10 More Discussions You Might Find Interesting
1. Red Hat
Hello,
we got a high security network which is completely offline.
We want to use a Sync Host like described here in the Redhat documentation for Sattelite 6.
I have the following Questions:
- We need the complete Repository not only the main one how much space we need for this ?
- Can... (2 Replies)
Discussion started by: izual
2 Replies
2. AIX
I'm New to AIX / VIOS
We're doing a FC switch cutover on an ibm device, connected via SAN.
How do I tell if one path to my remote disk is lost? (aix lvm)
How do I tell when my link is down on my HBA port?
Appreciate your help, very much! (4 Replies)
Discussion started by: BG_JrAdmin
4 Replies
3. Solaris
Hi All
Kindly let me know how can I move Solaris 10 OS running update 10 on physical machine to another machine solaris zone running Solaris 10 update 11 (2 Replies)
Discussion started by: amity
2 Replies
4. Cybersecurity
Hello guys,
I'm currently working on replacing old server and it's migration from SuSe
SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 4
to the RedHat
Red Hat Enterprise Linux Server release 6.4 (Santiago)
Problem seems be in migration of users passwords,... (2 Replies)
Discussion started by: brusell
2 Replies
5. Red Hat
Hi, I am fairly new to Linux. I have a Win XP host machine where I am running a Redhat virtual machine using VMplayer. I have a tool in the VM that I need to run using some input data located on the host machine. How can I share files between the host and the VM? I need to be able to read/write... (3 Replies)
Discussion started by: ilyaz
3 Replies
6. UNIX for Dummies Questions & Answers
Hi,
We are currently using solaris 9 on sunfire v240 and strongly considering to migrate to redhat enterprise. But we are not sure if we can install redhat enterprise on sunfire WS . Although, we will purchase a X64 machine we also want to use sunfire machine.
can we install redhat on sunfire... (2 Replies)
Discussion started by: titanic
2 Replies
7. UNIX for Advanced & Expert Users
I do a ssh to remote host(A1) from local host(L1). I then ssh to another remote(A2) from A1.
When I do a who -m from A2, I see the "connected from" as "A1".
=> who -m
userid pts/2 2010-03-27 08:47 (A1)
I want to identify who is the local host who initiated the connection to... (3 Replies)
Discussion started by: gomes1333
3 Replies
8. Red Hat
Hi All
when I give the command,
$ ping <hostname>
I get the following error
ping: unknown host <hostname>
I have checked in the following files,
/etc/sysconfig/network
/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf
Every where in these files host name and IP address are given... (2 Replies)
Discussion started by: nagapradeep
2 Replies
9. HP-UX
Hi,
We are planning to do migration from HP-UX to Redhat linux. We have 1300 makefiels. Is there any difference between HP-UX make and GNU make? Is there any tutorial on that?
Regards
hari_anj (0 Replies)
Discussion started by: hari_anj
0 Replies
10. UNIX for Dummies Questions & Answers
I'm looking for some sort of provider that I can connect to through a browser and subsequently open an ssh connection to another host. client based applet type solutions are blocked by firewall (2 Replies)
Discussion started by: dirtybrown
2 Replies
pam_krb5_migrate(5) Standards, Environments, and Macros pam_krb5_migrate(5)
NAME
pam_krb5_migrate - authentication PAM module for the KerberosV5 auto-migration of users feature
SYNOPSIS
/usr/lib/security/pam_krb5_migrate.so.1
DESCRIPTION
The KerberosV5 auto-migrate service module for PAM provides functionality for the PAM authentication component. The service module helps in
the automatic migration of PAM_USER to the client's local Kerberos realm, using PAM_AUTHTOK (the PAM authentication token associated with
PAM_USER) as the new Kerberos principal's password.
