Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Encrypt traffic between Solaris 8 hosts
Top Forums UNIX for Advanced & Expert Users Encrypt traffic between Solaris 8 hosts Post 62993 by blp001 on Tuesday 22nd of February 2005 06:09:36 AM
Old 02-22-2005
Encrypt traffic between Solaris 8 hosts
I have two Solaris 8 hosts that send data to one another throughout the day. It is a legacy system and the programs used are rdist, rcp and ftp. I have been asked to ensure that the data transferred is encrypted beween the two hosts.

My first thought was to replace these commands with ssh. However there are approximately 50 scripts and assorted programs that will need changing. Next I thought of the old Sun Skip program that will encrypt all traffic between the two hosts not matter what protocol is used. The problem with using Skip is that it is not supported on Solaris 9 or 10 so I do not have a long term solution.

Has anyone set up encryption between two Solaris hosts that encryts traffic no matter what the protocol?

Regards,
blp001
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remote hosts access problem on solaris

hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies

2. Solaris

Multiple Hosts on Solaris CDE window

I forgot how to configure multiple host servers on the my CDE windows in Solaris. I'll appreciate any help Thanks, Remi (2 Replies)
Discussion started by: Remi
2 Replies

3. UNIX for Dummies Questions & Answers

Traffic count in Solaris

Hello, Iam looking for a solution to keep track on my traffic usuage, monthly usuage. Anybody could recommend anything? /empty (2 Replies)
Discussion started by: empty
2 Replies

4. Red Hat

SSH broke and network traffic / talking issue between hosts and server

Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router. so -->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer. my... (0 Replies)
Discussion started by: tedeansiii
0 Replies

5. Solaris

Solaris 10 encrypt command: can't use heredocs

I'm trying to use the Solaris 10 "encrypt" command in a script. I want to encrypt a file called "database", but not using a keyfile, instead using a keyphrase. Running this from the cli requests the user to input "Enter key:" which is fair enough but I want to run this from a script. I've tried... (1 Reply)
Discussion started by: fixit9660
1 Replies

6. Solaris

[Solaris 10] /etc/hosts.allow

Hi, I am trying to find a Solaris 10 alternative to the HPUX inetd.sec functionality. I want to grant access to one service for one IP address only. # grep fme2eall /etc/services fme2eall 35000/tcp # svcs -a | grep fme2eall online Mar_09 ... (2 Replies)
Discussion started by: ejdv
2 Replies

7. Solaris

/etc/hosts.allow on Solaris 10

I added some entries in the /etc/hosts.allow on a Solaris 10 system. Do I need to bounce inetd? I have read some accounts where any changes made to the /etc/hosts.allow will be taken in automatically. And other accounts where you need to run: svcadm refresh inetd My... (1 Reply)
Discussion started by: snoman1
1 Replies

8. Solaris

Solaris Question - How to find outgoing traffic on UDP ports

Hello All, I am trying find a command that would show me the stats of outgoing traffic on UPD ports on a Solaris 10 box. I would appreciate if anybody could help me out on this. Thank you much!!! Best Regards Sudharma. (7 Replies)
Discussion started by: sudharma
7 Replies

9. Solaris

HBA data traffic monitor in Solaris 10.

Hi All We have T4-4 Server with 2 HBA configured for SAN connectivity. We want to monitor Data traffice going through these HBA. On other AIX system we have that capability with nmon. Following screen shows nmon HBA monitoring can we achieve same in Solaris 10. ... (1 Reply)
Discussion started by: uxravi
1 Replies

10. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

LEARN ABOUT PHP

krb5_auth_rules

krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME

       krb5_auth_rules - Overview of Kerberos V5 authorization

DESCRIPTION

       When  a	user  uses  kerberized	versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
       claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user  is  "who
       he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
       is permitted to access the Solaris user account that the client wants to access.

       Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file  should
       contain	a  Kerberos  principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
       the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.

       If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)).  If the  originating
       user's  Kerberos  V5  identity  is  in  the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
       client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
       the originating user is denied access.

       For  example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
       appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database  (see  passwd(4))  with  uid  23154,  then
       access to account jdb-user is granted.  Of course, normally, the target account name in this example would be jdb and not jdb-user.

       Finally,  if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
       be granted access to the account if and only if all of the following are true:

	 o  The user part of the authenticated principal name is the same as the target account name specified by the client.

	 o  The realm part of the client and server are the same.

	 o  The target account name exists on the server.

       For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM,  then  even	if
       jdb  is	a  valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
       differ.

FILES

       ~/.k5login      Per user-account authorization file.

       /etc/passwd     System account file. This information may also be in a directory service. See passwd(4).

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)

NOTES

       To avoid security problems, the ~/.k5login file must be owned by the remote user.

SunOS 5.10							    13 Apr 2004 						krb5_auth_rules(5)
All times are GMT -4. The time now is 09:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy