Help on Session Manager and FileView
←Previous Next→ Contents Close Download Help
  Enabling Kerberos Access Control

  In order to enable Kerberos on your DECwindows system,
  you or your system administrator must have first:

  1.  Installed and configured the TCP/IP for OpenVMS Alpha
      software.

  2.  Installed and configured the Kerberos Client for
      OpenVMS software.

  3.  Enabled the SECURITY extension by adding the extension
      abbreviation (SEC_XAG) to the DECW$SERVER_

      EXTENSIONS parameter in the SYS$MANAGER:DECW$PRIVATE_
      SERVER_SETUP file.  For example:

      $  DECW$SERVER_EXTENSIONS  ==  "SEC_XAG,XINERAMA,DBE"

  4.  Obtained the following information:

      *   Location of the KDC

      *   The appropriate node, domain, and realm information
          for adding principals

      *   Your principal name and password

  See the Kerberos Client for OpenVMS documentation for
  information on how to install the Kerberos Client software.

  Authorizing Access
  To grant a set of valid Kerberos principals access to your
  workstation display:

  1.  Choose Security...  from Session Manager's Options menu.
      The Security Options dialog box is displayed.

  2.  Under Server Access Control, choose Kerberos.

  3.  Click on the Configure Principals button.

  4.  Enter the specification(s) for the Kerberos principal(s) you
      want to add to the Authorized Principals list.

      The format of a typical Kerberos principal is pri-
      mary/instance@REALM.

  5.  Click on the Add button.  The principal is added to the
      Authorized Principals box.

  6.  Click on OK to save and apply the changes and close the
      Configure Principals dialog box.

      The Kerberos Login dialog box is displayed, and you are
      prompted to log in and verify your Kerberos credentials.

  7.  Enter your Kerberos principal name and password, and
      click OK.

  Disabling Access
  To disable Kerberos, deselect the Kerberos option, and click

  OK or Apply.

  To prevent one or more principals from accessing your
  session, first click on the name(s) you want to remove.  Then
  click on the Remove button.  Finally, click on OK or Apply.
  The principal will no longer have authorized access to your
  workstation.

  Revoking a Ticket
  Kerberos client credentials are cached for future reuse.  If you
  believe one or more tickets have been compromised, you can
  flush the credentials cache by disabling Kerberos (both server
  and client options) and clicking on the Revoke Ticket button.
←Previous Next→ Contents Close Download Help