8 More Discussions You Might Find Interesting
1. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
Write a script that displays all usernames and their UIDs in the following fashion:
name1 uid=999
name2... (2 Replies)
Discussion started by: baniel
2 Replies
2. UNIX and Linux Applications
Hi all,
I don't know how many times I've setup samba shares, but... It's been a while since the last time. The SID UID maps used to always seem random. I.E. if I had to move the data to another box, I'd have to note all of the SID / UID relations and write scripts to convert them on the new... (0 Replies)
Discussion started by: mph
0 Replies
3. Shell Programming and Scripting
Hello,
I do not know if this is the right title to use. I have a large dictionary database which has the following structure:
where a b c d e are in English and p q r s t are in a target language., the two separated by the delimiter =.
What I am looking for is a perl script which will take... (5 Replies)
Discussion started by: gimley
5 Replies
4. Solaris
Hi all,
I am bit confused about UIDs on my server where LDAP athentication happens. UIDs are generally in the range of 0-65534 for any Solaris OS version(correct if i am wrong). My server is running on Solaris 9. Below are user accounts available on my server.
... (10 Replies)
Discussion started by: vvpotugunta
10 Replies
5. UNIX for Advanced & Expert Users
Hi,
What is the best ways to keep UIDs and GIDs consistent across unix and linux server. my company have a servers running on hpux, linux, aix and many of them have veritas cluster and hacmp running, many time user account have been created only on one of the cluster node and not the others... (4 Replies)
Discussion started by: robertngo
4 Replies
6. AIX
We have a problem where we delete a user and their associated UID gets dumped back in the UID pool. The if we immediately create a another (new) user, AIX reuses the last UID, the one that was just released. This is causing a problem when reports are being generated because the new users name is... (2 Replies)
Discussion started by: xsys2000
2 Replies
7. HP-UX
Hi ,
I am using adduser in hp-ux to create users in Hp-ux.
i would like to know what are the valid values for uids and gids in hp-ux
what are the rannges for the valid uids .
How to check what are the used uids in Hp-ux .
Thanks
Narendra babu C (7 Replies)
Discussion started by: naren_chella
7 Replies
8. UNIX for Dummies Questions & Answers
hello guys,
well as i mentioned first i have a serious problem, i need your help.
i have a hosting plan with linux, apache and php.
i have a script (that have my UID=32256) inside my web site (in the panel folder -see below-) that creates new scripts (in the pages folder) (the new scripts... (1 Reply)
Discussion started by: mehdi
1 Replies
pam_krb5(5) System Administrator's Manual pam_krb5(5)
NAME
pam_krb5 - Kerberos 5 authentication
DESCRIPTION
pam_krb5.so uses a portion of krb5.conf to get its configuration information. You should read the krb5.conf(5) man page before continuing
here. The module expects its configuration information to be in the pam subsection of the appdefaults section of the krb5.conf configura-
tion file (for backward compatibility, the pam section is also checked for the same directives).
DIRECTIVES
debug=[true|false]
turns on debugging via syslog(3).
addressless=[true|false]
disables the checking of the address in the ticket. Allows the ticket to be used from behind NAT firewalls, or on machines whose IP
address changes regularly.
banner=Kerberos
specifies what kind of password the module claims to be changing when called to change passwords. The default is Kerberos 5.
ccache_dir=/tmp
specifies the directory to place credential cache files in.
forwardable=[true|false]
controls whether or not credentials are forwardable. If not specified, they are.
hosts=hostnames
specifies which other hosts credentials obtained by pam_krb5 will be good on. If your host is behind a firewall, you should add the
IP address or name that the KDC sees it as to this list.
initial_timemout
specifies the number of seconds to wait for the first KDC to respond, before attempting incremental backoff.
keytab=/etc/krb5.keytab
specifies the name of a keytab file to find a key for the required_tgs in, for use in validating TGTs.
krb4_convert=[true|false]
controls whether or not pam_krb5 tries to get Kerberos IV credentials from the KDC (or using the krb524d service on the KDC) and cre-
ate ticket files with them. Unless you've converted everything on your network over to use Kerberos 5, you'll want to leave this set
to true. Note that this requires valid Kerberos IV configuration data to be present in /etc/krb.conf and /etc/krb.realms.
max_timeout=30
specifies the maximum amount of time to spend in attempting to get a reply from the KDCs, in seconds. This in effect determines the
amount of time before PAM tries the next authentication scheme, if the network is not available.
minimum_uid=0
specifies the minimum UID of users being authenticated. If a user with a UID less than this value attempts authentication, the
request will be ignored.
proxiable=[true|false]
controls whether or not credentials are proxiable. If not specified, they are.
renew_lifetime=36000
default renewable lifetime. This specifies how much time you have after getting credentials to renew them.
required_tgs=[service]
specifies a principal for which a user must be able to get a session key for for the purpose of verifying that the TGT has not been
forged. The key is decrypted using a copy of the service's key stored in a local keytab file. This is the only certain way to be
absolutely sure the TGT hasn't been forged. The default is host@hostname.
ticket_lifetime=36000
default credential lifetime.
timeout_shift
specifies the number of bits left to shift after each timeout, in implementing the incremental backoff in talking to the KDCs.
validate=[true|false]
specifies whether or not to attempt validation of the TGT. The default is false.
EXAMPLE
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
hosts = thermo.example.edu alf.example.edu
validate = true
required_tgs = host/thermo.example.edu
ccache_dir = /var/tmp
}
FILES
/etc/krb5.conf
SEE ALSO
pam_krb5(8)
BUGS
Probably, but let's hope not. If you find any, please email the author.
AUTHOR
Nalin Dahyabhai <nalin@redhat.com>
Red Hat Linux 2002/02/15 pam_krb5(5)