Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
To:
And /etc/pam.d/sudo from:
To:
Also to uncomment / add the following lines in /etc/sshd_config:
This results in two issues. One is that /tmp/ fills up with dozens or hundreds of krb5cc-XXXXXX files The other is that sudo attempts always fail on the first attempt with the error:
To top that off, they still complain about "invalid credentials" on some hosts. I have a very strong feeling that they know less about Kerberos than I do, which is saying something, as I don't know much more than how to spell it :-) I tried klist, but could't get anything more useful than:
Googling hasn't helped me... the references I can find to those errors are nonspecific and usually include others (like "Kerberos refuses you" or something).
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
@kah00na and all others,
i have done al steps of the HowTo "Authenticate AIX users from MSActive Directory", found in this forum, but it still does not work.
The test with kinit USERNAME works fine. But if i try to login i get the "UNKNOWN_USER" error in the debug.log.All steps to change... (11 Replies)
I have AD (active directory) user, "asdf", created and a matching local AIX user name. Using "kinit", I can successfully authenticate it against the MS AD but when they I try to login via SSH with the same user name, it doesn't work. How can I get AIX to allow kerberos authentication as a valid... (1 Reply)
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
I was wondering if any of you have used NFS4 with KERBEROS in a HACMP setup and environment with more than 1 resourcegroup that has NFS mount in them.
I Configures the host keys for an Network File System (NFS) server I get stuck with the nfshostkey
I can only add one at a time per system so... (0 Replies)
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Hello,
I started to install Solaris 10 on my x86 box and am not sure if I need to set up Kerberos and/or DNS if my box is a standalone workstation connected to the internet using a cable modem and router.
Specifically, I know kerberos is good for security, but I'm not sure what to enter in... (2 Replies)
I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos.
So Anybody ca tell me how can I disable it?
Thank you (1 Reply)