|
|
Sponsored Content
Special Forums
Cybersecurity
Security Advisories (RSS)
Password prompt with Kerberos
Post 302407966 by pludi on Saturday 27th of March 2010 10:45:33 AM
03-27-2010
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
i have a request about rcp.
is it possible to to make a rcp sessions for a normal user witch should have this option without a password prompt.
what are the important steps ....
add the host and user i the .rhosts
and
and
.
.
.
.
many thx (1 Reply)
Discussion started by: scottl
1 Replies
2. IP Networking
Hi
I am using a Solaris 2.5.1 and i am unable to logon on the console.
When i key in say, root on the login prompt, it does not prompt me for password but instead return to the login prompt again.
Please help.
thanks (2 Replies)
Discussion started by: owls
2 Replies
3. Shell Programming and Scripting
Hi,
First i want to tell you i am not a administrator and everytime to run a sqlscritpt i have to login as SU in a particular account to connect to sqlplus..
I want to write a script which can make me free by doin this .. since i am having the permission for SU i want to know if i can SUDO... (7 Replies)
Discussion started by: myelvis
7 Replies
4. UNIX for Advanced & Expert Users
hi
I have installed a new Linux machine and having another machine having Solaris on it. i want that when i log into my solaris machine using rlogin from Linux machine then no password prompt occurs...
Thanks in advance. (4 Replies)
Discussion started by: rochitsharma
4 Replies
5. OS X (Apple)
Hey there, I'm trying to do a very simple rsync to back up my computer to an external drive connected via usb every night, but it keeps asking for a password. I tried using the password file flag, but it looks like that is only a daemon. Does anyone have any ideas? This has eaten up a lot of my... (4 Replies)
Discussion started by: aarond
4 Replies
6. UNIX for Advanced & Expert Users
Is there any way I can change the prompt which asks for the password on a UNIX system? e.g. When I login using Telnet instead of "Password" I should get "Correct Password".
Thanks,
Vineet (3 Replies)
Discussion started by: vineetd
3 Replies
7. Red Hat
Hello,
I installed Kerberos on Red Hat. My testing tool checks for the prompt when user log-in. Unfortunately I don't have access to that testing tool so I have to fix somehow the prompt.
My testing tool expects this format:
login: XYZ
Password:
When I installed Kerberos I have this format:... (1 Reply)
Discussion started by: susja
1 Replies
8. Solaris
Hi All,
I have created a new user. Using the below command I have created the user successfully.
useradd -c "Test user" -d /tmp/test -g Testgroup -s /bin/ksh -u 601 Test
I don't want to set the password using “passwd” command after creating a user.
I want to prompt for the new... (2 Replies)
Discussion started by: kalpeer
2 Replies
9. UNIX for Dummies Questions & Answers
hi,
i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one.
also this needs to be automated like while sudo'ing to... (3 Replies)
Discussion started by: krk
3 Replies
10. Shell Programming and Scripting
Hi All,
I am currently writing script to get the details for lot of hosts from jump server. Means each and every time it will ssh to the host and get the information. To achieve that I need to automatically accept the password from Jump server to that main hosts. We are using kerberos password... (6 Replies)
Discussion started by: kamauv234
6 Replies
LEARN ABOUT REDHAT
pam_krb5
pam_krb5(8) System Administrator's Manual pam_krb5(8) NAME
pam_krb5 - Kerberos 5 authentication SYNOPSIS
auth required /lib/security/pam_krb5.so session optional /lib/security/pam_krb5.so account sufficient /lib/security/pam_krb5.so password sufficient /lib/security/pam_krb5.so DESCRIPTION
pam_krb5.so is designed to allow smooth integration of Kerberos 5 password- checking with applications built using PAM. It also supports session-specific ticket files (which are neater), and Kerberos IV ticket file grabbing. Its main use is as an authentication module, but it also supplies the same functions as a session-management module to better support poorly-written applications, and a couple of other workarounds as well. It also supports account management and password-changing. When a user logs in, the module's authentication function performs a simple password check and, if possible, obtains Kerberos 5 and Ker- beros IV credentials, caching them for later use. When the application requests initialization of credentials (or opens a session), the usual ticket files are created. When the application subsequently requests deletion of credentials or closing of the session, the module deletes the ticket files. ARGUMENTS
debug turns on debugging via syslog(3). Debugging messages are logged with priority LOG_DEBUG. addressless tells pam_krb5.so to obtain credentials without address lists. This may be necessary if your network uses NAT, and should otherwise not be used. hosts=host tells pam_krb5.so to obtain credentials using the address of the given host in addition to the addresses of interfaces on the local workstation. For example, if your workstation is behind a masquerading firewall, specifying the firewall's outward-facing address here should allow Kerberos authentication to succeed. banner=Kerberos tells pam_krb5.so how to identify itself when users attempt to change their passwords. ccache_dir=/tmp tells pam_krb5.so which directory to use for storing credential caches. forwardable tells pam_krb5.so that credentials it obtains should be forwardable. keytab=/etc/krb5.keytab tells pam_krb5.so the location of a keytab to use when validating credentials obtained from KDCs. krb4_convert tells pam_krb5.so to obtain Kerberos IV credentials for users, in addition to Kerberos 5 credentials. minimum_uid=0 tells pam_krb5.so to ignore authentication attempts by users with UIDs below the specified number. no_user_check tells pam_krb5.so to not check if a user exists on the local system, and to create ccache files owned by the current process's UID. This is useful for situations where a non-privileged server process needs to use Kerberized services on behalf of remote users who may not have local access. Note that such a server should have an encrypted connection with its client in order to avoid allowing the user's password to be eavesdropped. proxiable tells pam_krb5.so that credentials it obtains should be proxiable. realm=realm overrides the default realm set in /etc/krb5.conf, which pam_krb5.so will attempt to authenticate users to. renew_lifetime=36000 sets the default renewable lifetime for credentials. skip_first_pass tells pam_krb5.so to not bother checking a password that has been set by a module listed earlier in the stack. This option is included mainly for completeness. ticket_lifetime=36000 sets the default lifetime for credentials. try_first_pass tells pam_krb5.so to check the password as with use_first_pass, but to prompt the user for another one if the previously-entered one fails. This is the default mode of operation. use_first_pass tells pam_krb5.so to get the user's entered password as it was stored by a module listed earlier in the stack, usually pam_unix or pam_pwdb, instead of prompting the user for it. use_authtok tells pam_krb5.so to never prompt for passwords when changing passwords. This is useful if you are using pam_cracklib.so to try to enforce use of less-easy-to-guess passwords. validate tells pam_krb5.so to verify that the TGT obtained from the realm's servers has not been spoofed. FILES
/etc/krb5.conf SEE ALSO
pam_krb5(5) BUGS
Probably, but let's hope not. If you find any, please email the author. AUTHOR
Nalin Dahyabhai <nalin@redhat.com> Red Hat Linux 2002/02/15 pam_krb5(8)