9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I am installing Authen::Krb5::Easy and during make test I am getting the follwing error :
kinit not ok 2
error was: could not get initial credentials: Cannot contact any KDC for requested realm
we are stroring krb5.conf in diff location ( not in /etc/krb5.conf) , but, PERL is... (1 Reply)
Discussion started by: talashil
1 Replies
2. Shell Programming and Scripting
Hi All,
I am currently writing script to get the details for lot of hosts from jump server. Means each and every time it will ssh to the host and get the information. To achieve that I need to automatically accept the password from Jump server to that main hosts. We are using kerberos password... (6 Replies)
Discussion started by: kamauv234
6 Replies
3. UNIX for Dummies Questions & Answers
Hi ,
I am trying to authenticate my id on client server with Kerberos and receiving below error
kinit rpagadala@BDC.soft.net
kinit: Cannot contact any KDC for realm 'BDC.soft.net' while getting initial credentials
Please find krb5.conf on the client server configuration which is... (1 Reply)
Discussion started by: Tomlight
1 Replies
4. OS X (Apple)
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies
5. AIX
I've configured an AIX 5.3 client to use our Windows AD for user authentication via Kerberos.
When I try to ssh to the server using the AD credentials, I eventually get access but not after getting prompted for a password 3 times (which doesn't work) followed by an accepted login on the 4th... (3 Replies)
Discussion started by: jmroderick
3 Replies
6. Red Hat
Hi,
I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS.
The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies
7. Linux
Hi,
Anyone can point me a good link to setup IPSec using racoon IKE which uses gssapi_krb authentication method?
I have a debain linux box and Windows 2003R2 system, and I want them to communicate using IPSec.
Thanks,
Emily. (0 Replies)
Discussion started by: egyfan
0 Replies
8. UNIX for Dummies Questions & Answers
Hi,
We've configured Kerberos to authenticate AIX 5.3 users with Active Directory and I now have to port an application written in C to the new security model.
Currently, our users can login as normal and running a "klist" command reveals that they have been successfully granted a ticket. ... (2 Replies)
Discussion started by: phykell
2 Replies
9. AIX
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies
ipa-rmkeytab(1) IPA Manual Pages ipa-rmkeytab(1)
NAME
ipa-rmkeytab - Remove a kerberos principal from a keytab
SYNOPSIS
ipa-rmkeytab [ -p principal-name ] [ -k keytab-file ] [ -r realm ] [ -d ]
DESCRIPTION
Removes a kerberos principal from a keytab.
Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or
keys) for a kerberos principal.
A kerberos service principal is a kerberos identity that can be used for authentication. Service principals contain the name of the ser-
vice, the hostname of the server, and the realm name.
ipa-rmkeytab provides two ways to remove principals. A specific principal can be removed or all principals for a given realm can be
removed.
All encryption types and versions of a principal are removed.
The realm may be included when removing a specific principal but it is not required.
NOTE: removing a principal from the keytab does not affect the Kerberos principal stored in the IPA server. It merely removes the entry
from the local keytab.
OPTIONS
-p principal-name
The non-realm part of the full principal name.
-k keytab-file
The keytab file to append the principal(s) from.
-r realm
A realm to remove all principals for.
-d Debug mode. Additional information is displayed.
EXAMPLES
Remove the NFS service principal on the host foo.example.com from /tmp/nfs.keytab.
# ipa-rmkeytab -p nfs/foo.example.com -k /tmp/nfs.keytab
Remove the ldap service principal on the host foo.example.com from /etc/krb5.keytab.
# ipa-rmkeytab -p ldap/foo.example.com -k /etc/krb5.keytab
Remove all principals for the realm EXAMPLE.COM.
# ipa-rmkeytab -r EXAMPLE.COM -k /etc/krb5.keytab
EXIT STATUS
The exit status is 0 on success, nonzero on error.
1 Kerberos initialization failed
2 Memory allocation error
3 Unable to open keytab
4 Unable to parse the principal name
5 Principal name or realm not found in keytab
6 Unable to remove principal from keytab
IPA
Oct 30 2009 ipa-rmkeytab(1)