|
|
Sponsored Content
Special Forums
UNIX and Linux Applications
Password management / centralized password management
Post 302542936 by Peasant on Friday 29th of July 2011 04:20:18 AM
|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Does it exist centralized tools on unix for managing users of all servers (like windows AD) ? (1 Reply)
Discussion started by: astjen
1 Replies
2. Shell Programming and Scripting
Hi Friends.
I am new to scripting now i want to change the root password using the script with standard password.
which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies
3. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
4. UNIX for Advanced & Expert Users
We have a mix of AIX, HP-UX, Linux (RHEL and SLES), and Solaris in our environment. Currently we have seperate patch management systems for each platform (NIM, SD, Spacewalk, etc), but have started looking for a centralized patch management solution that would work for most, if not all, of our... (0 Replies)
Discussion started by: kknigga
0 Replies
5. UNIX for Dummies Questions & Answers
Hi
We send *.csv with sensitive data to our customers. Our customers open those files with Excel.
A new requirement is that we password protect those CSV files.
I thought to pack them with ZIP and assign a password to the archive.
But Solaris 10 can't encrypt ZIP files.
$ zip -P... (12 Replies)
Discussion started by: slashdotweenie
12 Replies
6. UNIX for Advanced & Expert Users
You know those lists of "the most common passwords"?
I was looking at one of those because I actually want to use a really common password or two on occasion. The thing is I'm skeptical that these are legitimate lists. Most things these days require at least 8 chars with a numeral. But these lists... (1 Reply)
Discussion started by: jutnobs
1 Replies
7. What is on Your Mind?
Original post from this thread on browser caching.
To add to this, it is an effective security measure to clear absolutely all cached data (cookies, web content, ....) when closing the browser - i.e. in case of a shutdown. It takes a bit of work to re-login to all the sites but websites will not... (7 Replies)
Discussion started by: bakunin
7 Replies
8. Forum Support Area for Unregistered Users & Account Problems
I was unable to login and so used the "Forgotten Password' process. I was sent a NEWLY-PROVIDED password and a link through which my password could be changed. The NEWLY-PROVIDED password allowed me to login.
Following the provided link I attempted to update my password to one of my own... (1 Reply)
Discussion started by: Rich Marton
1 Replies
LEARN ABOUT CENTOS
ipa-join
ipa-join(1) IPA Manual Pages ipa-join(1) NAME
ipa-join - Join a machine to an IPA realm and get a keytab for the host service principal SYNOPSIS
ipa-join [-d|--debug] [-q|--quiet] [-u|--unenroll] [-h|--hostname hostname] [-s|--server hostame] [-k|--keytab filename] [-w|--bindpw pass- word] [-b|--basedn basedn] [-?|--help] [--usage] DESCRIPTION
Joins a host to an IPA realm and retrieves a kerberos keytab for the host service principal, or unenrolls an enrolled host from an IPA server. Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or keys) for a kerberos principal. The ipa-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into /etc/krb5.keytab. The location can be overridden with the -k option. The IPA server to contact is set in /etc/ipa/default.conf by default and can be overridden using the -s,--server option. In order to join the machine needs to be authenticated. This can happen in one of two ways: * Authenticate using the current kerberos principal * Provide a password to authenticate with If a client host has already been joined to the IPA realm the ipa-join command will fail. The host will need to be removed from the server using `ipa host-del FQDN` in order to join the client to the realm. This command is normally executed by the ipa-client-install command as part of the enrollment process. The reverse is unenrollment. Unenrolling a host removes the Kerberos key on the IPA server. This prepares the host to be re-enrolled. This uses the host principal stored in /etc/krb5.conf to authenticate to the IPA server to perform the unenrollment. Please note, that while the ipa-join option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA-related configuration. The only way to uninstall a client completely is to use ipa-client-install --uninstall (see ipa-client-install(1)). OPTIONS
-h,--hostname hostname The hostname of this server (FQDN). By default of nodename from uname(2) is used. -s,--server server The hostname of the IPA server (FQDN). Note that by default there is no /etc/ipa/default.conf, in most cases it needs to be sup- plied. -k,--keytab keytab-file The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab -w,--bindpw password The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server) -b,--basedn basedn The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anony- mous binds are disallowed in the IPA LDAP server. -f,--force Force enrolling the host even if host entry exists. -u,--unenroll Unenroll this host from the IPA server. No keytab entry is removed in the process (see ipa-rmkeytab(1)). -q,--quiet Quiet mode. Only errors are displayed. -d,--debug Print the raw XML-RPC output in GSSAPI mode. EXAMPLES
Join IPA domain and retrieve a keytab with kerberos credentials. # kinit admin # ipa-join Join IPA domain and retrieve a keytab using a one-time password. # ipa-join -w secret123 Join IPA domain and save the keytab in another location. # ipa-join -k /tmp/host.keytab EXIT STATUS
The exit status is 0 on success, nonzero on error. 0 Success 1 Kerberos context initialization failed 2 Incorrect usage 3 Out of memory 4 Invalid service principal name 5 No Kerberos credentials cache 6 No Kerberos principal and no bind DN and password 7 Failed to open keytab 8 Failed to create key material 9 Setting keytab failed 10 Bind password required when using a bind DN 11 Failed to add key to keytab 12 Failed to close keytab 13 Host is already enrolled 14 LDAP failure 15 Incorrect bulk password 16 Host name must be fully-qualified 17 XML-RPC fault 18 Principal not found in host entry 19 Unable to generate Kerberos credentials cache 20 Unenrollment result not in XML-RPC response 21 Failed to get default Kerberos realm SEE ALSO
ipa-rmkeytab(1) ipa-client-install(1) IPA
Oct 8 2009 ipa-join(1)