Setting up a network for RPCSEC-GSS
The network that is being set up in this scenario contains five servers and is configured for RPCSEC-GSS.
The five servers on the network are as follows:
kdc.austin.ibm.com
alpha.austin.ibm.com
beta.austin.ibm.com
gamma.austin.ibm.com
zeta.austin.ibm.com
kdc.austin.ibm.com
will be configured
as the Key Distribution Center (KDC) server, and the Kerberos realm AUSTIN.IBM.COM
will
be created, on which all of the systems except kdc.austin.ibm.com
and zeta.austin.ibm.com
will
be NFS servers offering file systems exported with RPCSEC-GSS.Systems alpha.austin.ibm.com
and beta.austin.ibm.com
have
an additional link between them; across that link, they appear to
each other as fast_alpha.test.austin.com
and fast_beta.test.austin.ibm.com
.
For this reason, an additional configuration step will be required.
In
addition, this network has the following users, which have been configured
on some of the systems:
adam
brian
charlie
dave
eric
Note: The following setup is provided only as an example, and
may not be appropriate for all environments. See the Administrator's
and User's Guide for the Network Authentication Service before attempting
to set up a new Kerberos realm.
Note: Kerberos requires that
the system time be reasonably close throughout the network. Before
beginning this procedure, you should set up a mechanism to automatically
synchronize time throughout the network, such as the AIX® timed daemon
or an NTP setup.