I have a simple Apache setup that works fine when I create a keytab on a domain level authentication works fine. When I create a keytab at the forest level authentication does not work. I get the following error message. Does anyone know what I am doing wrong here? I validated there is the SPN is unique on the AD side.
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Dear Expert,
i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant.
... (2 Replies)
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos.
So Anybody ca tell me how can I disable it?
Thank you (1 Reply)
K5SRVUTIL(1) General Commands Manual K5SRVUTIL(1)NAME
k5srvutil - host key table (keytab) manipulation utility
SYNOPSIS
k5srvutil operation [ -i ] [ -f filename ]
DESCRIPTION
k5srvutil allows a system manager to list or change keys currently in his keytab or to add new keys to the keytab.
Operation must be one of the following:
list lists the keys in a keytab showing version number and principal name.
change changes all the keys in the keytab to new randomly-generated keys, updating the keys in the Kerberos server's database to match
by using the kadmin protocol. If a key's version number doesn't match the version number stored in the Kerberos server's data-
base, then the operation will fail. The old keys are retained so that existing tickets continue to work. If the -i flag is
given, k5srvutil will prompt for yes or no before changing each key. If the -k option is used, the old and new keys will be dis-
played.
delold Deletes keys that are not the most recent version from the keytab. This operation should be used some time after a change opera-
tion to remove old keys. If the -i flag is used, then the program prompts the user whether the old keys associated with each
principal should be removed.
delete deletes particular keys in the keytab, interactively prompting for each key.
In all cases, the default file used is /etc/krb5.keytab file
unless this is overridden by the -f option.
k5srvutil uses the kadmin program to edit the keytab in place. However, old keys are retained, so they are available in case of failure.
SEE ALSO kadmin(8), ktutil(8)K5SRVUTIL(1)