Chapter 7 HPSS User Interface ConfigurationHPSS Installation Guide September 2002 419Release 4.5, Revision 2Perform the following on the NDCG server:• If your OS supports it and you wish to use DES encryption to encrypt/decrypt youruserid/password make sure you have the following line in Makefile.macros beforecompiling hpss.NDAPI_INTERNATIONAL_SUPPORT = offIn case of international sites and for sites that don't have DES support, this flag can be setto on which will then use an alternate hashing mechanism to perform the encryption.• Check the DCE Authentication box on the NDCG Gateway Type Specific config screen inSSMPerform the following on the NDCL client:• Copy the encryption key from the NDCG type specific config screen to the ndcl.keyconfigfile (See Section 7.2.1: Configuration Files on page 415 for more information)• Compile the client library (ndcl) with the -DAUTH_TYPE_DCE flag enabled in theMakefile• Make sure you link the math libraries (-lm) with your client application when you build it.This is required for performing encryption.7.2.3.2 Kerberos Mode7.2.3.2.1 On both the Non DCE Client and Non DCE Gateway machines:1. Create a kerberos realm that includes the client machine as well as the machine running theNDCG.This includes setting up the /etc/krb5.conf file on the client and the server.Sample /etc/krb5.conf:[libdefaults]default_realm = dopey_cell.clearlake.ibm.comdefault_keytab_name = /krb5/v5srvtabdefault_tkt_enctypes = des-cbc-crcdefault_tgs_enctypes = des-cbc-crc[realms]dopey_cell.clearlake.ibm.com = {kdc = dopey.clearlake.ibm.com:88}[domain_realm]dopey.clearlake.ibm.com = dopey_cell.clearlake.ibm.comhappy.clearlake.ibm.com = dopey_cell.clearlake.ibm.com
