test

Sun Enterprise Authentication Mechanism 1.0.2 Guide

How to Configure a SEAM Network Application Server

This procedure uses the following configuration parameters:

  1. Prerequisites for configuring an application server.

    This procedure requires that the master KDC has been configured. To fully test the process, several clients must be installed.

  2. Install SEAM remote application software.

    The SEAM 1.0.2 software must be installed. See "How to Install SEAM 1.0.2 Packages" for complete installation instructions.

  3. (Optional) Install NTP client or other clock synchronization mechanism.

    See "Synchronizing Clocks between KDCs and SEAM Clients" in System Administration Guide: Security Services for information about NTP.

  4. Add principals for the new server and update the server's keytab.

    The following command reports the existence of the host principal.


    boston # klist -k |grep host
4 host/boston.example.com@EXAMPLE.COM

    If the command does not return a principal, then create new principals using the following steps.

    Using the SEAM Administration Tool to add a principal is explained in "Administering Principals" in System Administration Guide: Security Services. The example below shows how to add the required principals using the command line. You must log on with one of the admin principal names that you created when configuring the master KDC.


    boston # /usr/sbin/kadmin -p kws/admin
Enter password: <Enter kws/admin password>
kadmin:

    1. Create the server's host principal.


      kadmin: addprinc -randkey host/boston.example.com
Principal "host/boston.example.com" created.
kadmin:

    2. Add the server's host principal to the server's keytab.

      If the kadmin command is not running, restart it with a command like: /usr/sbin/kadmin -p kws/admin 


      kadmin: ktadd host/boston.example.com
kadmin: Entry for principal host/boston.example.com with
  kvno 3, encryption type DES-CBC-CRC added to keytab
  WRFILE:/etc/krb5/krb5.keytab
kadmin: quit

    3. Quit kadmin 


      kadmin: quit