05-03-2001
Hi there,
I'm not sure if this is the best way of doing it, but have you taken a look at the kerbd and the /etc/krb.conf?
their man pages may help you as well.
10 More Discussions You Might Find Interesting
1. Solaris
i m new 2 unix world
can some body explain me abt kerberos
pls explain in detail..! (2 Replies)
Discussion started by: sriram.s
2 Replies
2. HP-UX
I am getting the following error message when trying to login to the client:
while verifying tgt
If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23
Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies
3. AIX
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies
4. AIX
I was wondering if any of you have used NFS4 with KERBEROS in a HACMP setup and environment with more than 1 resourcegroup that has NFS mount in them.
I Configures the host keys for an Network File System (NFS) server I get stuck with the nfshostkey
I can only add one at a time per system so... (0 Replies)
Discussion started by: ravager
0 Replies
5. UNIX for Dummies Questions & Answers
Hi,
We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model.
Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies
6. Programming
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies
7. AIX
Good day
I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.
When I ran kinit username I get a ticket and I can display it using klist.
When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies
8. AIX
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Discussion started by: PassLine
11 Replies
9. OS X (Apple)
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies
10. UNIX for Dummies Questions & Answers
Hi ,
I am trying to authenticate my id on client server with Kerberos and receiving below error
kinit rpagadala@BDC.soft.net
kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials
Please find krb5.conf on the client server configuration which is... (1 Reply)
Discussion started by: Tomlight
1 Replies
LEARN ABOUT DEBIAN
krb.excl
KRB.EXCL(5) AFS File Reference KRB.EXCL(5)
NAME
krb.excl - Lists exclusions for mapping kerberos principals to AFS identities
DESCRIPTION
/etc/openafs/server/krb.excl is an optional file that resides on an OpenAFS server and is used to list exceptions to the algorithm of
mapping kerberos principals to AFS identities. It contains the name of one or more principals; each principal should be on a line by
itself. If a principal appears in this file, that principal will never be recognized by an OpenAFS server as a local identity, even if the
realm is specified as a local realm in krb.conf(5).
The principal names specified in this file must include the realm, and should be in Kerberos 4 format. That is, specify "user.inst@REALM",
not "user/inst@REALM", "user.inst", nor "user/inst".
RATIONALE
It is possible to use the krb.conf(5) configuration file to specify that multiple Kerberos realms can be considered `local' realms by
OpenAFS fileservers, and those realms can be used nearly interchangeably. A site may list "FOO.EXAMPLE.COM" and "BAR.EXAMPLE.COM" to allow
users to access AFS by using Kerberos tickets from either "FOO.EXAMPLE.COM" or "BAR.EXAMPLE.COM", and be treated as AFS users local to that
cell.
In many setups, one realm is really a `local' realm that is managed by the AFS administrators, and another `foreign' realm is specified in
krb.conf that is managed by someone else, but in the same organization. In such a case, the principal names for users are the same, so
users should be able to use either realm to authenticate to AFS. However, the principals for administrators are not the same between the
two realms, and so the administrators in the `foreign' realm should not be considered AFS administrators. Specifying the administrator
principals in the `foreign' realm prevents this, but still allows users to use either realm.
EXAMPLES
The realms "FOO.EXAMPLE.COM" and "AD.EXAMPLE.COM" are configured to both be local realms, but "AD.EXAMPLE.COM" should not be used by AFS
administrators. The AFS administrators are "admin" and "smith.admin". krb.excl contains:
admin@AD.EXAMPLE.COM
smith.admin@AD.EXAMPLE.COM
Now if someone authenticates with tickets for "smith/admin@AD.EXAMPLE.COM", they will not be recognized as the "smith.admin" AFS identity.
However, "smith@AD.EXAMPLE.COM" will be treated as the "smith" AFS identity, and "smith/admin@FOO.EXAMPLE.COM" will still be treated as
"smith.admin".
SEE ALSO
krb.conf(5)
COPYRIGHT
Copyright 2010 Sine Nomine Associates
This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Andrew Deason for
OpenAFS.
OpenAFS 2012-03-26 KRB.EXCL(5)