Before you can import a service key file into an HMC, a
service key file must first be created on the Kerberos server for
the HMC host. The service key file contains the host principal of
the HMC client, for example, host/example.com@EXAMPLE.COM.
In addition to KDC Authentication, the host service key file is used
to enable password-less SSH (Secure Shell) login using GSSAPI.
Note: For MIT Kerberos V5 *nix distributions, create a service key
file by running the kadmin utility on a KDC and using
the ktadd command. Other Kerberos implementations
may require a different process to create a service key.
To import a service key:
- Open the KDC Configuration task from the HMC Management work
pane.
- From the Actions drop down list, select Import Service
Key.
- Select from one of the following:
- Local - The service key must be located on removable media
currently mounted on the HMC. You must use this option locally at
the HMC (not remotely), and you must mount the removable media to
the HMC before using this option. Specify the full path of the service
key file on the media.
- Remote - The service key must be located on a remote site
available to the HMC via secure FTP. You can import a service key
file from any remote site that has SSH (Secure Shell) installed and
running. Specify the hostname of the site, a user ID and password
for the site, and the full path of the service key file on the remote
site.
- Click OK.
Implementation of the service key file will not take effect until
the HMC is rebooted.
Subscribe to this information