Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Remote shell with Win 2000
Special Forums Cybersecurity Remote shell with Win 2000 Post 4113 by Neo on Wednesday 18th of July 2001 08:17:25 PM
Old 07-18-2001
I recommend that you use Kerberos V5 is the W2K environment and then Kerberize your rsh environment on UNIX OR:

Run SSH client on W2K and SSHD services on UNIX.

Normally, without these security extras, I disable r-commands.

Perhaps someone else has a better answer to your question ?
 

8 More Discussions You Might Find Interesting

1. Programming

ftp a file from remote pc of win 2000

Hello. I am programming in C on HP-UNIX system,i want ftp a file from remote pc which is window 2000 system,i donot how config my HP-UNIX and pc, i donot how program in C or in shell. Thank you for help. (3 Replies)
Discussion started by: bdyjm
3 Replies

2. Windows & DOS: Issues & Discussions

win 2000

Dear user sorry if the subject is not for that fourm .. but I get mad .. I wana solve that problem.. I started my new semster .. and last semster.. and there I use the net under a very huge list of restriction .. no msn massenger .. no yahoo massenger .. no underground site .. no fourms (I am ... (2 Replies)
Discussion started by: RuDe_BuT_CoOoL
2 Replies

3. UNIX for Dummies Questions & Answers

Using Samba to join a win 2000 Domain

I am trying to set samba up to join my windows 2000 domain and I am having troubles If anyone if familiar with this help would be greatly appreciated I issue the following command # ./smbpasswd -j DOMAIN -r DOMAINCONTROLER And the following gets returned load_client_codepage: filename... (4 Replies)
Discussion started by: gennaro
4 Replies

4. UNIX for Dummies Questions & Answers

Freebsd and win 2000 working 2gether?

Hi Brothers, Please, I've just purchased a new PC and I would like to have both win 2000 and freebsd in the same hard drive, ( 40GB and 128Mb ) can you please help how to set up my new hard drive , please! Thank you..... aka Polymorphous (2 Replies)
Discussion started by: Polymorphous
2 Replies

5. Programming

A C++ programing Shell on Win

Hello I need to translade the power of unix command shell (grep, sed, awk, wc, etc..) to windows. In my work every day I administrate 15 unix server ans 18 windows server, and I have the problem the absolutly limitation of windows shell. I´m a system administrator but I know programming. I... (2 Replies)
Discussion started by: dalmus
2 Replies

6. UNIX for Dummies Questions & Answers

Remote access from Windows 2000 into Solaris 8

All, I am looking for the easiest solution that will let me remote access from a Windows 2000 client into a Solaris 8 server. Any suggestions? Thanks Kevin (3 Replies)
Discussion started by: Kevin1166
3 Replies

7. Windows & DOS: Issues & Discussions

shell and vImproved for win env

i have pleasure in using shell scripts and vi editor. VI Improved on Linux is also good. Is there a way that allows using shell as command interpretor and VIm as editor to work on windows? (not vi.exe) any help....... (1 Reply)
Discussion started by: paresh n doshi
1 Replies

8. Shell Programming and Scripting

Execute a shell script in UNIX m/c from win 7 using ksh

I need to run a shell script on unix machine from windows 7. I used the "RSH" command in win XP successfully for this, But on win 7 it is not working. Can any body tell me how to run RSH on win 7 or any other command for similar use. I use the command as below rsh <unix m/c> -l <username>... (1 Reply)
Discussion started by: arup1980
1 Replies

LEARN ABOUT CENTOS

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 03:15 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy