12-06-2005
LDAP/Kerberos Issue
I am getting the following error message when trying to login to the client:
while verifying tgt[Unknown code ____ 255]
If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23
Does anyone have any ideas?
10 More Discussions You Might Find Interesting
1. Linux
Hi,
I believe this is an ldap issue, but am not sure how to solve it as I haven't used ldap in the past. Any help is greatly appreciated.
I had my linux machine on one subnet and moved it to another without realizing. It had a static IP, and once this was realized, we moved it back to the... (3 Replies)
Discussion started by: user23
3 Replies
2. AIX
Good day
I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.
When I ran kinit username I get a ticket and I can display it using klist.
When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies
3. UNIX for Advanced & Expert Users
Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is..
I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies
4. Solaris
Hi, FYI, I'm new in Solaris
I'm trying to use Kerberos on authenticating LDAP Client with the Active Directory on Windows Server 2003 on both Solaris 10 5/08 and Solaris 10 9/10 by referring to the pdf file kerberos_s10.pdf available at sun official site.
... (0 Replies)
Discussion started by: chongzh
0 Replies
5. UNIX for Advanced & Expert Users
Hello,
I'm new to Centos and to openldap. I am by trade a Solaris Admin. I'm experimenting with openldap and thought Linux would be easier to install and setup openldap on, so far this is true. The problem I'm having is that I can't get the client server to authenticate to the openldap server. I... (1 Reply)
Discussion started by: bitlord
1 Replies
6. Linux
This is more of an annoyance than an actual production issue. I've set it up so that each user's home directory is mounted to an immediate subdirectory of $HOME when they login, (and umounts when they log out to keep /proc/mounts a manageable size).
My issue comes in when my login scripts... (0 Replies)
Discussion started by: thmnetwork
0 Replies
7. AIX
The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.
Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being... (2 Replies)
Discussion started by: jgeiger
2 Replies
8. AIX
Hi,
I am trying to authenticate AIX server against a IDS LDAP instance.
The AIX version is 6.1 and TDS client is 6.1.
I configured the secldapclntd using ldap.cfg file and changed /etc/security/user to set SYSTEM=LDAP, registry=LDAP for one user. Below are the ldap.cfg configurations -
... (5 Replies)
Discussion started by: vs1
5 Replies
9. UNIX for Advanced & Expert Users
Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX?
I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies
10. Solaris
Need assistance in resolving the below LDAP issue on Solaris 11. I am new to LDAP .
root@hrapps51:/var/svc/manifest# ldaplist -v
+++ database=NULL
+++ filter=objectclass=*
+++ template for merging SSD filter=%s
ldaplist: Object not found (LDAP ERROR (50): Insufficient access.) (1 Reply)
Discussion started by: ajayram_arya
1 Replies
LEARN ABOUT PLAN9
login.krb5
LOGIN(8) System Manager's Manual LOGIN(8)
NAME
login.krb5 - kerberos enhanced login program
SYNOPSIS
login.krb5 [-p] [-fFe username] [-r | -k | -K | -h hostname]
DESCRIPTION
login.krb5 is a modification of the BSD login program which is used for two functions. It is the sub-process used by krlogind and telnetd
to initiate a user session and it is a replacement for the command-line login program which, when invoked with a password, acquires Ker-
beros tickets for the user.
login.krb5 will prompt for a username, or take one on the command line, as login.krb5 username and will then prompt for a password. This
password will be used to acquire Kerberos Version 5 tickets (if possible.) It will also attempt to run aklog to get AFS tokens for the
user. The version 5 tickets will be tested against a local krb5.keytab if it is available, in order to verify the tickets, before letting
the user in. However, if the password matches the entry in /etc/passwd the user will be unconditionally allowed (permitting use of the
machine in case of network failure.)
OPTIONS
-p preserve the current environment
-r hostname
pass hostname to rlogind. Must be the last argument.
-h hostname
pass hostname to telnetd, etc. Must be the last argument.
-f name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-F name
Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root.
-e name
Perform pre-authenticated, encrypted login. Must do term negotiation.
CONFIGURATION
login.krb5 is also configured via krb5.conf using the login stanza. A collection of options dealing with initial authentication are pro-
vided:
krb5_get_tickets
Use password to get V5 tickets. Default value true.
krb_run_aklog
Attempt to run aklog. Default value false.
aklog_path
Where to find it [not yet implemented.] Default value $(prefix)/bin/aklog.
accept_passwd
Don't accept plaintext passwords [not yet implemented]. Default value false.
DIAGNOSTICS
All diagnostic messages are returned on the connection or tty associated with stderr.
SEE ALSO
rlogind(8), rlogin(1), telnetd(8)
LOGIN(8)