04-30-2015
You will need to create an AD user for that AIX machine.
Login initial with it to Windows and change the password (to any windows machine in domain), no need to load desktop.
Once you have the user operational, configure the user to it cannot change password and password never expires.
Then generate a kerberos keytab on domain controller (host keytab not HTTP) with ktpass for that user (representing your server), which you will copy as krb5.keytab to your AIX server.
Check NTP, AD and server should be in sync, or kerberos will fail to work.
Now, you should be able to do kinit user@DOMAIN to get a ticket and confirm it is working.
After that SSO should work (with putty or winscp) if user is defined on unix system and he is logged on to Windows domain.
I'm haven't worked with AIX in this regards, but this seems universal on all unix/linux systems.
This User Gave Thanks to Peasant For This Post:
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi there
I am a newbie. want to learn followings:
1. How can i create an mail only account.?
2. Where is the file containing mail accounts?What is the path?
3. Can i create mail accounts from PHP?
Thanx (3 Replies)
Discussion started by: vbs
3 Replies
2. UNIX for Advanced & Expert Users
Hello all:
I am new to UNIX and I am given the responsibility of administering a UNIX machine recently. The system is a IBM AIX 3.1. As a part of my duties I recently created some user accounts
using "smit". It looked as if everything went well. But, after creating the account, I logged into... (3 Replies)
Discussion started by: pdepa
3 Replies
3. Shell Programming and Scripting
I have found a script to create user accounts. But there are a few lines i dont understand. Can someone help me with this? Here's the code:
######################################
while ;
do
ACCT=${USER_ACCT}${START}
START=`expr $START + 1`
START=`echo ${START} | awk... (3 Replies)
Discussion started by: Sensor
3 Replies
4. HP-UX
Hello all,
I am trying to list all accounts that are still activated on a HP-UX trusted system. I have tried to do something with the modprpw command but can't think of any way. Can someone give me a hint? I am not looking for a whole script, this I can do it, but just a way to get that into a... (1 Reply)
Discussion started by: qfwfq
1 Replies
5. Post Here to Contact Site Administrators and Moderators
I have two different accounts under two names. That is my fault and I own that issue. I would like to combine the two account or just remove one of them. How do I go about doing that on this site. (1 Reply)
Discussion started by: crobinson
1 Replies
6. Post Here to Contact Site Administrators and Moderators
I have two accounts, one for gmail and one for all other Google applications. I would like to put the gmail account on the same account as the others.
I like Google, and all the products offered. However, it has been very difficult and frustrating to find this forum, and to figure out how to... (2 Replies)
Discussion started by: chaimelle
2 Replies
7. Solaris
Hi All,
How to know all the shells a user has access.
Thank you . (0 Replies)
Discussion started by: rama krishna
0 Replies
8. Shell Programming and Scripting
// AIX 6.1
In need of finding which AIX user accounts will be expired and are
locked.
I have placed the following parameters under /etc/security/user... (1 Reply)
Discussion started by: Daniel Gate
1 Replies
KTUTIL(8) BSD System Manager's Manual KTUTIL(8)
NAME
ktutil -- manage Kerberos keytabs
SYNOPSIS
ktutil [-k keytab | --keytab=keytab] [-v | --verbose] [--version] [-h | --help] command [args]
DESCRIPTION
ktutil is a program for managing keytabs. Supported options:
-v, --verbose
Verbose output.
command can be one of the following:
add [-p principal] [--principal=principal] [-V kvno] [--kvno=kvno] [-e enctype] [--enctype=enctype] [-w password] [--password=password] [-r]
[--random] [-s] [--no-salt] [-H] [--hex]
Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the
hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the get
command, which talks to the kadmin server.
change [-r realm] [--realm=realm] [--a host] [--admin-server=host] [--s port] [--server-port=port]
Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will
use the values specified by the options.
If no principals are given, all the ones in the keytab are updated.
copy keytab-src keytab-dest
Copies all the entries from keytab-src to keytab-dest.
get [-p admin principal] [--principal=admin principal] [-e enctype] [--enctypes=enctype] [-r realm] [--realm=realm] [-a admin server]
[--admin-server=admin server] [-s server port] [--server-port=server port] principal ...
For each principal, generate a new key for it (creating it if it doesn't already exist), and put that key in the keytab.
If no realm is specified, the realm to operate on is taken from the first principal.
list [--keys] [--timestamp]
List the keys stored in the keytab.
remove [-p principal] [--principal=principal] [-V -kvno] [--kvno=kvno] [-e -enctype] [--enctype=enctype]
Removes the specified key or keys. Not specifying a kvno removes keys with any version number. Not specifying an enctype removes
keys of any type.
rename from-principal to-principal
Renames all entries in the keytab that match the from-principal to to-principal.
purge [--age=age]
Removes all old versions of a key for which there is a newer version that is at least age (default one week) old.
SEE ALSO
kadmin(8)
HEIMDAL
April 14, 2005 HEIMDAL