Local Server Configuration

For information on installing the Kerberos Server, see the z/OS Network Authentication Service Administration Guide.

To implement the Kerberos Server SKRBKDC

Enter the command:

TSS CREATE(SKRBKDC) NAME(‘kerb server acid’)
                    PASS(NOPW,0)
                    DEPT(sysdept)
                    FACILITY(BATCH,STC,OPENMVS)
                    SOURCE(INTRDR)

A region ACID for the procedure is defined.

Enter the command:

TSS ADD(SKRBKDC) UID(0)
                 HOME(/etc/skrb/home/kdc)
                 OMVSPGM(/bin/sh)
                 GROUP(omvsgrp)
                 DFLTGRP(omvsgrp)
TSS PER(SKRBKDC) HFSSEC(/BIN.SH)
                 ACC(READ,EXEC)
TSS PER(SKRBDDC) HFSSEC(/ETC.SKRB)
                 ACC(READ)

Permissions and keywords for the ACID are established.

Add any permissions needed as determined by the variables settings in the configuration file, /var/skrb/home/kdc/envar:
```
TSS PER(SKRBKDC) HFSSEC(nlspath)
                 ACC(READ,EXEC)
TSS PER(SKRBKDC) HFSSEC(nlslocale)
                 ACC(READ,EXEC)
```
The installation defaults are:
```
nlspath: /USR.LPP.SKRB.LIB.NLS.MSG.EN_US$IBM$1047.SKR
nlslocale: /USR.LIB.NLS.LOCALE.EN_US
```
This will differ if you apply a different language path (NLSPATH) in the configuration environment.
Determine the STDOUT and STDERR files specified in your file. In the Kerberos configuration file, the variables will contain the file names required.
```
EUV_SVC_STDOUT_FILENAME
EUV_SVC_STDERR_FILENAME
```

Enter the command:

TSS PER(SKRBKDC) HFSSEC(/VAR.SKRB.LOGS.)
                 ACC(ALL)

Access is allowed to the STDERR and STDOUT files.

Enter the command:
```
TSS PER(SKRBKDC) HFSSEC(/VAR.SKRB.CREDS)
                 ACC(ALL)
```
Read and write credentials are added to the server.

Enter the command:

TSS ADD(STC) PROCNAME(SKRBKDC)

             ACID(SKRBKDC)

The procedure is added to the STC.