Configuring the HMC so that it uses Key Distribution Center servers for Kerberos remote authentication

You can configure the HMC so that it uses Key Distribution Center (KDC) servers for Kerberos remote authentication.

Before you begin

When a user logs in to the HMC, authentication is first verifies against a local password file. If a local password file is not found, the HMC can contact a remote Kerberos server for authentication. You must configure your HMC so that it uses Kerberos remote authentication.

Note: Before you configure the HMC so that it uses KDC servers for Kerberos remote authentication, you must ensure that a working network connection exists between the HMC and the KDC servers. For more information about configuring HMC network connections, see Configuring the HMC network types.

About this task

To configure the HMC so that it uses KDC servers for Kerberos remote authentication, complete the following steps:

Procedure

  1. Enable the Network Time Protocol (NTP) service on the HMC and set the HMC and the KDC servers to synchronize time with the same NTP server. To enable the NTP service on the HMC, complete the following steps:
    1. In the navigation area, click the HMC Management icon HMC Management icon, and then select Console Settings.
    2. In the content pane, select Change Date and Time.
    3. Select the NTP Configuration tab.
    4. Select Enable NTP service on this HMC.
    5. Click OK.
  2. Configure each remote HMC user's profile so that it uses Kerberos remote authentication instead of local authentication.
  3. Optionally, you can import a service-key file into this HMC. The service-key file contains the host principal that identifies the HMC to the KDC server. Service-key files are also known as keytabs. To import a service-key file into this HMC, complete the following steps:
    1. In the navigation area, click the Users and Security icon Users and Security icon, and then select Systems and Console Security.
    2. In the content pane, select Manage KDC.
    3. Select Actions > Import Service Key. The Import Service Key window opens.
    4. Type the location of the service key file.
    5. Click OK.
  4. Add a new KDC server to this HMC. To add a new KDC server to this HMC, complete the following steps:
    1. In the navigation area, click the Users and Security icon Users and Security icon, and then select Systems and Console Security.
    2. In the content pane, select Manage KDC.
    3. Select Actions > Add KDC Server. The Import Service Key window opens.
    4. Type the realm and the host name or IP address of the KDC server.
    5. Click OK.