05-14-2010
Public Key Authentication over SSH and Sudo-ing Implementation
Hi,
We are currently implementing an Identity Management application which has several Unix systems as its target system. A pre-defined connector will be installed to provide connection between the Identity Management application and the Unix target system. The connection will use Public Key Authentication over SSH and the Unix target system will also implement Sudo-ing.
Currently, the connector for the identity management application does not support the use of both PKA and Sudo to connect to the target systems (UNIX); so we are restricted to using either PKA or Sudo only. I would like to understand if this restriction is a limitation of the identity management application's connector; or if it is a limitation based on the fact that requirement is technically not possible to implement.
Advice would be much appreciated.
Many thanks,
Tristan
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
do we need root access for the remote server to ssh without a password(i.e by using id_rsa.pub method)??? (1 Reply)
Discussion started by: roshanjain2
1 Replies
2. UNIX for Advanced & Expert Users
When should one have to generate a public key on a Server when the public key is already created and used by other clients?
Thanks,
Rahul. (6 Replies)
Discussion started by: rahulrathod
6 Replies
3. UNIX for Advanced & Expert Users
Hi,
I am trying to scp a file from our Unix server to the local Windows machine.I have created the key pair in Unix server using ssh-keygen command in unix.
But I am not sure where can we put the public key(generated on Unix) in Windows machine so that scp from Unix machine to Windows is... (3 Replies)
Discussion started by: dennis.jacob
3 Replies
4. Shell Programming and Scripting
I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key :
ssh-keygen -t rsa
Is there a similar command for the other servers as well.
If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies
5. UNIX for Advanced & Expert Users
I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key :
ssh-keygen -t rsa
Is there a similar command for the other servers as well.
If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies
6. AIX
Hi all,
I have N number of AIX hosts, where I need to login frequently and do some routine tasks (run some scripts). I need to setup ssh public/private key, so I can auto-login via a master (wrapper) script and run each script in each server.
I am trying to setup/generate ssh keys, but am... (6 Replies)
Discussion started by: haroon_a
6 Replies
7. Red Hat
Hi All;
I have an issue with password less authentication via ssh ( v2)
I have two servers Server A and Server B, following are the server details
Server A
OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX... (3 Replies)
Discussion started by: maverick_here
3 Replies
8. Solaris
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Discussion started by: aixlover
1 Replies
9. UNIX for Dummies Questions & Answers
Hi,
please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies
10. UNIX for Advanced & Expert Users
My password-free ssh connection has worked in the past but has stopped working and I can't get it going again.
The files in .ssh on both source and target are set to 600:
drwx------ 2 ingres 1024 Mar 2 13:57 .
drwxr-xr-x 25 ingres 2048 Mar 29 09:38 ..
-rw------- 1 ingres ... (9 Replies)
Discussion started by: Catullus
9 Replies
LEARN ABOUT SUNOS
create-connector-security-map
asadmin-create-connector-security-map(1AS) User Commands asadmin-create-connector-security-map(1AS)
NAME
asadmin-create-connector-security-map, create-connector-security-map - creates a security map for the named connector connection pool
SYNOPSIS
create-connector-security-map --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure|-s] [--passwordfile
filename] [--terse=false] [--echo=false] [--interactive=true] --poolname connector_connection_pool_name --principals principal-name[, prin-
cipal-name]*|--usergroups user-group[, user-group]* --mappedusername user_name [--mappedpassword password] mapname
Creates a security map for the named connector connection pool. If the security map is not present, one is created. You must have first
created a connector connection pool using the create-connector-connection-pool command. The enterprise information system is any system
which holds the information. It can be a mainframe, a messaging system, a database system, or even an application.
The --principals option and --usergroups option are mutually exclusive; only one should be used.
This command is supported in remote mode only.
OPTIONS
--user authorized domain application server administrative username.
--password password to administer the domain application server.
--host machine name where the domain application server is running.
--port port number of the domain application server listening for administration requests.
--secure if true, uses SSL/TLS to communicate with the domain application server.
--passwordfile file containing the domain application server password.
--terse indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
formatted data for consumption by a script. Default is false.
--echo setting to true will echo the command line statement on the standard output. Default is false.
--interactive if set to true (default), only the required password options are prompted.
--poolname connector connection pool name.
--principals a comma separated list of J2EE principals.
--usergroups a comma separated list of J2EE usergroups.
--mappedusername the enterprise information system username.
--mappedpassword the enterprise information system password.
OPERANDS
mapname name of the security map to be created.
Example 1: Using create-connector-security-map
It is assumed that the connector pool has already been created using the create-connector-pool command.
asadmin> create-connector-security-map --user admin --password adminadmin
poolname connector-pool1 --principals principal1,principal2
--usergroups usergroup1,usergroup2 --mappedusername backend-username
--mappedpassword backend-password securityMap1
Command create-connector-security-map executed successfully
EXIT STATUS
0 command executed successfully
1 error in executing the command
asadmin-delete-connector-security-map(1AS), asadmin-list-connector-security-maps(1), asadmin-update-connector-security-map(1AS)
J2EE 1.4 SDK March 2004 asadmin-create-connector-security-map(1AS)