Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH and kerberos authentication problem AIX 5.3
Operating Systems AIX SSH and kerberos authentication problem AIX 5.3 Post 302528163 by kah00na on Monday 6th of June 2011 02:24:10 PM
Old 06-06-2011
We've had the same issue. We use a DNS hostname that round-robin resolves to about 6 different AD servers. Every now the Windows folks would take one of the AD servers down or stop the kerberos service. Then when the hostname resolution took place, if we got an IP for that AD server, we would get failed logins. Our users called and complained that they had to try 4 or 5 times before they were able to get in and they swore they were typing the right password. We resolved it temporarily by specifying a AD server that we knew to be up in the "realms" section of the /etc/krb5/krb5.conf file. Once the AD server was back up, we changed it back.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Kerberos Authentication from Application

Hi, We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model. Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies

2. Linux

IPSec using racoon w/ kerberos authentication

Hi, Anyone can point me a good link to setup IPSec using racoon IKE which uses gssapi_krb authentication method? I have a debain linux box and Windows 2003R2 system, and I want them to communicate using IPSec. Thanks, Emily. (0 Replies)
Discussion started by: egyfan
0 Replies

3. Programming

Kerberos Authentication c/c++

I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api. Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies

4. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies

5. UNIX for Advanced & Expert Users

[Solved] SSH key authentication problem

Hi All, this is the very first time i am going to use SSH authentication. first i login to server@ and under this ..ssh directory of servera i used this following command: ssh-keygen -t rsa -b 1024 and i had 2 files(bravo_dbtest and bravo_dbtest.pub) created respectively, further i copied the... (13 Replies)
Discussion started by: lovelysethii
13 Replies

6. UNIX for Advanced & Expert Users

SSH key authentication problem with 2 servers

hi All, this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies

7. UNIX for Dummies Questions & Answers

Kerberos Authentication error

Hi , I am trying to authenticate my id on client server with Kerberos and receiving below error kinit rpagadala@BDC.soft.net kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials Please find krb5.conf on the client server configuration which is... (1 Reply)
Discussion started by: Tomlight
1 Replies

8. Shell Programming and Scripting

How to automatically store/cache password for kerberos authentication

Hi All, I am currently writing script to get the details for lot of hosts from jump server. Means each and every time it will ssh to the host and get the information. To achieve that I need to automatically accept the password from Jump server to that main hosts. We are using kerberos password... (6 Replies)
Discussion started by: kamauv234
6 Replies

9. Shell Programming and Scripting

PERL and Kerberos authentication

I am installing Authen::Krb5::Easy and during make test I am getting the follwing error : kinit not ok 2 error was: could not get initial credentials: Cannot contact any KDC for requested realm we are stroring krb5.conf in diff location ( not in /etc/krb5.conf) , but, PERL is... (1 Reply)
Discussion started by: talashil
1 Replies

LEARN ABOUT PHP

login.krb5

LOGIN(8)						      System Manager's Manual							  LOGIN(8)

NAME

       login.krb5 - kerberos enhanced login program

SYNOPSIS

       login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]

DESCRIPTION

       login.krb5  is a modification of the BSD login program which is used for two functions.	It is the sub-process used by krlogind and telnetd
       to initiate a user session and it is a replacement for the command-line login program which, when invoked with a  password,  acquires  Ker-
       beros tickets for the user.

       login.krb5  will  prompt  for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
       password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to	get  AFS  tokens  for  the
       user.  The  version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
       the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally	allowed  (permitting  use  of  the
       machine in case of network failure.)

OPTIONS

       -p     preserve the current environment

       -r hostname
	      pass hostname to rlogind.  Must be the last argument.

       -h hostname
	      pass hostname to telnetd, etc.  Must be the last argument.

       -f name
	      Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.

       -F name
	      Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.

       -e name
	      Perform pre-authenticated, encrypted login.  Must do term negotiation.

CONFIGURATION

       login.krb5  is  also  configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
       vided:

       krb5_get_tickets
	      Use password to get V5 tickets. Default value true.

       krb_run_aklog
	      Attempt to run aklog. Default value false.

       aklog_path
	      Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.

       accept_passwd
	      Don't accept plaintext passwords [not yet implemented]. Default value false.

DIAGNOSTICS

       All diagnostic messages are returned on the connection or tty associated with stderr.

SEE ALSO

       rlogind(8), rlogin(1), telnetd(8)

																	  LOGIN(8)
All times are GMT -4. The time now is 03:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy