Query: pamkrbval
OS: hpux
Section: 1m
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
pamkrbval(1m) pamkrbval(1m)NAME- validates the PAM Kerberos configuration.SYNOPSIS{ pa32 | pa64 | ia32 | ia64 } [ verbose ] [ CIFS ]DESCRIPTIONverifies the PAM Kerberos related configuration files, and It also checks if the default realm KDC is running. This tool will help the administrator diagnose the problem. performs the following validations: Checks whether the control_flags and the module_types specified for the PAM Kerberos specific entries in the /etc/pam.conf file are valid. Checks whether the PAM Kerberos specific module_paths that are specified in exist. If the module_path name is not absolute it is assumed to be relative to The (i.e Instruction Set Architecture) token is replaced by this tool with for IA 32-bit option( ), or with for IA 64-bit option( ), or with null for PA 32-bit option( ), or with for PA 64-bit option( ). Checks whether the options specified for pam_krb5 library are valid PAM Kerberos options. Validates /etc/pam_user.conf file only if libpam_updbe is configured in /etc/pam.conf file. This validation will be similar to the /etc/pam.conf validation. Validates the syntax of the Kerberos configuration file, /etc/krb5.conf. Validates if the default realm KDC is issuing tickets. Atleast one KDC must reply to the ticket requests for the default realm. Validates the host service principal, in the file, if this file exists. If the keytab entry for this host service principal does not exist in the default keytab file, checks for the host service principal in the KDC. If the host service principal does not exist in the KDC, then ignores the validation and assumes success. If finds the host service principal in the KDC, issues the following warn- ing message: found on KDC but not found in keytab file. NOTE An entry in /etc/pam.conf file is considered to be PAM Kerberos entry if the file name in the module_path begins with An example of a PAM Kerberos entry in /etc/pam.conf is as shown: The machine is considered to be configured with libpam_updbe if the file name in the module_path of an entry in /etc/pam.conf begins with An example of a pam_updbe entry in /etc/pam.conf is as shown: LOGGING logs all messages to stdout. The log categories provided are: These messages are logged when verbose option is set. These messages are logged to notify the user about the erroneous lines in pam configuration files or to notify about the skipping of /etc/pam_user.conf file validation. These messages are logged when any of the above mentioned validation fails. These messages are logged to notify the user about a potentially erroneous configuration on the system that may result in validation failure. These messages are logged when any of the above mentioned validation succeeds. These messages are logged when validation of /etc/krb5.keytab is ignored. These messages are logged to inform the user about the exact problem in the pam configuration files. These messages will give some minimal help to the user to rectify the problem. If there are any or or messages then there is some problem in the appropriate section. The administrator should diagnose the prob- lem.OPTIONSverbose output { pa32 | pa64 | ia32 | ia64 } Depending on the architecture on which the validation need to be done this option needs to be set. The flags available are as listed below: for PA 32-bit architecture for PA 64-bit architecture for IA 32-bit architecture for IA 64-bit architecture Depending on this flag, in the module_path will be expanded as explained in the Description section of this manpage. Use this option if is configured on the system to enable validation of the keytab entry for Do not use this option if is not configured on the system.RETURN VALUEreturns the following exit codes: Successful configuration validation. Warnings were found during configuration validation. Errors were detected during configuration validation. FILES the kerberos client configuration file the pam configuration file The pam user configuration file The default location for the local host's keytab fileAUTHORwas developed by HP.SEE ALSOkrb5.conf(4), pam(3), pam_krb5(5), pam.conf(4), pam_updbe(5), pam_user.conf(4) pamkrbval(1m)
| Related Man Pages |
|---|
| pam_krb5_migrate(5) - opensolaris |
| pam_krb5_migrate(5) - suse |
| pam_krb5_migrate(5) - plan9 |
| pam_krb5_migrate(5) - linux |
| pam_krb5_migrate(5) - x11r4 |
| Similar Topics in the Unix Linux Community |
|---|
| User name on? |
| can't connect after a pam.conf modification |
| required configuration as mentioned .. |
| Still logged in problem |
| Put the numeric validation in user input when value is 5.1.2.3 |