KerberosV5 Auto-migrate Authentication Module
The KerberosV5 auto-migrate authentication component provides the pam_sm_authenticate(3PAM) function to migrate a user who does not have a
corresponding krb5 principal account to the default Kerberos realm of the client.
pam_sm_authenticate(3PAM) uses a host-based client service principal, present in the local keytab (/etc/krb5/krb5.keytab) to authenticate
to kadmind(1M) (defaults to the host/nodename.fqdn service principal), for the principal creation operation. Also, for successful creation
of the krb5 user principal account, the host-based client service principal being used needs to be assigned the appropriate privilege on
the master KDC's kadm5.acl(4) file. kadmind(1M) checks for the appropriate privilege and validates the user password using PAM by calling
pam_authenticate(3PAM) and pam_acct_mgmt(3PAM) for the k5migrate service.
If migration of the user to the KerberosV5 infrastructure is successful, the module will inform users about it by means of a PAM_TEXT_INFO
message, unless instructed otherwise by the presence of the quiet option.
The authentication component always returns PAM_IGNORE and is meant to be stacked in pam.conf with a requirement that it be listed below
pam_authtok_get(5) in the authentication stack. Also, if pam_krb5_migrate is used in the authentication stack of a particular service, it
is mandatory that pam_krb5(5) be listed in the PAM account stack of that service for proper operation (see EXAMPLES).
OPTIONS
The following options can be passed to the KerberosV5 auto-migrate authentication module:
debug
Provides syslog(3C) debugging information at LOG_DEBUG level.
client_service=<service name>
Name of the service used to authenticate to kadmind(1M) defaults to host. This means that the module uses host/<nodename.fqdn> as its
client service principal name, KerberosV5 user principal creation operation or <service>/<nodename.fqdn> if this option is provided.
quiet
Do not explain KerberosV5 migration to the user.
This has the same effect as passing the PAM_SILENT flag to pam_sm_authenticate(3PAM) and is useful where applications cannot handle
PAM_TEXT_INFO messages.
If not set, the authentication component will issue a PAM_TEXT_INFO message after creation of the Kerberos V5 principal, indicating
that it has done so.
expire_pw
Causes the creation of KerberosV5 user principals with password expiration set to now (current time).
EXAMPLES
Example 1: Sample Entries from pam.conf
The following entries from pam.conf(4) demonstrate the use of the pam_krb5_migrate.so.1 module:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_krb5.so.1
login auth requisite pam_unix_auth.so.1
login auth optional pam_krb5_migrate.so.1 expire_pw
login auth required pam_dial_auth.so.1
other account requisite pam_roles.so.1
other account required pam_krb5.so.1
other account required pam_unix_account.so.1
The pam_krb5_migrate module can generally be present on the authorization stack of any service where the application calls pam_sm_authenti-
cate(3PAM) and an authentication token (in the preceding example, the authentication token would be the user's Unix password) is available
for use as a Kerberos V5 password.
Example 2: Sample Entries from kadm5.acl
The following entries from kadm5.acl(4) permit or deny privileges to the host client service principal:
host/*@ACME.COM U root
host/*@ACME.COM ui *
The preceding entries permit the pam_krb5_migrate add privilege to the host client service principal of any machine in the ACME.COM Ker-
berosV5 realm, but denies the add privilege to all host service principals for addition of the root user account.
Example 3: Sample Entries in pam.conf of the Master KDC
The entries below enable kadmind(1M) on the master KDC to use the k5migrate PAM service in order to validate Unix user passwords for
accounts that require migration to the Kerberos realm.
k5migrate auth required pam_unix_auth.so.1
k5migrate account required pam_unix_account.so.1
ATTRIBUTES
See attributes(5) for a description of the following attribute:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
kadmind(1M), syslog(3C), pam_authenticate(3PAM), pam_acct_mgmt(3PAM), pam_sm_authenticate(3PAM), kadm5.acl(4), pam.conf(4), attributes(5),
pam_authtok_get(5), pam_krb5(5)
SunOS 5.10 Jul 29 2004 pam_krb5_migrate(5)