Key Distribution Center Configuration
Key Distribution Centers (KDC) servers can be used by the HMC for remote Kerberos authentication. To configure a KDC server:
- In the Navigation
Pane, select HMC Management.
- Select Configure KDC.
Follow the direction on the KDC configuration panel to add or remove a KDC server or add or remove a service key.
To use Kerberos remote authentication for the HMC, you must complete the following.
- You must enable the NTP service on the HMC and set the HMC and the KDC servers to synchronize time with the same NTP server. You can enable the NTP service on the HMC by accessing Change Date and Time under HMC Management.
- You must set the user profile of each remote user to use Kerberos remote authentication instead of local authentication. A user that is set to use Kerberos remote authentication will always use Kerberos remote authentication, even when the user logs onto the HMC locally. (You do not need to set all users to use Kerberos remote authentication. You can set some user profiles so that the users can use local authentication only.)
- You must ensure that a working network connection exists between the HMC and the KDC servers.
Optionally, you can import a service-key file into the HMC. The service-key file contains the host principal that identifies the HMC to the KDC server. Service-key files are also known as keytabs.
|
