Set up Kerberos Client on AIX

1. Install Kerberos packages:

krb5.client.rte 1.4.0.7 # Network Authentication Servi…
krb5.lic 1.4.0.7 # Network Authentication Servi…

2. Configure kerberos

/usr/krb5/sbin/config.krb5 -C -r YOURDOMAIN.COM -d yourdomain.com \
-c yourdomaincontroller.com -s yourdomaincontroller.com

3. Copy /etc/krb5/krb5.conf and /usr/lib/security/methods.cfg from a good server

4. Change the users:

mkuser registery=KRB5Afiles SYSTEM=KRB5Afiles testuser

5. Make sure the clock is sync’d correctly

Set up a VIO server to be more useable

The special padmin user that IBM tried to make us all use was a big mistake. A vio server is really just an AIX server with a different set of commands. I find it easier to circumvent all of this:

SEED=somegoodhost
scp $SEED:/etc/security/login.cfg /etc/security/login.cfg
chuser su=true login=true rlogin=true shell=/usr/bin/bash root
ln -s /usr/ios/cli/ioscli /usr/sbin/ioscli
chuser shell=/usr/bin/bash groups=staff,buxs rigljoha