Installing and configuring the system for Kerberos integrated login using IBM NAS
The IBM® Kerberos implementation of Network Authentication Services (NAS) is shipped on the expansion pack.
installp –aqXYgd . krb5.server
If the machine being configured as a Kerberos server will also be used as a Kerberos client, install the entire Kerberos KRB5 package.
DCE also has a set of Kerberos client utilities with the same names as the Kerberos utilities. To avoid namespace collisions between DCE and Kerberos commands (that is, between the klist, kinit, and kdestroy commands), the Kerberos commands are installed in the /usr/krb5/bin and the /usr/krb5/sbin directories.
export PATH=$PATH:/usr/krb5/sbin:/usr/krb5/bin
Network Authentication Services documentation is provided in the krb5.doc.lang.pdf|html package, where lang represents the supported language.
The AIX® operating system has two database modules available to form a compound load module: LDAP and BUILTIN. The LDAP module is used to access information stored on an LDAP registry (directory) and the BUILTIN module is used to access information stored on a files registry (local file system). The compound load module that is created is typically named KRB5files or KRB5LDAP. These names indicate that KRB5 is used either for authentication and local files or for LDAP.
- KRB5files with Kerberos server information stored in Kerberos Legacy database
- KRB5files with Kerberos server information stored in Kerberos LDAP database
- KRB5LDAP with Kerberos server information stored in Kerberos Legacy database
- KRB5LDAP with Kerberos server information stored in Kerberos LDAP database
When LDAP is the storage mechanism for storing Kerberos principals or AIX user and group information, configure LDAP before you invoke the Kerberos configuration commands. After you configure LDAP, use the mkkrb5srv command to configure the Kerberos servers.