unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 krbval(1m)			   HP DCE			  krbval(1m)




 NAME
      krbval - test if a Kerberos client can function in its realm.

 SYNOPSIS
      krbval [-c] [-s] [-v] [-p] [-C server [port]] [-S [port]] [-C realm]

 DESCRIPTION
      krbval runs a series of tests that verify whether or not a local
      Kerberos client is configured correctly in a realm. This version of
      krbval is based on Kerberos V5 Release 1.0 and will not work with
      configuration files for other versions of Kerberos.

      krbval performs the following validation tests:


	+  Contact the KDC for the default realm, to see if it responds to
	   requests

	+  Verify default Kerberos configuration file, /etc/krb5.conf. Since
	   you can override the default location by setting the environment
	   variable 'KRB5-CONFIG', krbval will check here first.

	+  Verify entries in /etc/krb5.keytab

	+  Verify Kerberos entries in /etc/services

	+  Check Kerberos environment variables

	+  Check for previous versions of Kerberos configuration and keytab
	   files. Note, it will not use these older files; it will just
	   report on their existence.

	+  Act as either client or server application in a test of the
	   authentication path


 OPTIONS
      -c	Check client configuration only

      -s	Check server configuration only

      -v	Run in verbose mode.

      -p	Check for previous Kerberos configurations. Checks for
		Beta4, Beta5-7 and Release 1.0 configuration and keytab
		files.

      -C server [port]
		Act as the client in a client/server test application.	Port
		will default to 4444 unless specified.




 Hewlett-Packard Company	    - 1 -	    HP DCE/9000 Version 1.5






 krbval(1m)			   HP DCE			  krbval(1m)




      -S [port] Act as the server in a client/server test application. Port
		will default to 4444 unless specified.

      -r realm	Ping the KDC for the specified realm. If the realm is not
		supplied, then krbval uses the realm specified in the
		krb5.conf file. All other options are ignored.


 Test Application Setup
      Before krbval can be used successfully as a test application, the
      following steps must be performed.  1. Validate the Kerberos client
      configuration on both client and server nodes. 2. Create a host
      principal for the server node in the security database (KDC) (e.g.
      host/servernode.myorg.com). 3. Add a key for the host principal to the
      keytab file /etc/krb5.keytab on the server node. dcecp can be used
      with the DCE security service to create principals and create/modify
      keytabs.

      dcecp can be used with the DCE security service to create principals
      and keytabs.

      Start the server side first with krbval -S, then the client with
      krbval -C <servernode>.  If you specify a port, the same port must be
      used for both client and server. The same node can be used for both
      client and server. If you do so, use separate terminal windows for
      clarity of results.

 AUTHOR
      krbval was developed by HP.

 SEE ALSO
      krb_config (1m) dcecp (1m)

 RELATED INFORMATION
      Whitepaper: Using HP DCE 9000 Security with Kerberos Applications,
      found in /opt/dce/newconfig/RelNotes/krbWhitePaper.ps


















 Hewlett-Packard Company	    - 2 -	    HP DCE/9000 Version 1.5