You can configure the HMC so that it uses Key Distribution Center (KDC) servers for
Kerberos remote authentication.
Before you begin
When a user logs in to the HMC, authentication is first verifies against a local password file.
If a local password file is not found, the HMC can contact a remote Kerberos server for
authentication. You must configure your HMC so that it uses Kerberos remote authentication.
Note: Before you configure the HMC so that it uses KDC servers for Kerberos remote authentication,
you must ensure that a working network connection exists between the HMC and the KDC servers. For
more information about configuring HMC network connections, see
Configuring the HMC network types.
About this task
To configure the HMC so that it uses KDC servers for Kerberos remote authentication,
complete the following steps:
Procedure
-
Enable the Network Time Protocol (NTP) service on the HMC and set the HMC and the KDC servers
to synchronize time with the same NTP server. To enable the NTP service on the HMC, complete the
following steps:
-
In the navigation area, click the HMC
Management icon , and then select Console Settings.
-
In the content pane, select Change Date and Time.
-
Select the NTP Configuration tab.
-
Select Enable NTP service on this HMC.
-
Click OK.
-
Configure each remote HMC user's profile so that it uses Kerberos remote authentication instead
of local authentication.
-
Optionally, you can import a service-key file into this HMC. The service-key file contains the
host principal that identifies the HMC to the KDC server. Service-key files are also known as
keytabs. To import a service-key file into this HMC, complete the following steps:
-
In the navigation area, click the Users and Security icon , and then select Systems and Console Security.
-
In the content pane, select Manage KDC.
-
Select Actions > Import Service Key. The Import Service Key window
opens.
-
Type the location of the service key file.
-
Click OK.
-
Add a new KDC server to this HMC. To add a new KDC server to this HMC, complete the following
steps:
-
In the navigation area, click the Users and Security icon , and then select Systems and Console Security.
-
In the content pane, select Manage KDC.
-
Select Actions > Add KDC Server. The Import Service Key window
opens.
-
Type the realm and the host name or IP address of the KDC server.
-
Click OK.