|
|
Sponsored Content
Operating Systems
Solaris
kerberos security
Post 66007 by RTM on Thursday 10th of March 2005 09:49:58 AM
03-10-2005
|
|
10 More Discussions You Might Find Interesting
1. Cybersecurity
I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos.
So Anybody ca tell me how can I disable it?
Thank you (1 Reply)
Discussion started by: dansanmex
1 Replies
2. HP-UX
I am getting the following error message when trying to login to the client:
while verifying tgt
If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23
Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies
3. AIX
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies
4. AIX
I was wondering if any of you have used NFS4 with KERBEROS in a HACMP setup and environment with more than 1 resourcegroup that has NFS mount in them.
I Configures the host keys for an Network File System (NFS) server I get stuck with the nfshostkey
I can only add one at a time per system so... (0 Replies)
Discussion started by: ravager
0 Replies
5. UNIX for Dummies Questions & Answers
Hi,
We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model.
Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies
6. Programming
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies
7. AIX
Good day
I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.
When I ran kinit username I get a ticket and I can display it using klist.
When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies
8. AIX
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Discussion started by: PassLine
11 Replies
9. OS X (Apple)
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies
10. UNIX for Dummies Questions & Answers
Hi ,
I am trying to authenticate my id on client server with Kerberos and receiving below error
kinit rpagadala@BDC.soft.net
kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials
Please find krb5.conf on the client server configuration which is... (1 Reply)
Discussion started by: Tomlight
1 Replies
LEARN ABOUT LINUX
gsscred
gsscred(1M) System Administration Commands gsscred(1M) NAME
gsscred - add, remove and list gsscred table entries SYNOPSIS
gsscred [ -n user [-o oid] [-u uid]] [-c comment] -m mech -a gsscred [ -n user [-o oid]] [-u uid] [-m mech] -r gsscred [ -n user [-o oid]] [-u uid] [-m mech] -l DESCRIPTION
The gsscred utility is used to create and maintain a mapping between a security principal name and a local UNIX uid. The format of the user name is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to specify the object identifier of the name type. The OID must be specified in dot-separated notation, for example: 1.2.3.45464.3.1 The gsscred table is used on server machines to lookup the uid of incoming clients connected using RPCSEC_GSS. When adding users, if no user name is specified, an entry is created in the table for each user from the passwd table. If no comment is specified, the gsscred utility inserts a comment that specifies the user name as an ASCII string and the GSS-APIsecurity mechanism that applies to it. The security mechanism will be in string representation as defined in the /etc/gss/mech file. The parameters are interpreted the same way by the gsscred utility to delete users as they are to create users. At least one of the follow- ing options must be specified: -n, -u, or -m. If no security mechanism is specified, then all entries will be deleted for the user identi- fied by either the uid or user name. If only the security mechanism is specified, then all user entries for that security mechanism will be deleted. Again, the parameters are interpreted the same way by the gsscred utility to search for users as they are to create users. If no options are specified, then the entire table is returned. If the user name or uid is specified, then all entries for that user are returned. If a security mechanism is specified, then all user entries for that security mechanism are returned. OPTIONS
-a Add a table entry. -c comment Insert comment about this table entry. -l Search table for entry. -m mech Specify the mechanism for which this name is to be translated. -n user Specify the optional principal name. -o oid Specify the OID indicating the name type of the user. -r Remove the entry from the table. -u uid Specify the uid for the user if the user is not local. EXAMPLES
Example 1: Creating a gsscred Table for the Kerberos v5 Security Mechanism The following shows how to create a gsscred table for the kerberos v5 security mechanism. gsscred obtains user names and uid's from the passwd table to populate the table. example% gsscred -m kerberos_v5 -a Example 2: Adding an Entry for root/host1 for the Kerberos v5 Security Mechanism The following shows how to add an entry for root/host1 with a specified uid of 0 for the kerberos v5 security mechanism. example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a Example 3: Listing All User Mappings for the Kerberos v5 Security Mechanism The following lists all user mappings for the kerberos v5 security mechanism. example% gsscred -m kerberos_v5 -l Example 4: Listing All Mappings for All Security Mechanism for a Specified User The following lists all mappings for all security mechanisms for the user bsimpson. example% gsscred -n bsimpson -l EXIT STATUS
The following exit values are returned: 0 Successful completion. >0 An error occurred. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWgss | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
gssd(1m), See gsscred.conf(4), attributes(5) NOTES
Some GSS mechanisms, such as kerberos_v5, provide their own authenticated-name-to-local-name (uid) mapping and thus do not usually have to be mapped using gsscred. See gsscred.conf(4) for more information. SunOS 5.10 11 Feb 2004 gsscred(1M)