Using NIM to install clients configured with Kerberos 5 authentication

In AIX® 4.3.3 and later, NIM can be used to install machines in an environment configured for Kerberos 5 authentication.

Clients configured for Kerberos 5 authentication will contain a $HOME/.k5login file for the root user. This file will contain an entry that specifies what host token is required to allow remote command execution. This entry uses the following form:

The NIM master and all secure clients must have DCE installed and configured at a level greater than or equal to 2.2.1.

If secure clients will be reinstalled with BOS, the authentication methods on the NIM master should be set for both Kerberos 5 and Standard UNIX. Because the client will not have DCE or Kerberos 5 configured and running after the BOS is installed. NIM will therefore have to rely on standard rhosts to remotely execute commands on the client until it can be configured with Kerberos 5 and made into a secure client.

If only software customization and maintenance will be performed, the NIM master must have its authentication methods set to match those of the clients. To manage secure clients, the master will need authentication methods set to include Standard UNIX.