- vi /etc/resolv.conf - vi /etc/hosts /etc/hostname.* /etc/inet/netmasks /etc/defaultrouter - vi /etc/nsswitch.conf (hosts: files dns) - vi /etc/ssh/sshd_config (PermitRootLogin yes) ----------------- # cat >>/etc/ssh/ssh_config<<EOT Host * GSSAPIAuthentication yes GssapiDelegateCredentials yes EOT ----------------- ----------------- # cat /etc/krb5/krb5.conf [libdefaults] default_realm = FLUXCOIL.NET default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des3-hmac-sha1 default_tgs_enctypes = des3-hmac-sha1 [realms] FLUXCOIL.NET = { kdc = sid64.fluxcoil.net admin_server = sid64.fluxcoil.net default_domain = fluxcoil.net } [domain_realm] fluxcoil.net = FLUXCOIL.NET .fluxcoil.net = FLUXCOIL.NET [logging] kdc = FILE:/var/krb5/kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/kdc.log ----------------- kadmin > addprinc -randkey host/sol10.fluxcoil.net > ktadd -k /etc/krb5/krb5.keytab host/sol10.fluxcoil.net cat >>/etc/pam.conf<<EOT sshd-kbdint auth sufficient pam_krb5.so.1 telnet auth sufficient pam_krb5.so.1 rlogin auth sufficient pam_krb5.so.1 EOT svcadm enable ssh svcadm enable eklogin # enable encrypted kerberized login svcadm disable autofs # make creation of userhomes under /home easier # make sure account-infos for users are there, account not locked! ldap or use useradd -m, passwd. # ldapclient manual -a authenticationMethod=none -a defaultSearchBase=dc=fluxcoil,dc=net -a defaultServerList=10.0.0.23 # Solaris 10 systems can be issued AES keys (AES-128 if the encryption package is not installed, # AES-256 otherwise) or RC4, 3DES, or DES.