Configuring ilo for kerberos login, Using the ilo web interface – HP Integrated Lights-Out 3 User Manual

Page 163

Advertising
background image

Universal and global user groups (for authorization)

To set permissions in iLO, you must create a group in the domain directory. Users who log in to
iLO are granted the sum of the permissions for all groups of which they are a member. Only
universal and global user groups can be used to set permissions. Domain local groups are not
supported.

Configuring iLO for Kerberos login

This section describes the iLO requirements for Kerberos login. You can configure iLO for Kerberos
login using the iLO web interface, XML configuration and control scripts, or the CLI, CLP, or SSH
interface.

Using the iLO web interface

To configure the iLO parameters by using the web interface:
1.

Navigate to the Network

→iLO Dedicated Network Port or Shared Network Port→General

page to configure the iLO Hostname parameter in the iLO Subsystem Name (Host Name) box.

The case of the iLO host name used for keytab generation must be identical to the case of the
configured iLO host name.

For more information, see

“Configuring general network settings” (page 72)

.

2.

Navigate to the Administration

→Security→Directory page to configure the following

Kerberos-specific parameters:

Kerberos Authentication

Kerberos Realm

Kerberos KDC Server Address

Kerberos KDC Server Port

Kerberos Keytab

For more information about the Kerberos-specific parameters, see

“Configuring directory

settings” (page 51)

.

3.

Navigate to the Administration

→User Administration page to configure directory groups.

Each Directory Group includes a DN, SID, and permissions. For Kerberos login, the SIDs of
groups of which the user is a member are compared to the SIDs for directory groups for which
iLO is configured. The user is granted the sum of the permissions for all groups of which the
user is a member of.

You can only use global and universal groups to set permissions. Domain local groups are
not supported.

For more information, see

“Managing iLO users by using the iLO web interface” (page 32)

.

4.

Navigate to the Information

→Overview page to check the Current iLO Date/Time.

For more information, see

“Viewing iLO overview information” (page 94)

.

5.

Navigate to the Administration

→Network→SNTP Settings page if you want to change the

date and time.

For Kerberos authentication to function properly, the date and time must be synchronized
between the iLO processor, the KDC, and the client workstation. Set the date and time in iLO
with the server, or obtain the date and time from the network by enabling the SNTP Settings
feature in iLO.

For more information, see

“Configuring SNTP settings” (page 79)

.

Kerberos support

163

Advertising
Popular Brands
Popular manuals