Chapter 7 HPSS User Interface Configuration
HPSS Installation Guide September 2002 421
Release 4.5, Revision 2
rgy_edit=> domain account
Domain changed to: account
rgy_edit=> add host/dopey.clearlake.ibm.com
Enter account group [gname]: none
Enter account organization [oname]: none
Enter password: qwerty
Retype password: qwerty
Enter your password: <cell_admin_password>
Enter misc info: () KRB5 host account
[all other prompts can be answered with "Enter"]
...
rgy_edit=> add ndcg/dopey.clearlake.ibm.com
Enter account group [gname]: none
Enter account organization [oname]: none
Enter password:
Retype password:
Enter your password:
Enter misc info: () KRB5 service account
[all other prompts can be answered with "Enter"]
...
This would create host and ndcg entries for dopey.clearlake.ibm.com. Replacethis
host name with the actual name ofthe target. Use the fully domain-qualified name;
Kerberos expects this!
The password represented as "qwerty" above should be any easily typed and
easily remembered string, because it is going to get changed in the next step. None
of the passwords you type are actually echoed to the screen.
Now Create keytab entries for the new principals on the target.
rgy_edit=> ktadd -p host/dopey.clearlake.ibm.com -pw qwerty
rgy_edit=> ktadd -p host/dopey.clearlake.ibm.com -r -a
rgy_edit=> ktadd -p ndcg/dopey.clearlake.ibm.com -pw qwerty
rgy_edit=> ktadd -p ndcg/dopey.clearlake.ibm.com -r -a
rgy_edit=> quit
4. Set the HPSS_KCHILD_KEYTAB environment variable if necessary. By default, the /krb5/
v5srvtab keytab will be used.
5. Check the kerberos box in the Non-DCE Gateway Configuration SSM screen
6. Make sure the Non-DCE Gateway is set to run as root. This can be set through the Non-
DCE Gateway’s Basic Server Configuration SSM screen.
7.2.3.2.3 On the Non-DCE Client machine:
[Note: step 1 is in Section 7.2.3.2.1: On both the Non DCE Client and Non DCE Gateway
machines: on page 419]
