The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Operating Systems > SUN Solaris
Solaris 10 Kerberos with local account locking Solaris 10 Kerberos with local account locking
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


SUN Solaris The Solaris Operating System, usually known simply as Solaris, is a free Unix-based operating system introduced by Sun Microsystems .

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Auto create local account with winbind. d_ark Linux 1 06-02-2008 08:15 AM
ftp account locking morgadoa SUN Solaris 5 10-19-2007 10:47 AM
solari s 10 auto account locking BG_JrAdmin SUN Solaris 3 06-28-2006 06:41 PM
Heimdal kerberos and Solaris 8 Client perezive SUN Solaris 0 06-30-2005 11:54 AM
Kerberos Solaris 10 x86 SAUnterC UNIX for Dummies Questions & Answers 2 05-29-2005 03:10 AM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 03-20-2008
rmaavnii rmaavnii is offline
Registered User
  
 

Join Date: Mar 2008
Posts: 1
Solaris 10 Kerberos with local account locking
Hello Gurus,

I desperately need help to replicate the functionality that I had with Solaris 8 and SEAM into Solaris 10.

Our application needs a few users which are created with the application install. One of our customer requires Kerberos as single sign-on because of their IT department policies. In the past, we had installed SEAM on Solaris 8, created principals for local application users on the KDC and locked their local accounts. This way, these application users were prompted for password only once (kerberos password).

Now we are required to move to Solaris 10 and I am trying to do the same thing with Solaris 10 kerberos. The problem is, as soon as I lock these local accounts, application users cannot login with their kerberos passwords either. If I do not lock the passwords, users can still access the system if they enter the incorrect kerberos password, but correct local password, which is undesirable. How can I accomplish the same effect as Solaris 8 and SEAM combo?

Following are the content of my pam.conf file in Solaris 8, which works with local account locking.


Code:
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
  
rlogin  auth sufficient         pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_auth.so.1

rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_auth.so.1

ppp     auth requisite          pam_authtok_get.so.1
ppp     auth required           pam_dhkeys.so.1
ppp     auth required           pam_unix_auth.so.1
ppp     auth required           pam_dial_auth.so.1

other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_auth.so.1

passwd  auth required           pam_passwd_auth.so.1

cron    account required        pam_projects.so.1
cron    account required        pam_unix_account.so.1

other   account requisite       pam_roles.so.1
other   account required        pam_projects.so.1
other   account required        pam_unix_account.so.1

other   session required        pam_unix_session.so.1

other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
other   password required       pam_authtok_store.so.1

rlogin        auth optional       pam_krb5.so.1 try_first_pass
login         auth optional       pam_krb5.so.1 try_first_pass
dtlogin      auth optional       pam_krb5.so.1 try_first_pass
dtsession  auth required       pam_unix.so.1
krlogin      auth required       pam_krb5.so.1 acceptor
ktelnet     auth required       pam_krb5.so.1 acceptor
krsh         auth required       pam_krb5.so.1 acceptor
other       auth optional       pam_krb5.so.1 try_first_pass
dtlogin     account optional   pam_krb5.so.1
other       account optional   pam_krb5.so.1
other       session optional    pam_krb5.so.1
other       password optional pam_krb5.so.1 try_first_pass

I have tried different configurations of pam.conf in Solaris 10, but nothing seems to work.
Thank you in advance for any help y'all can provide.
Closed Thread

Bookmarks

« what is /devices/pseudo/ ?? | Unix software & documentation. »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 04:53 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0