08-31-2013
GSSAPI is an interface tool. It allows C code or java code to access disparate authentication systems using an identical methodology. It often runs against Kerberos.
I do not know definitely if there is a way to "turn off" something like this, but I do not believe you can. The cause is an underlying security setting for system #2. Are you using LDAP or Active Directory? Consider getting your AD folks to look at what the user account settings are with regard to the HPUX box. The authentication in your example did NOT fail, BTW.
This User Gave Thanks to jim mcnamara For This Post:
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there any ftp CLIENT(either freeware or sharware) can support passive mode else ncftp?
Thanks! (2 Replies)
Discussion started by: coolmans
2 Replies
2. UNIX for Dummies Questions & Answers
How do i disable anonymous ftp on a unix system?????? Please help!!!!!!!1 (2 Replies)
Discussion started by: rrivas
2 Replies
3. UNIX for Advanced & Expert Users
Hi there, how can i disable the possibility of accessing hp-ux with ftp in the web browser?
is there any way to do this?
thanks (2 Replies)
Discussion started by: vascobrito
2 Replies
4. UNIX for Dummies Questions & Answers
These are the warning messages I am getting but the FTP works fine.How do I get rid of these?
220 FTP server (SunOS 5.8) ready.
500 'AUTH GSSAPI': command not understood.
500 'AUTH KERBEROS_V4': command not understood.
KERBEROS_V4 rejected as an authentication type (0 Replies)
Discussion started by: csviking
0 Replies
5. AIX
Hello,
I have AIX machine communication to mainframe machine. From AIX machine, i have to use always SSH communication. For this, i have created SSH tunnel in AIX machine and using FTP with SSH.
Now both connections are working:
1) only FTP to mainframe machine
2) create SSH and do FTP... (3 Replies)
Discussion started by: balareddy
3 Replies
6. Solaris
HI all,
I am using Solaris 10 and would like to know if it possible to disable ftp use for a single entry in my /etc/hosts file.
Thanks (5 Replies)
Discussion started by: pxy2d1
5 Replies
7. Solaris
Configure ldap client:
I have configured my ldapclient with the AuthenticationMethod=simple and with the credentialLevel=proxy. However, as soon as i want to set the AuthenticationMethod=sasl/GSSAPI, and credentiallevel=self, then it fails to configure. Kerberos is already setup successfully. The... (0 Replies)
Discussion started by: Henk Trumpie
0 Replies
8. HP-UX
hi everybody,
I can easily enable /disable the FTP service from SAM, how can I do this via command line? using inetd? how?
cheers,
messi (1 Reply)
Discussion started by: messi777
1 Replies
9. Red Hat
Hi Experts,
While trying ftp from newly setup Linux box it is giving following error.
GSSAPI error major:Unspecified GSS failure.Minor code may provide more information
GSSAPI error minor:Unknown code krb5 195
GSSAPI error:initializing context
GSSAPI authntication failed
504 AUTH... (1 Reply)
Discussion started by: sai_2507
1 Replies
10. Solaris
Running Solaris 10. For FTP users or groups, I want to prevent them from creating new subdirectories, but I still want to allow them to create, upload, download files from the subdirs.
I understand how to set the general file/directory permissions -- read, write, execute. So for a directory,... (0 Replies)
Discussion started by: themonman
0 Replies
LEARN ABOUT FREEBSD
pam_ksu
PAM_KSU(8) BSD System Manager's Manual PAM_KSU(8)
NAME
pam_ksu -- Kerberos 5 SU PAM module
SYNOPSIS
[service-name] module-type control-flag pam_ksu [options]
DESCRIPTION
The Kerberos 5 SU authentication service module for PAM, pam_ksu for only one PAM category: authentication. In terms of the module-type
parameter, this is the ``auth'' feature. The module is specifically designed to be used with the su(1) utility.
Kerberos 5 SU Authentication Module
The Kerberos 5 SU authentication component provides functions to verify the identity of a user (pam_sm_authenticate()), and determine whether
or not the user is authorized to obtain the privileges of the target account. If the target account is ``root'', then the Kerberos 5 princi-
pal used for authentication and authorization will be the ``root'' instance of the current user, e.g. ``user/root@REAL.M''. Otherwise, the
principal will simply be the current user's default principal, e.g. ``user@REAL.M''.
The user is prompted for a password if necessary. Authorization is performed by comparing the Kerberos 5 principal with those listed in the
.k5login file in the target account's home directory (e.g. /root/.k5login for root).
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a
password. This option has no effect if the authentication module is the first in the stack, or if no previous modules
obtained the user's password.
try_first_pass This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
prompted for another password.
SEE ALSO
su(1), syslog(3), pam.conf(5), pam(8)
BSD
May 15, 2002 BSD