Contact Us ??? Post: 20987

6 More Discussions You Might Find Interesting

1. IP Networking

Establising FTP contact on Linux

Hi, I was wondering, does anybody know if you have to set up a Linux machine as a server to establish it as a host for a FTP site; therefore enabling me to make contact with the linux machine, from other machine types, such as Solaris and Windows. NB: I can currently ping the IP address from...

2. UNIX for Dummies Questions & Answers

ldapsearch (Can't contact ldap server)

Hi, Can somebody help me with ldapsearch? I am a newbie with linux and trying to do a ldapquery to resolve a full name from Active Directory? When i give the command ldapsearch -h sso541885 "cn=mloon" I get the error "ldap_sasl_interactive_bind_s: can't contact ldap server Regards, ...

3. Solaris

couldn't contact the DHCP server

hi when i configure for DHCP in my solaris it says not able to contact dhcp server.. what might be the problem( is there any problem in recognizing my hostname by DHCP Server)? can any one explain thanks in advance

4. Cybersecurity

I need help with contact form

How can I change my email address from text into an image? Someone told me that this way it won't be picked up by spam bots and it will reduce spam. ---------- Post updated 09-27-09 at 12:57 AM ---------- Previous update was 09-26-09 at 10:53 AM ---------- ---------- Post updated at 12:58 AM...

5. Post Here to Contact Site Administrators and Moderators

Forum etiquette and contact information

I got the following message I tried to send the following reply:Please excuse me for not being more familiar with this forums conventions. I was not aware that I included a personal message. Please help me by: 1. So that I can avoid this problem in the future, please let me know what part of my...

6. Web Development

Contact Form for Download

Hi all, My skills in Web Development are shaky at best. What I want to do is have a simple form on my website. User puts in name & email address -> verification email is sent to them to make sure it is really there email. After this is confirmed, I want to send them a secure download like to...

LEARN ABOUT XFREE86

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)