Prerequisites for setting up a NIM environment with NFS security using Kerberos 5

Edit online

Your system must meet these prerequisites before you can configure Kerberos 5.

  • The NIM master must have AIX Version 7.1 or later installed.
  • The NIM master must be configured.
  • IBM Network Access Server (NAS) Version 1.4 or later from the AIX Expansion Pack CD server files must be installed:
    • krb5.lic
    • krb5.client
    • krb5.server
    • modcrypt.base
  • Kerberos services must be configured and authenticated with the Key Distribution Center (KDC) server.
  • Any participating NIM clients must have AIX 6.1 or later installed.
  • IBM NAS Version 1.4 or later from the AIX Expansion Pack CD client files must be installed:
    • krb5.lic
    • krb5.client
    • modcrypt.base
  • The Kerberos client must be configured and authenticated with the KDC server.

While NIM is capable of configuring NFS V4, due to the variation of Kerberos configurations, you must manage the KDC configuration and services outside of NIM. Use the sec option in the NIM database for export-list generation only. You can use the sample scripts in the bos.sysmgt.nim.client fileset to set up Kerberos. After Kerberos 5 is configured in the NIM environment, you must authenticate and obtain tickets for each client and the NIM master. Use the usr/krb5/bin/kinit command for ticket-granting options.

For additional help for NIM and Kerberos 5, see the /usr/lpp/bos.sysmgt/nim/README file.