Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Kerberos security
Special Forums Cybersecurity Kerberos security Post 2280 by felida on Thursday 3rd of May 2001 10:33:57 AM
Old 05-03-2001
Hi there,

I'm not sure if this is the best way of doing it, but have you taken a look at the kerbd and the /etc/krb.conf?
their man pages may help you as well.
 

10 More Discussions You Might Find Interesting

1. Solaris

kerberos security

i m new 2 unix world can some body explain me abt kerberos pls explain in detail..! (2 Replies)
Discussion started by: sriram.s
2 Replies

2. HP-UX

LDAP/Kerberos Issue

I am getting the following error message when trying to login to the client: while verifying tgt If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23 Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies

3. AIX

SSH and Kerberos

I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300. I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies

4. AIX

NFS4 with KERBEROS

I was wondering if any of you have used NFS4 with KERBEROS in a HACMP setup and environment with more than 1 resourcegroup that has NFS mount in them. I Configures the host keys for an Network File System (NFS) server I get stuck with the nfshostkey I can only add one at a time per system so... (0 Replies)
Discussion started by: ravager
0 Replies

5. UNIX for Dummies Questions & Answers

Kerberos Authentication from Application

Hi, We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model. Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies

6. Programming

Kerberos Authentication c/c++

I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api. Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies

7. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

8. AIX

Problems with Kerberos and realms

I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it. AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Discussion started by: PassLine
11 Replies

9. OS X (Apple)

OSX and Kerberos

Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from: # sshd: auth account password session auth optional pam_krb5.so use_kcminit auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies

10. UNIX for Dummies Questions & Answers

Kerberos Authentication error

Hi , I am trying to authenticate my id on client server with Kerberos and receiving below error kinit rpagadala@BDC.soft.net kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials Please find krb5.conf on the client server configuration which is... (1 Reply)
Discussion started by: Tomlight
1 Replies

LEARN ABOUT DEBIAN

krb.excl

KRB.EXCL(5)							AFS File Reference						       KRB.EXCL(5)

NAME

       krb.excl - Lists exclusions for mapping kerberos principals to AFS identities

DESCRIPTION

       /etc/openafs/server/krb.excl is an optional file that resides on an OpenAFS server and is used to list exceptions to the algorithm of
       mapping kerberos principals to AFS identities. It contains the name of one or more principals; each principal should be on a line by
       itself. If a principal appears in this file, that principal will never be recognized by an OpenAFS server as a local identity, even if the
       realm is specified as a local realm in krb.conf(5).

       The principal names specified in this file must include the realm, and should be in Kerberos 4 format. That is, specify "user.inst@REALM",
       not "user/inst@REALM", "user.inst", nor "user/inst".

RATIONALE

       It is possible to use the krb.conf(5) configuration file to specify that multiple Kerberos realms can be considered `local' realms by
       OpenAFS fileservers, and those realms can be used nearly interchangeably. A site may list "FOO.EXAMPLE.COM" and "BAR.EXAMPLE.COM" to allow
       users to access AFS by using Kerberos tickets from either "FOO.EXAMPLE.COM" or "BAR.EXAMPLE.COM", and be treated as AFS users local to that
       cell.

       In many setups, one realm is really a `local' realm that is managed by the AFS administrators, and another `foreign' realm is specified in
       krb.conf that is managed by someone else, but in the same organization.	In such a case, the principal names for users are the same, so
       users should be able to use either realm to authenticate to AFS.  However, the principals for administrators are not the same between the
       two realms, and so the administrators in the `foreign' realm should not be considered AFS administrators. Specifying the administrator
       principals in the `foreign' realm prevents this, but still allows users to use either realm.

EXAMPLES

       The realms "FOO.EXAMPLE.COM" and "AD.EXAMPLE.COM" are configured to both be local realms, but "AD.EXAMPLE.COM" should not be used by AFS
       administrators. The AFS administrators are "admin" and "smith.admin".  krb.excl contains:

	  admin@AD.EXAMPLE.COM
	  smith.admin@AD.EXAMPLE.COM

       Now if someone authenticates with tickets for "smith/admin@AD.EXAMPLE.COM", they will not be recognized as the "smith.admin" AFS identity.
       However, "smith@AD.EXAMPLE.COM" will be treated as the "smith" AFS identity, and "smith/admin@FOO.EXAMPLE.COM" will still be treated as
       "smith.admin".

SEE ALSO

       krb.conf(5)

COPYRIGHT

       Copyright 2010 Sine Nomine Associates

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Andrew Deason for
       OpenAFS.

OpenAFS 							    2012-03-26							       KRB.EXCL(5)
All times are GMT -4. The time now is 09:19 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy