

      If the kadmin command is not running, restart it with a command like: /usr/krb5/bin/kadmin -p kws/admin

      kadmin: ktadd host/boston.acme.com kadmin: Entry for principal host/boston.acme.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab kadmin: quit

   4. Quit kadmin

      kadmin: quit