I have a simple Apache setup that works fine when I create a keytab on a domain level authentication works fine. When I create a keytab at the forest level authentication does not work. I get the following error message. Does anyone know what I am doing wrong here? I validated there is the SPN is unique on the AD side.
I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos.
So Anybody ca tell me how can I disable it?
Thank you (1 Reply)
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
Dear Expert,
i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant.
... (2 Replies)
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies
LEARN ABOUT DEBIAN
pam_krb5_migrate
pam_krb5_migrate(7) Miscellaneous Information Manual pam_krb5_migrate(7)NAME
pam_krb5_migrate - Kerberos 5 Migration PAM module
SYNOPSIS
auth optional pam_krb5_migrate.so
DESCRIPTION
pam_krb5_migrate is a stackable authentication module that takes a username and password from an earlier module in the stack, and attempts
to transparently add them to a Kerberos realm using the Kerberos 5 kadmin service.
The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods
to a Kerberos-based setup.
OPTIONS
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
keytab=<file> use alternate keytab for authentication (default is /etc/security/pam_krb5.keytab).
min_uid=<uid> don't add principals for uids lower than <uid>. (default is 100)
principal=<name>
use the key for <name> instead of the default pam_migrate/<hostname> key
realm=<REALM> update the database for a realm other than the default realm.
AUTHOR
pam_krb5_migrate was written by Steve Langasek <vorlon@netexpress.net>. This manpage was assembled by Jelmer Vernooij <jelmer@samba.org>.
SEE ALSO kadmin(1), pam_krb5(5), pam(3), libpam(4).
13 November 2006 pam_krb5_migrate(7)